From null at suse.de Wed Apr 1 08:30:12 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 08:30:12 -0000 Subject: SUSE-RU-2026:1161-1: important: Recommended update for gnome-shell Message-ID: <177503221280.385.1931610526804630011@f480087f4571> # Recommended update for gnome-shell Announcement ID: SUSE-RU-2026:1161-1 Release Date: 2026-03-31T17:21:15Z Rating: important References: * bsc#1235036 * bsc#1258238 Affected Products: * Desktop Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 An update that has two fixes can now be installed. ## Description: This update for gnome-shell fixes the following issues: * Fix: L3: GDM smartcard login hangs/fails after PIN entry (bsc#1258238) * Don't assume this._user is always defined * Fix: GNOME Shell built-in screencast feature does not work (bsc#1235036) * Correct expected bus name for streams ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1161=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1161=1 ## Package List: * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * gnome-shell-devel-45.3-150700.11.3.1 * gnome-extensions-45.3-150700.11.3.1 * gnome-shell-debuginfo-45.3-150700.11.3.1 * gnome-shell-45.3-150700.11.3.1 * gnome-shell-debugsource-45.3-150700.11.3.1 * Desktop Applications Module 15-SP7 (noarch) * gnome-shell-lang-45.3-150700.11.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * gnome-shell-calendar-45.3-150700.11.3.1 * gnome-shell-debuginfo-45.3-150700.11.3.1 * gnome-shell-debugsource-45.3-150700.11.3.1 * gnome-shell-calendar-debuginfo-45.3-150700.11.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1235036 * https://bugzilla.suse.com/show_bug.cgi?id=1258238 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:30:20 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:30:20 -0000 Subject: SUSE-SU-2026:20947-1: important: Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) Message-ID: <177504662055.568.11816016537737734431@634a8d224e68> # Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:20947-1 Release Date: 2026-03-25T18:17:14Z Rating: important References: * bsc#1255052 * bsc#1255053 * bsc#1255378 * bsc#1255402 * bsc#1255895 * bsc#1256624 * bsc#1256644 * bsc#1257669 Cross-References: * CVE-2025-40214 * CVE-2025-40258 * CVE-2025-40284 * CVE-2025-40297 * CVE-2025-68284 * CVE-2025-68285 * CVE-2025-68813 * CVE-2025-71085 CVSS scores: * CVE-2025-40214 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40214 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40258 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40258 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40284 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40284 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40297 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40297 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68284 ( SUSE ): 7.0 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-68285 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68813 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: * CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1255052). * CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053). * CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669). * CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895). * CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378). * CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402). * CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644). * CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-448=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_2-debugsource-4-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-4-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-debuginfo-4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40214.html * https://www.suse.com/security/cve/CVE-2025-40258.html * https://www.suse.com/security/cve/CVE-2025-40284.html * https://www.suse.com/security/cve/CVE-2025-40297.html * https://www.suse.com/security/cve/CVE-2025-68284.html * https://www.suse.com/security/cve/CVE-2025-68285.html * https://www.suse.com/security/cve/CVE-2025-68813.html * https://www.suse.com/security/cve/CVE-2025-71085.html * https://bugzilla.suse.com/show_bug.cgi?id=1255052 * https://bugzilla.suse.com/show_bug.cgi?id=1255053 * https://bugzilla.suse.com/show_bug.cgi?id=1255378 * https://bugzilla.suse.com/show_bug.cgi?id=1255402 * https://bugzilla.suse.com/show_bug.cgi?id=1255895 * https://bugzilla.suse.com/show_bug.cgi?id=1256624 * https://bugzilla.suse.com/show_bug.cgi?id=1256644 * https://bugzilla.suse.com/show_bug.cgi?id=1257669 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:30:36 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:30:36 -0000 Subject: SUSE-SU-2026:20946-1: important: Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Message-ID: <177504663609.568.13051562346769901659@634a8d224e68> # Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:20946-1 Release Date: 2026-03-25T18:09:48Z Rating: important References: * bsc#1247240 * bsc#1255052 * bsc#1255053 * bsc#1255378 * bsc#1255402 * bsc#1255895 * bsc#1256624 * bsc#1256644 * bsc#1257669 Cross-References: * CVE-2025-38488 * CVE-2025-40214 * CVE-2025-40258 * CVE-2025-40284 * CVE-2025-40297 * CVE-2025-68284 * CVE-2025-68285 * CVE-2025-68813 * CVE-2025-71085 CVSS scores: * CVE-2025-38488 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38488 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38488 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40214 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40214 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40258 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40258 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40284 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40284 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40297 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40297 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68284 ( SUSE ): 7.0 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-68285 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68813 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves nine vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: * CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240). * CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1255052). * CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053). * CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669). * CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895). * CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378). * CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402). * CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644). * CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-446=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_5-default-debuginfo-8-160000.4.3 * kernel-livepatch-SLE16_Update_0-debugsource-8-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-8-160000.4.3 ## References: * https://www.suse.com/security/cve/CVE-2025-38488.html * https://www.suse.com/security/cve/CVE-2025-40214.html * https://www.suse.com/security/cve/CVE-2025-40258.html * https://www.suse.com/security/cve/CVE-2025-40284.html * https://www.suse.com/security/cve/CVE-2025-40297.html * https://www.suse.com/security/cve/CVE-2025-68284.html * https://www.suse.com/security/cve/CVE-2025-68285.html * https://www.suse.com/security/cve/CVE-2025-68813.html * https://www.suse.com/security/cve/CVE-2025-71085.html * https://bugzilla.suse.com/show_bug.cgi?id=1247240 * https://bugzilla.suse.com/show_bug.cgi?id=1255052 * https://bugzilla.suse.com/show_bug.cgi?id=1255053 * https://bugzilla.suse.com/show_bug.cgi?id=1255378 * https://bugzilla.suse.com/show_bug.cgi?id=1255402 * https://bugzilla.suse.com/show_bug.cgi?id=1255895 * https://bugzilla.suse.com/show_bug.cgi?id=1256624 * https://bugzilla.suse.com/show_bug.cgi?id=1256644 * https://bugzilla.suse.com/show_bug.cgi?id=1257669 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:30:49 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:30:49 -0000 Subject: SUSE-SU-2026:20945-1: important: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Message-ID: <177504664973.568.12321150723309800445@634a8d224e68> # Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:20945-1 Release Date: 2026-03-25T18:08:48Z Rating: important References: * bsc#1255052 * bsc#1255053 * bsc#1255378 * bsc#1255402 * bsc#1255895 * bsc#1256624 * bsc#1256644 * bsc#1257669 Cross-References: * CVE-2025-40214 * CVE-2025-40258 * CVE-2025-40284 * CVE-2025-40297 * CVE-2025-68284 * CVE-2025-68285 * CVE-2025-68813 * CVE-2025-71085 CVSS scores: * CVE-2025-40214 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40214 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40258 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40258 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40284 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40284 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40297 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40297 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68284 ( SUSE ): 7.0 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-68285 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68813 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: * CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1255052). * CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053). * CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed (bsc#1257669). * CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895). * CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378). * CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402). * CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644). * CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-447=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_1-debugsource-6-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-6-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-debuginfo-6-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40214.html * https://www.suse.com/security/cve/CVE-2025-40258.html * https://www.suse.com/security/cve/CVE-2025-40284.html * https://www.suse.com/security/cve/CVE-2025-40297.html * https://www.suse.com/security/cve/CVE-2025-68284.html * https://www.suse.com/security/cve/CVE-2025-68285.html * https://www.suse.com/security/cve/CVE-2025-68813.html * https://www.suse.com/security/cve/CVE-2025-71085.html * https://bugzilla.suse.com/show_bug.cgi?id=1255052 * https://bugzilla.suse.com/show_bug.cgi?id=1255053 * https://bugzilla.suse.com/show_bug.cgi?id=1255378 * https://bugzilla.suse.com/show_bug.cgi?id=1255402 * https://bugzilla.suse.com/show_bug.cgi?id=1255895 * https://bugzilla.suse.com/show_bug.cgi?id=1256624 * https://bugzilla.suse.com/show_bug.cgi?id=1256644 * https://bugzilla.suse.com/show_bug.cgi?id=1257669 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:31:02 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:31:02 -0000 Subject: SUSE-SU-2026:20944-1: important: Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Message-ID: <177504666203.568.23876762628691946@634a8d224e68> # Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:20944-1 Release Date: 2026-03-25T06:45:19Z Rating: important References: * bsc#1255052 * bsc#1255053 * bsc#1255378 * bsc#1255402 * bsc#1255895 * bsc#1256624 * bsc#1256644 Cross-References: * CVE-2025-40214 * CVE-2025-40258 * CVE-2025-40297 * CVE-2025-68284 * CVE-2025-68285 * CVE-2025-68813 * CVE-2025-71085 CVSS scores: * CVE-2025-40214 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40214 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40258 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40258 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40297 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40297 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68284 ( SUSE ): 7.0 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68284 ( SUSE ): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2025-68285 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68285 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68813 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues The following security issues were fixed: * CVE-2025-40214: af_unix: Initialise scc_index in unix_add_edge() (bsc#1255052). * CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1255053). * CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255895). * CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255378). * CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255402). * CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644). * CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-441=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_8-default-3-160000.1.1 * kernel-livepatch-SLE16_Update_3-debugsource-3-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-debuginfo-3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40214.html * https://www.suse.com/security/cve/CVE-2025-40258.html * https://www.suse.com/security/cve/CVE-2025-40297.html * https://www.suse.com/security/cve/CVE-2025-68284.html * https://www.suse.com/security/cve/CVE-2025-68285.html * https://www.suse.com/security/cve/CVE-2025-68813.html * https://www.suse.com/security/cve/CVE-2025-71085.html * https://bugzilla.suse.com/show_bug.cgi?id=1255052 * https://bugzilla.suse.com/show_bug.cgi?id=1255053 * https://bugzilla.suse.com/show_bug.cgi?id=1255378 * https://bugzilla.suse.com/show_bug.cgi?id=1255402 * https://bugzilla.suse.com/show_bug.cgi?id=1255895 * https://bugzilla.suse.com/show_bug.cgi?id=1256624 * https://bugzilla.suse.com/show_bug.cgi?id=1256644 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:31:06 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:31:06 -0000 Subject: SUSE-SU-2026:20943-1: important: Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) Message-ID: <177504666643.568.8506082485551825129@634a8d224e68> # Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:20943-1 Release Date: 2026-03-25T05:42:56Z Rating: important References: * bsc#1256624 * bsc#1256644 Cross-References: * CVE-2025-68813 * CVE-2025-71085 CVSS scores: * CVE-2025-68813 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68813 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues The following security issues were fixed: * CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644). * CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256624). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-440=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_9-default-debuginfo-2-160000.1.1 * kernel-livepatch-SLE16_Update_4-debugsource-2-160000.1.1 * kernel-livepatch-6_12_0-160000_9-default-2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68813.html * https://www.suse.com/security/cve/CVE-2025-71085.html * https://bugzilla.suse.com/show_bug.cgi?id=1256624 * https://bugzilla.suse.com/show_bug.cgi?id=1256644 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:31:07 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:31:07 -0000 Subject: SUSE-SU-2026:20942-1: important: Security update for the initial kernel livepatch Message-ID: <177504666766.568.9288033291628275561@634a8d224e68> # Security update for the initial kernel livepatch Announcement ID: SUSE-SU-2026:20942-1 Release Date: 2026-03-24T20:14:20Z Rating: important References: Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that can now be installed. ## Description: This update contains initial livepatches for the SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel update. ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-436=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_27-default-1-160000.1.1 * kernel-livepatch-SLE16_Update_6-debugsource-1-160000.1.1 * kernel-livepatch-6_12_0-160000_27-default-debuginfo-1-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:31:17 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:31:17 -0000 Subject: SUSE-SU-2026:20941-1: moderate: Security update for ucode-intel Message-ID: <177504667724.568.11189434348986911321@634a8d224e68> # Security update for ucode-intel Announcement ID: SUSE-SU-2026:20941-1 Release Date: 2026-03-19T09:31:38Z Rating: moderate References: * bsc#1229129 * bsc#1230400 * bsc#1249138 * bsc#1253319 * bsc#1258046 Cross-References: * CVE-2024-24853 * CVE-2025-31648 CVSS scores: * CVE-2024-24853 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2024-24853 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H * CVE-2025-31648 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-31648 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N * CVE-2025-31648 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-31648 ( NVD ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities and has three fixes can now be installed. ## Description: This update for ucode-intel fixes the following issues: * Intel CPU Microcode was updated to the 20260210 release (bsc#1258046): * CVE-2024-24853: Updated fix for incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access (bsc#1229129). * CVE-2025-31648: Improper handling of values in the microcode flow for some Intel Processor Family may allow an escalation of privilege (bsc#1258046). * Intel CPU Microcode was updated to the 20251111 release (bsc#1253319): * Update for functional issues. * switch the supplements to use supplements + kernel to allow moving a installation to Intel hardware (bsc#1249138) * Intel CPU Microcode was updated to the 20241029 release (bsc#1230400): * Update for functional issues. ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-415=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (x86_64) * ucode-intel-20260210-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-24853.html * https://www.suse.com/security/cve/CVE-2025-31648.html * https://bugzilla.suse.com/show_bug.cgi?id=1229129 * https://bugzilla.suse.com/show_bug.cgi?id=1230400 * https://bugzilla.suse.com/show_bug.cgi?id=1249138 * https://bugzilla.suse.com/show_bug.cgi?id=1253319 * https://bugzilla.suse.com/show_bug.cgi?id=1258046 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:31:38 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:31:38 -0000 Subject: SUSE-SU-2026:20940-1: moderate: Security update for net-tools Message-ID: <177504669888.568.12385574192004376323@634a8d224e68> # Security update for net-tools Announcement ID: SUSE-SU-2026:20940-1 Release Date: 2026-03-26T15:12:43Z Rating: moderate References: * bsc#1243581 * bsc#1248410 * bsc#1248687 * bsc#142461 * bsc#430864 * bsc#544339 Cross-References: * CVE-2025-46836 CVSS scores: * CVE-2025-46836 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-46836 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-46836 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability and has five fixes can now be installed. ## Description: This update for net-tools fixes the following issues: * Fix stack buffer overflow in parse_hex (bsc#1248687, GHSA-h667-qrp8-gj58). * Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687, GHSA-w7jq- cmw2-cq59). * Avoid unsafe memcpy in ifconfig (bsc#1248687). * Prevent overflow in ax25 and netrom (bsc#1248687) * Keep possibility to enter long interface names, even if they are not accepted by the kernel, because it was always possible up to CVE-2025-46836 fix. But issue a warning about an interface name concatenation (bsc#1248410). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-454=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * net-tools-debugsource-2.10-160000.3.1 * net-tools-2.10-160000.3.1 * net-tools-debuginfo-2.10-160000.3.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * net-tools-lang-2.10-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-46836.html * https://bugzilla.suse.com/show_bug.cgi?id=1243581 * https://bugzilla.suse.com/show_bug.cgi?id=1248410 * https://bugzilla.suse.com/show_bug.cgi?id=1248687 * https://bugzilla.suse.com/show_bug.cgi?id=142461 * https://bugzilla.suse.com/show_bug.cgi?id=430864 * https://bugzilla.suse.com/show_bug.cgi?id=544339 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:31:42 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:31:42 -0000 Subject: SUSE-RU-2026:20939-1: moderate: Recommended update for az-cli-cmd Message-ID: <177504670279.568.5907418666030197600@634a8d224e68> # Recommended update for az-cli-cmd Announcement ID: SUSE-RU-2026:20939-1 Release Date: 2026-03-26T12:02:57Z Rating: moderate References: * bsc#1259604 Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that has one fix can now be installed. ## Description: This update for az-cli-cmd fixes the following issues: Changes in az-cli-cmd: * Fix install/upgrade/removal With the release of flake-pilot 3.1.27 a force option for registration and deregistration has been added. This allows for a simpler registration processing in the spec file of the -cmd package. This commit adds registration and deregistration helper scripts and calls them as part of the spec pre/post processing macros. The macro setup makes sure: 1. The flake gets registered as %post install action 2. The flake gets deregistered as %preun uninstall (no upgrade) action With regards to the already released package and the existing macro code the following applies: The %postun code from the old package runs after the %post code of the new package and only in upgrade mode. This would harm the registration which is the reason why we again call register_az in %posttrans which is the last action of the entire transaction and ensures the registration will be effective This Fixes bsc#1259604 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-453=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * az-cli-cmd-1.37.1-160000.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1259604 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:31:47 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:31:47 -0000 Subject: SUSE-RU-2026:20938-1: moderate: Recommended update for gdb Message-ID: <177504670769.568.5870765474299476175@634a8d224e68> # Recommended update for gdb Announcement ID: SUSE-RU-2026:20938-1 Release Date: 2026-03-26T10:27:34Z Rating: moderate References: * bsc#1250033 Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that has one fix can now be installed. ## Description: This update for gdb fixes the following issues: Changes in gdb: * fixes some bugs * fix hang on whatis (bsc#1250033, swo#33480): ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-451=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * gdb-debugsource-16.3-160000.3.1 * gdbserver-debuginfo-16.3-160000.3.1 * gdb-debuginfo-16.3-160000.3.1 * gdb-16.3-160000.3.1 * gdbserver-16.3-160000.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1250033 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:31:48 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:31:48 -0000 Subject: SUSE-RU-2026:20937-1: moderate: Recommended update for mozilla-nspr Message-ID: <177504670873.568.13096839337917902913@634a8d224e68> # Recommended update for mozilla-nspr Announcement ID: SUSE-RU-2026:20937-1 Release Date: 2026-03-26T10:22:05Z Rating: moderate References: Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that can now be installed. ## Description: This update for mozilla-nspr fixes the following issues: Update to NSPR 4.36.2: * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 Update to NSPR 4.36.1: * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-452=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * mozilla-nspr-debuginfo-4.36.2-160000.1.1 * mozilla-nspr-devel-4.36.2-160000.1.1 * mozilla-nspr-4.36.2-160000.1.1 * mozilla-nspr-debugsource-4.36.2-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:31:51 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:31:51 -0000 Subject: SUSE-SU-2026:20936-1: important: Security update for openexr Message-ID: <177504671175.568.6111589834898385010@634a8d224e68> # Security update for openexr Announcement ID: SUSE-SU-2026:20936-1 Release Date: 2026-03-26T10:03:06Z Rating: important References: * bsc#1259177 Cross-References: * CVE-2026-27622 CVSS scores: * CVE-2026-27622 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-27622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27622 ( NVD ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for openexr fixes the following issue: * CVE-2026-27622: crafted multipart deep EXR can cause an heap out-of-bound write (bsc#1259177). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-450=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * openexr-debuginfo-3.2.2-160000.5.1 * libIex-3_2-31-debuginfo-3.2.2-160000.5.1 * libOpenEXR-3_2-31-3.2.2-160000.5.1 * libIlmThread-3_2-31-debuginfo-3.2.2-160000.5.1 * libOpenEXRCore-3_2-31-debuginfo-3.2.2-160000.5.1 * libOpenEXRUtil-3_2-31-debuginfo-3.2.2-160000.5.1 * openexr-3.2.2-160000.5.1 * openexr-debugsource-3.2.2-160000.5.1 * libIlmThread-3_2-31-3.2.2-160000.5.1 * libOpenEXRCore-3_2-31-3.2.2-160000.5.1 * libIex-3_2-31-3.2.2-160000.5.1 * libOpenEXRUtil-3_2-31-3.2.2-160000.5.1 * libOpenEXR-3_2-31-debuginfo-3.2.2-160000.5.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * openexr-doc-3.2.2-160000.5.1 * SUSE Linux Enterprise Server - BCI 16.0 (x86_64) * libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.5.1 * libOpenEXRCore-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.5.1 * libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.5.1 * libIex-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.5.1 * libIex-3_2-31-x86-64-v3-3.2.2-160000.5.1 * libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.5.1 * libOpenEXR-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.5.1 * libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.5.1 * libIlmThread-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.5.1 * libOpenEXRUtil-3_2-31-x86-64-v3-debuginfo-3.2.2-160000.5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27622.html * https://bugzilla.suse.com/show_bug.cgi?id=1259177 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:31:54 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:31:54 -0000 Subject: SUSE-SU-2026:20935-1: moderate: Security update for fetchmail Message-ID: <177504671451.568.9270578278602941031@634a8d224e68> # Security update for fetchmail Announcement ID: SUSE-SU-2026:20935-1 Release Date: 2026-03-26T09:57:56Z Rating: moderate References: * bsc#1251194 Cross-References: * CVE-2025-61962 CVSS scores: * CVE-2025-61962 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61962 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for fetchmail fixes the following issues: * CVE-2025-61962: Fixed denial of service (bsc#1251194) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-449=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * fetchmail-debugsource-6.5.2-160000.3.1 * fetchmail-6.5.2-160000.3.1 * fetchmail-debuginfo-6.5.2-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-61962.html * https://bugzilla.suse.com/show_bug.cgi?id=1251194 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:31:57 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:31:57 -0000 Subject: SUSE-SU-2026:20934-1: important: Security update for python-PyJWT Message-ID: <177504671751.568.4206246634702243322@634a8d224e68> # Security update for python-PyJWT Announcement ID: SUSE-SU-2026:20934-1 Release Date: 2026-03-25T18:08:48Z Rating: important References: * bsc#1259616 Cross-References: * CVE-2026-32597 CVSS scores: * CVE-2026-32597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-32597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-32597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-PyJWT fixes the following issue: Update to PyJWT 2.12.1: * CVE-2026-32597: PyJWT accepts unknown `crit` header extensions (bsc#1259616). Changelog: Update to 2.12.1: * Add missing typing_extensions dependency for Python < 3.11 in #1150 Update to 2.12.0: * Annotate PyJWKSet.keys for pyright by @tamird in #1134 * Close HTTPError response to prevent ResourceWarning on Python 3.14 by @veeceey in #1133 * Do not keep algorithms dict in PyJWK instances by @akx in #1143 * Use PyJWK algorithm when encoding without explicit algorithm in #1148 * Docs: Add PyJWKClient API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache). Update to 2.11.0: * Enforce ECDSA curve validation per RFC 7518 Section 3.4. * Fix build system warnings by @kurtmckee in #1105 * Validate key against allowed types for Algorithm family in #964 * Add iterator for JWKSet in #1041 * Validate iss claim is a string during encoding and decoding by @pachewise in #1040 * Improve typing/logic for options in decode, decode_complete by @pachewise in #1045 * Declare float supported type for lifespan and timeout by @nikitagashkov in #1068 * Fix SyntaxWarnings/DeprecationWarnings caused by invalid escape sequences by @kurtmckee in #1103 * Development: Build a shared wheel once to speed up test suite setup times by @kurtmckee in #1114 * Development: Test type annotations across all supported Python versions, increase the strictness of the type checking, and remove the mypy pre-commit hook by @kurtmckee in #1112 * Support Python 3.14, and test against PyPy 3.10 and 3.11 by @kurtmckee in #1104 * Development: Migrate to build to test package building in CI by @kurtmckee in #1108 * Development: Improve coverage config and eliminate unused test suite code by @kurtmckee in #1115 * Docs: Standardize CHANGELOG links to PRs by @kurtmckee in #1110 * Docs: Fix Read the Docs builds by @kurtmckee in #1111 * Docs: Add example of using leeway with nbf by @djw8605 in #1034 * Docs: Refactored docs with autodoc; added PyJWS and jwt.algorithms docs by @pachewise in #1045 * Docs: Documentation improvements for "sub" and "jti" claims by @cleder in #1088 * Development: Add pyupgrade as a pre-commit hook by @kurtmckee in #1109 * Add minimum key length validation for HMAC and RSA keys (CWE-326). Warns by default via InsecureKeyLengthWarning when keys are below minimum recommended lengths per RFC 7518 Section 3.2 (HMAC) and NIST SP 800-131A (RSA). Pass enforce_minimum_key_length=True in options to PyJWT or PyJWS to raise InvalidKeyError instead. * Refactor PyJWT to own an internal PyJWS instance instead of calling global api_jws functions. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-445=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * python313-PyJWT-2.12.1-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32597.html * https://bugzilla.suse.com/show_bug.cgi?id=1259616 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:32:01 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:32:01 -0000 Subject: SUSE-SU-2026:20933-1: moderate: Security update for python-ldap Message-ID: <177504672184.568.14274149626226941059@634a8d224e68> # Security update for python-ldap Announcement ID: SUSE-SU-2026:20933-1 Release Date: 2026-03-25T10:40:32Z Rating: moderate References: * bsc#1251912 * bsc#1251913 Cross-References: * CVE-2025-61911 * CVE-2025-61912 CVSS scores: * CVE-2025-61911 ( SUSE ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-61911 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-61911 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-61911 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-61912 ( SUSE ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-61912 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-61912 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-61912 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-ldap fixes the following issues: * CVE-2025-61911: Enforce str for escape_filter_chars (bsc#1251912). * CVE-2025-61912: Escape NULs as per RFC 4514 in escape_dn_chars (bsc#1251913). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-443=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * python313-ldap-debuginfo-3.4.4-160000.3.1 * python-ldap-debugsource-3.4.4-160000.3.1 * python313-ldap-3.4.4-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-61911.html * https://www.suse.com/security/cve/CVE-2025-61912.html * https://bugzilla.suse.com/show_bug.cgi?id=1251912 * https://bugzilla.suse.com/show_bug.cgi?id=1251913 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:32:04 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:32:04 -0000 Subject: SUSE-SU-2026:20932-1: moderate: Security update for ffmpeg-7 Message-ID: <177504672477.568.11637523295636701589@634a8d224e68> # Security update for ffmpeg-7 Announcement ID: SUSE-SU-2026:20932-1 Release Date: 2026-03-25T10:03:00Z Rating: moderate References: * bsc#1246790 Cross-References: * CVE-2025-7700 CVSS scores: * CVE-2025-7700 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-7700 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-7700 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for ffmpeg-7 fixes the following issues: * Updated to version 7.1.2: * avcodec/librsvgdec: fix compilation with librsvg 2.50.3 * libavfilter/af_firequalizer: Add check for av_malloc_array() * avcodec/libsvtav1: unbreak build with latest svtav1 * avformat/hls: Fix Youtube AAC * Various bugfixes. * CVE-2025-7700: Fixed NULL Pointer Dereference in ALS Decoder (bsc#1246790) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-442=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * libavformat61-debuginfo-7.1.2-160000.1.1 * libavcodec61-debuginfo-7.1.2-160000.1.1 * ffmpeg-7-debuginfo-7.1.2-160000.1.1 * libavdevice61-debuginfo-7.1.2-160000.1.1 * libavdevice61-7.1.2-160000.1.1 * libavfilter10-7.1.2-160000.1.1 * libavutil59-debuginfo-7.1.2-160000.1.1 * libpostproc58-7.1.2-160000.1.1 * ffmpeg-7-7.1.2-160000.1.1 * libpostproc58-debuginfo-7.1.2-160000.1.1 * libswscale8-7.1.2-160000.1.1 * libswscale8-debuginfo-7.1.2-160000.1.1 * libavutil59-7.1.2-160000.1.1 * libavformat61-7.1.2-160000.1.1 * libswresample5-7.1.2-160000.1.1 * ffmpeg-7-debugsource-7.1.2-160000.1.1 * libswresample5-debuginfo-7.1.2-160000.1.1 * libavfilter10-debuginfo-7.1.2-160000.1.1 * libavcodec61-7.1.2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-7700.html * https://bugzilla.suse.com/show_bug.cgi?id=1246790 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:37:29 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:37:29 -0000 Subject: SUSE-SU-2026:20931-1: important: Security update for the Linux Kernel Message-ID: <177504704928.568.244129894788827761@634a8d224e68> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:20931-1 Release Date: 2026-03-25T08:49:52Z Rating: important References: * bsc#1234634 * bsc#1249590 * bsc#1250748 * bsc#1251135 * bsc#1251966 * bsc#1251971 * bsc#1252008 * bsc#1252266 * bsc#1252911 * bsc#1252924 * bsc#1253129 * bsc#1253691 * bsc#1254817 * bsc#1254928 * bsc#1255129 * bsc#1255144 * bsc#1255148 * bsc#1255311 * bsc#1255490 * bsc#1255572 * bsc#1255721 * bsc#1255868 * bsc#1256640 * bsc#1256675 * bsc#1256679 * bsc#1256708 * bsc#1256732 * bsc#1256784 * bsc#1256802 * bsc#1256865 * bsc#1256867 * bsc#1257154 * bsc#1257174 * bsc#1257209 * bsc#1257222 * bsc#1257228 * bsc#1257231 * bsc#1257246 * bsc#1257332 * bsc#1257466 * bsc#1257472 * bsc#1257473 * bsc#1257551 * bsc#1257552 * bsc#1257553 * bsc#1257554 * bsc#1257556 * bsc#1257557 * bsc#1257559 * bsc#1257560 * bsc#1257561 * bsc#1257562 * bsc#1257565 * bsc#1257570 * bsc#1257572 * bsc#1257573 * bsc#1257576 * bsc#1257579 * bsc#1257580 * bsc#1257581 * bsc#1257586 * bsc#1257600 * bsc#1257631 * bsc#1257635 * bsc#1257679 * bsc#1257682 * bsc#1257686 * bsc#1257687 * bsc#1257688 * bsc#1257704 * bsc#1257705 * bsc#1257706 * bsc#1257707 * bsc#1257709 * bsc#1257714 * bsc#1257715 * bsc#1257716 * bsc#1257718 * bsc#1257722 * bsc#1257723 * bsc#1257726 * bsc#1257729 * bsc#1257730 * bsc#1257732 * bsc#1257734 * bsc#1257735 * bsc#1257737 * bsc#1257739 * bsc#1257740 * bsc#1257741 * bsc#1257742 * bsc#1257743 * bsc#1257745 * bsc#1257749 * bsc#1257750 * bsc#1257755 * bsc#1257757 * bsc#1257758 * bsc#1257759 * bsc#1257761 * bsc#1257762 * bsc#1257763 * bsc#1257765 * bsc#1257768 * bsc#1257770 * bsc#1257772 * bsc#1257775 * bsc#1257776 * bsc#1257788 * bsc#1257789 * bsc#1257790 * bsc#1257805 * bsc#1257808 * bsc#1257809 * bsc#1257811 * bsc#1257813 * bsc#1257814 * bsc#1257815 * bsc#1257816 * bsc#1257817 * bsc#1257818 * bsc#1257830 * bsc#1257942 * bsc#1257952 * bsc#1258153 * bsc#1258181 * bsc#1258184 * bsc#1258222 * bsc#1258232 * bsc#1258234 * bsc#1258237 * bsc#1258245 * bsc#1258249 * bsc#1258252 * bsc#1258256 * bsc#1258258 * bsc#1258259 * bsc#1258272 * bsc#1258273 * bsc#1258276 * bsc#1258277 * bsc#1258279 * bsc#1258286 * bsc#1258289 * bsc#1258290 * bsc#1258297 * bsc#1258298 * bsc#1258299 * bsc#1258303 * bsc#1258304 * bsc#1258308 * bsc#1258309 * bsc#1258313 * bsc#1258317 * bsc#1258321 * bsc#1258323 * bsc#1258324 * bsc#1258326 * bsc#1258331 * bsc#1258338 * bsc#1258349 * bsc#1258354 * bsc#1258355 * bsc#1258358 * bsc#1258374 * bsc#1258376 * bsc#1258377 * bsc#1258379 * bsc#1258389 * bsc#1258394 * bsc#1258395 * bsc#1258397 * bsc#1258411 * bsc#1258415 * bsc#1258419 * bsc#1258421 * bsc#1258422 * bsc#1258424 * bsc#1258429 * bsc#1258430 * bsc#1258442 * bsc#1258455 * bsc#1258461 * bsc#1258464 * bsc#1258465 * bsc#1258468 * bsc#1258469 * bsc#1258483 * bsc#1258484 * bsc#1258489 * bsc#1258517 * bsc#1258518 * bsc#1258519 * bsc#1258520 * bsc#1258524 * bsc#1258544 * bsc#1258660 * bsc#1258672 * bsc#1258824 * bsc#1259329 * jsc#PED-11563 * jsc#PED-14156 Cross-References: * CVE-2025-39753 * CVE-2025-39964 * CVE-2025-40099 * CVE-2025-40103 * CVE-2025-40230 * CVE-2025-68173 * CVE-2025-68186 * CVE-2025-68292 * CVE-2025-68295 * CVE-2025-68329 * CVE-2025-68371 * CVE-2025-68745 * CVE-2025-68785 * CVE-2025-68810 * CVE-2025-68818 * CVE-2025-71071 * CVE-2025-71104 * CVE-2025-71125 * CVE-2025-71134 * CVE-2025-71161 * CVE-2025-71182 * CVE-2025-71183 * CVE-2025-71184 * CVE-2025-71185 * CVE-2025-71186 * CVE-2025-71188 * CVE-2025-71189 * CVE-2025-71190 * CVE-2025-71191 * CVE-2025-71192 * CVE-2025-71193 * CVE-2025-71194 * CVE-2025-71195 * CVE-2025-71196 * CVE-2025-71197 * CVE-2025-71198 * CVE-2025-71199 * CVE-2025-71200 * CVE-2025-71222 * CVE-2025-71224 * CVE-2025-71225 * CVE-2025-71229 * CVE-2025-71231 * CVE-2025-71232 * CVE-2025-71233 * CVE-2025-71234 * CVE-2025-71235 * CVE-2025-71236 * CVE-2026-22979 * CVE-2026-22980 * CVE-2026-22998 * CVE-2026-23003 * CVE-2026-23004 * CVE-2026-23010 * CVE-2026-23017 * CVE-2026-23018 * CVE-2026-23021 * CVE-2026-23022 * CVE-2026-23023 * CVE-2026-23024 * CVE-2026-23026 * CVE-2026-23030 * CVE-2026-23031 * CVE-2026-23033 * CVE-2026-23035 * CVE-2026-23037 * CVE-2026-23038 * CVE-2026-23042 * CVE-2026-23047 * CVE-2026-23049 * CVE-2026-23050 * CVE-2026-23053 * CVE-2026-23054 * CVE-2026-23055 * CVE-2026-23056 * CVE-2026-23057 * CVE-2026-23058 * CVE-2026-23059 * CVE-2026-23060 * CVE-2026-23061 * CVE-2026-23062 * CVE-2026-23063 * CVE-2026-23064 * CVE-2026-23065 * CVE-2026-23066 * CVE-2026-23068 * CVE-2026-23069 * CVE-2026-23070 * CVE-2026-23071 * CVE-2026-23073 * CVE-2026-23074 * CVE-2026-23076 * CVE-2026-23078 * CVE-2026-23080 * CVE-2026-23082 * CVE-2026-23083 * CVE-2026-23084 * CVE-2026-23085 * CVE-2026-23086 * CVE-2026-23088 * CVE-2026-23089 * CVE-2026-23090 * CVE-2026-23091 * CVE-2026-23094 * CVE-2026-23095 * CVE-2026-23096 * CVE-2026-23097 * CVE-2026-23099 * CVE-2026-23100 * CVE-2026-23101 * CVE-2026-23102 * CVE-2026-23104 * CVE-2026-23105 * CVE-2026-23107 * CVE-2026-23108 * CVE-2026-23110 * CVE-2026-23111 * CVE-2026-23112 * CVE-2026-23116 * CVE-2026-23119 * CVE-2026-23121 * CVE-2026-23123 * CVE-2026-23128 * CVE-2026-23129 * CVE-2026-23131 * CVE-2026-23133 * CVE-2026-23135 * CVE-2026-23136 * CVE-2026-23137 * CVE-2026-23139 * CVE-2026-23141 * CVE-2026-23142 * CVE-2026-23144 * CVE-2026-23145 * CVE-2026-23146 * CVE-2026-23148 * CVE-2026-23150 * CVE-2026-23151 * CVE-2026-23152 * CVE-2026-23154 * CVE-2026-23155 * CVE-2026-23156 * CVE-2026-23157 * CVE-2026-23158 * CVE-2026-23161 * CVE-2026-23163 * CVE-2026-23166 * CVE-2026-23167 * CVE-2026-23169 * CVE-2026-23170 * CVE-2026-23171 * CVE-2026-23172 * CVE-2026-23173 * CVE-2026-23176 * CVE-2026-23177 * CVE-2026-23178 * CVE-2026-23179 * CVE-2026-23182 * CVE-2026-23188 * CVE-2026-23189 * CVE-2026-23190 * CVE-2026-23191 * CVE-2026-23198 * CVE-2026-23202 * CVE-2026-23207 * CVE-2026-23208 * CVE-2026-23209 * CVE-2026-23210 * CVE-2026-23213 * CVE-2026-23214 * CVE-2026-23221 * CVE-2026-23222 * CVE-2026-23223 * CVE-2026-23224 * CVE-2026-23229 * CVE-2026-23230 CVSS scores: * CVE-2025-39753 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-39753 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39753 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39964 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39964 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-39964 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40099 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40099 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-40103 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-40103 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-40230 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68173 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68173 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68186 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68186 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68292 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68295 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68329 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68329 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68371 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68745 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68745 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68785 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68785 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2025-68810 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68818 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71071 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2025-71071 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71104 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2025-71104 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2025-71104 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71125 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71125 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71134 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71134 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71161 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71161 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71182 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71182 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71183 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71183 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71184 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71184 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71185 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71185 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71186 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71186 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71186 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71188 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71188 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71188 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71189 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71189 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71189 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71190 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71190 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71190 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71191 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71191 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71191 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71192 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-71192 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-71193 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71193 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71194 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71194 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71195 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71195 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71196 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71196 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71197 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2025-71198 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71198 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71199 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71199 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71200 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71200 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71200 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71222 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71222 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71222 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71224 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71224 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71225 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71225 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2025-71225 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2025-71229 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71229 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71229 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71231 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-71231 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71231 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71232 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71232 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71233 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71233 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71233 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71234 ( SUSE ): 7.7 CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-71234 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71234 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71235 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71235 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71235 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71236 ( SUSE ): 5.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71236 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71236 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22979 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22979 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22980 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22980 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22998 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-22998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22998 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-23003 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23003 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23010 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-23010 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23017 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23017 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23017 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23018 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23018 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23018 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23021 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23021 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23021 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23022 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23022 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23022 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23023 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23023 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23023 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23024 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23024 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23024 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23026 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23026 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23026 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23030 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23030 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23031 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23033 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23033 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23035 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23035 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23037 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23037 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23038 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23038 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23042 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23042 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23047 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23047 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23049 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23049 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23050 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23050 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23053 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23053 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23054 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23055 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23055 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23056 ( SUSE ): 6.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23056 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23057 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-23057 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23058 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23058 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23059 ( SUSE ): 6.0 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23059 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23060 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23060 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23060 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23061 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23061 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23062 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23062 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-23062 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23063 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23063 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23063 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23064 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23064 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23065 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23065 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23065 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23066 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23066 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23068 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23068 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23069 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23070 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23070 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23070 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23071 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23071 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23071 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23073 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23073 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23073 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23076 ( SUSE ): 5.2 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-23076 ( SUSE ): 5.4 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23076 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23078 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23078 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23078 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23080 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23080 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23080 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23082 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23082 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23083 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-23083 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-23083 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23084 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23085 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23085 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23086 ( SUSE ): 6.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H * CVE-2026-23086 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-23086 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23088 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23089 ( SUSE ): 5.2 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23089 ( SUSE ): 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23090 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23090 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23090 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23091 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23091 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23091 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23094 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23094 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23094 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23095 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23095 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23095 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23096 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23097 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23097 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23097 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23099 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23099 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23099 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23100 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23100 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23100 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23101 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23101 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23101 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23102 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23102 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23102 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23104 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23104 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H * CVE-2026-23104 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23105 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23105 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23105 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23107 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23107 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23107 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23108 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23108 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23108 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23110 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23110 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23110 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23112 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23112 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-23112 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23116 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23116 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23116 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23119 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23119 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23121 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23121 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23121 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23123 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23123 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23123 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23128 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23128 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23128 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23129 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23129 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23129 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23131 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23131 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23131 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23133 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23133 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H * CVE-2026-23133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23135 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23135 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H * CVE-2026-23135 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23136 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23137 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23137 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23137 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23139 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23139 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23139 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23141 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23141 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23141 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23142 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23142 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23142 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23144 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23144 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23144 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23145 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23145 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23145 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23146 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23146 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23146 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23148 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23148 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23150 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23150 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23150 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23151 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23151 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23151 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23152 ( SUSE ): 5.9 CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23152 ( SUSE ): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23152 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23155 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23155 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23155 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23156 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-23156 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2026-23156 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23157 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23157 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23158 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23158 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23158 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23161 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23161 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23161 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23163 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23163 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23166 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23166 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23167 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23167 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23167 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23169 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23170 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23170 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23170 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23171 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-23171 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23172 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23172 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23172 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23173 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23173 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23173 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23176 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23176 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23177 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23177 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23178 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2026-23179 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23179 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23182 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23182 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23188 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23188 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23188 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23189 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23189 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23189 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23190 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23190 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23190 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23198 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23198 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23198 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23202 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23202 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23202 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23207 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23207 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23207 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23208 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23208 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23210 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23210 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23210 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23213 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23213 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23213 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23214 ( SUSE ): 5.1 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23214 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23214 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23221 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-23221 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23222 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-23222 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2026-23222 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23223 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-23223 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2026-23223 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23224 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23224 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23224 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23229 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23229 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23229 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23230 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-23230 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23230 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves 176 vulnerabilities, contains two features and has 24 fixes can now be installed. ## Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues. The following security issues were fixed: * CVE-2025-39753: gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (bsc#1249590). * CVE-2025-39964: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966). * CVE-2025-40099: cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911). * CVE-2025-40103: smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924). * CVE-2025-40230: mm: prevent poison consumption when splitting THP (bsc#1254817). * CVE-2025-68173: ftrace: Fix softlockup in ftrace_module_enable (bsc#1255311). * CVE-2025-68186: ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (bsc#1255144). * CVE-2025-68292: mm/memfd: fix information leak in hugetlb folios (bsc#1255148). * CVE-2025-68295: smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129). * CVE-2025-68329: tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (bsc#1255490). * CVE-2025-68371: scsi: smartpqi: Fix device resources accessed after device removal (bsc#1255572). * CVE-2025-68745: scsi: qla2xxx: Clear cmds after chip reset (bsc#1255721). * CVE-2025-68785: net: openvswitch: fix middle attribute validation in push_nsh() action (bsc#1256640). * CVE-2025-68810: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (bsc#1256679). * CVE-2025-71071: iommu/mediatek: fix use-after-free on probe deferral (bsc#1256802). * CVE-2025-71104: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708). * CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784). * CVE-2025-71134: mm/page_alloc: change all pageblocks migrate type on coalescing (bsc#1256732). * CVE-2025-71161: dm-verity: disable recursive forward error correction (bsc#1257174). * CVE-2025-71184: btrfs: tracepoints: use btrfs_root_id() to get the id of a root (bsc#1257635). * CVE-2025-71193: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686). * CVE-2025-71225: md: suspend array while updating raid_disks via sysfs (bsc#1258411). * CVE-2026-22979: net: fix memory leak in skb_segment_list for GRO packets (bsc#1257228). * CVE-2026-22998: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (bsc#1257209). * CVE-2026-23003: ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (bsc#1257246). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231). * CVE-2026-23010: ipv6: Fix use-after-free in inet6_addr_del() (bsc#1257332). * CVE-2026-23017: idpf: fix error handling in the init_task on load (bsc#1257552). * CVE-2026-23022: idpf: fix memory leak in idpf_vc_core_deinit() (bsc#1257581). * CVE-2026-23023: idpf: fix memory leak in idpf_vport_rel() (bsc#1257556). * CVE-2026-23024: idpf: fix memory leak of flow steer list on rmmod (bsc#1257572). * CVE-2026-23035: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (bsc#1257559). * CVE-2026-23042: idpf: fix aux device unplugging when rdma is not supported by vport (bsc#1257705). * CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682). * CVE-2026-23053: NFS: Fix a deadlock involving nfs_release_folio() (bsc#1257718). * CVE-2026-23057: vsock/virtio: Coalesce only linear skb (bsc#1257740). * CVE-2026-23064: net/sched: act_ife: avoid possible NULL deref (bsc#1257765). * CVE-2026-23066: rxrpc: Fix recvmsg() unconditional requeue (bsc#1257726). * CVE-2026-23068: spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805). * CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755). * CVE-2026-23070: Octeontx2-af: Add proper checks for fwdata (bsc#1257709). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749). * CVE-2026-23083: tools: ynl-gen: use big-endian netlink attribute types (bsc#1257745). * CVE-2026-23084: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (bsc#1257830). * CVE-2026-23085: irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758). * CVE-2026-23086: vsock/virtio: cap TX credit to local buffer size (bsc#1257757). * CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814). * CVE-2026-23095: gue: Fix skb memleak with inner IP protocol 0 (bsc#1257808). * CVE-2026-23097: migrate: correct lock ordering for hugetlb file folios (bsc#1257815). * CVE-2026-23099: bonding: limit BOND_MODE_8023AD to Ethernet devices (bsc#1257816). * CVE-2026-23100: mm/hugetlb: fix hugetlb_pmd_shared() (bsc#1257817). * CVE-2026-23102: arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772). * CVE-2026-23104: ice: fix devlink reload call trace (bsc#1257763). * CVE-2026-23105: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (bsc#1257775). * CVE-2026-23107: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762). * CVE-2026-23110: scsi: core: Wake up the error handler when final completions race against each other (bsc#1257761). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258181). * CVE-2026-23112: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (bsc#1258184). * CVE-2026-23116: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (bsc#1258277). * CVE-2026-23119: bonding: provide a net pointer to __skb_flow_dissect() (bsc#1258273). * CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303). * CVE-2026-23139: netfilter: nf_conncount: update last_gc only when GC has been performed (bsc#1258304). * CVE-2026-23141: btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377). * CVE-2026-23142: mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (bsc#1258289). * CVE-2026-23144: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (bsc#1258290). * CVE-2026-23148: nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (bsc#1258258). * CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286). * CVE-2026-23161: mm/shmem, swap: fix race of truncate and swap entry split (bsc#1258355). * CVE-2026-23166: ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (bsc#1258272). * CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389). * CVE-2026-23171: bonding: fix use-after-free due to enslave fail after slave array update (bsc#1258349). * CVE-2026-23173: net/mlx5e: TC, delete flows only for existing peers (bsc#1258520). * CVE-2026-23179: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (bsc#1258394). * CVE-2026-23189: ceph: fix NULL pointer dereference in ceph_mds_auth_match() (bsc#1258308). * CVE-2026-23198: KVM: Don't clobber irqfd routing type when deassigning irqfd (bsc#1258321). * CVE-2026-23208: ALSA: usb-audio: Prevent excessive number of frames (bsc#1258468). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518). * CVE-2026-23210: ice: Fix PTP NULL pointer dereference during VSI rebuild (bsc#1258517). * CVE-2026-23214: btrfs: reject new transactions if the fs is fully read-only (bsc#1258464). * CVE-2026-23223: xfs: fix UAF in xchk_btree_check_block_owner (bsc#1258483). * CVE-2026-23224: erofs: fix UAF issue for file-backed mounts w/ directio option (bsc#1258461). The following non security issues were fixed: * ALSA: usb-audio: Update the number of packets properly at receiving (stable- fixes). * ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes). * ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git- fixes). * Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971). * HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455). * HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes). * PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1255868). * PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672) * PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (bsc#1258672) * PM: sleep: wakeirq: Update outdated documentation comments (git-fixes). * Refresh and move upstreamed ath12k patch into sorted section * Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153) * add bugnumber to existing mana change (bsc#1252266). * arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS (bsc#1259329) * bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691). * can: bcm: fix locking for bcm_op runtime updates (git-fixes). * clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops (git- fixes). * clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818). * clocksource: Print durations for sync check unconditionally (bsc#1257818). * clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818). * clocksource: Use pr_info() for "Checking clocksource synchronization" message (bsc#1257818). * dm: Fix deadlock when reloading a multipath table (bsc#1254928). * drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129). * ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes). * gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes). * i3c: master: Update hot-join flag only on success (git-fixes). * ktls, sockmap: Fix missing uncharge operation (bsc#1252008). * media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes). * modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489). * net: mana: Handle hardware recovery events when probing the device (bsc#1257466). * net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). * platform/x86/amd: amd_3d_vcache: Add AMD 3D V-Cache optimizer driver (jsc#PED-11563). * sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634). * sched/deadline: Fix race in push_dl_task() (bsc#1234634). * sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634). * sched/fair: Fix pelt clock sync when entering idle (bsc#1234634). * sched/fair: Fix pelt lost idle time detection (bsc#1234634). * staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes). * wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-435=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * kernel-docs-html-6.12.0-160000.27.1 * kernel-macros-6.12.0-160000.27.1 * kernel-source-6.12.0-160000.27.1 * kernel-devel-6.12.0-160000.27.1 * kernel-source-vanilla-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le x86_64) * kernel-kvmsmall-debuginfo-6.12.0-160000.27.1 * kernel-default-base-6.12.0-160000.27.1.160000.2.8 * kernel-kvmsmall-devel-6.12.0-160000.27.1 * kernel-kvmsmall-debugsource-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 nosrc) * kernel-64kb-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64) * kernel-64kb-debugsource-6.12.0-160000.27.1 * kernel-64kb-extra-debuginfo-6.12.0-160000.27.1 * kernel-64kb-debuginfo-6.12.0-160000.27.1 * kernel-64kb-extra-6.12.0-160000.27.1 * kernel-64kb-devel-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 nosrc x86_64) * kernel-azure-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 x86_64) * kernel-azure-extra-6.12.0-160000.27.1 * kernel-azure-debugsource-6.12.0-160000.27.1 * kernel-azure-debuginfo-6.12.0-160000.27.1 * kernel-azure-extra-debuginfo-6.12.0-160000.27.1 * kernel-azure-devel-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * kernel-default-extra-6.12.0-160000.27.1 * kernel-syms-6.12.0-160000.27.1 * kernel-default-debuginfo-6.12.0-160000.27.1 * kernel-default-devel-6.12.0-160000.27.1 * kernel-obs-qa-6.12.0-160000.27.1 * kernel-default-extra-debuginfo-6.12.0-160000.27.1 * kernel-default-debugsource-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch nosrc) * kernel-docs-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (x86_64) * kernel-kvmsmall-devel-debuginfo-6.12.0-160000.27.1 * kernel-kvmsmall-vdso-6.12.0-160000.27.1 * kernel-azure-vdso-6.12.0-160000.27.1 * kernel-azure-devel-debuginfo-6.12.0-160000.27.1 * kernel-default-vdso-6.12.0-160000.27.1 * kernel-azure-vdso-debuginfo-6.12.0-160000.27.1 * kernel-kvmsmall-vdso-debuginfo-6.12.0-160000.27.1 * kernel-default-devel-debuginfo-6.12.0-160000.27.1 * kernel-default-vdso-debuginfo-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (ppc64le s390x x86_64) * kernel-default-livepatch-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (nosrc s390x) * kernel-zfcpdump-6.12.0-160000.27.1 * SUSE Linux Enterprise Server - BCI 16.0 (s390x) * kernel-zfcpdump-debugsource-6.12.0-160000.27.1 * kernel-zfcpdump-debuginfo-6.12.0-160000.27.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39753.html * https://www.suse.com/security/cve/CVE-2025-39964.html * https://www.suse.com/security/cve/CVE-2025-40099.html * https://www.suse.com/security/cve/CVE-2025-40103.html * https://www.suse.com/security/cve/CVE-2025-40230.html * https://www.suse.com/security/cve/CVE-2025-68173.html * https://www.suse.com/security/cve/CVE-2025-68186.html * https://www.suse.com/security/cve/CVE-2025-68292.html * https://www.suse.com/security/cve/CVE-2025-68295.html * https://www.suse.com/security/cve/CVE-2025-68329.html * https://www.suse.com/security/cve/CVE-2025-68371.html * https://www.suse.com/security/cve/CVE-2025-68745.html * https://www.suse.com/security/cve/CVE-2025-68785.html * https://www.suse.com/security/cve/CVE-2025-68810.html * https://www.suse.com/security/cve/CVE-2025-68818.html * https://www.suse.com/security/cve/CVE-2025-71071.html * https://www.suse.com/security/cve/CVE-2025-71104.html * https://www.suse.com/security/cve/CVE-2025-71125.html * https://www.suse.com/security/cve/CVE-2025-71134.html * https://www.suse.com/security/cve/CVE-2025-71161.html * https://www.suse.com/security/cve/CVE-2025-71182.html * https://www.suse.com/security/cve/CVE-2025-71183.html * https://www.suse.com/security/cve/CVE-2025-71184.html * https://www.suse.com/security/cve/CVE-2025-71185.html * https://www.suse.com/security/cve/CVE-2025-71186.html * https://www.suse.com/security/cve/CVE-2025-71188.html * https://www.suse.com/security/cve/CVE-2025-71189.html * https://www.suse.com/security/cve/CVE-2025-71190.html * https://www.suse.com/security/cve/CVE-2025-71191.html * https://www.suse.com/security/cve/CVE-2025-71192.html * https://www.suse.com/security/cve/CVE-2025-71193.html * https://www.suse.com/security/cve/CVE-2025-71194.html * https://www.suse.com/security/cve/CVE-2025-71195.html * https://www.suse.com/security/cve/CVE-2025-71196.html * https://www.suse.com/security/cve/CVE-2025-71197.html * https://www.suse.com/security/cve/CVE-2025-71198.html * https://www.suse.com/security/cve/CVE-2025-71199.html * https://www.suse.com/security/cve/CVE-2025-71200.html * https://www.suse.com/security/cve/CVE-2025-71222.html * https://www.suse.com/security/cve/CVE-2025-71224.html * https://www.suse.com/security/cve/CVE-2025-71225.html * https://www.suse.com/security/cve/CVE-2025-71229.html * https://www.suse.com/security/cve/CVE-2025-71231.html * https://www.suse.com/security/cve/CVE-2025-71232.html * https://www.suse.com/security/cve/CVE-2025-71233.html * https://www.suse.com/security/cve/CVE-2025-71234.html * https://www.suse.com/security/cve/CVE-2025-71235.html * https://www.suse.com/security/cve/CVE-2025-71236.html * https://www.suse.com/security/cve/CVE-2026-22979.html * https://www.suse.com/security/cve/CVE-2026-22980.html * https://www.suse.com/security/cve/CVE-2026-22998.html * https://www.suse.com/security/cve/CVE-2026-23003.html * https://www.suse.com/security/cve/CVE-2026-23004.html * https://www.suse.com/security/cve/CVE-2026-23010.html * https://www.suse.com/security/cve/CVE-2026-23017.html * https://www.suse.com/security/cve/CVE-2026-23018.html * https://www.suse.com/security/cve/CVE-2026-23021.html * https://www.suse.com/security/cve/CVE-2026-23022.html * https://www.suse.com/security/cve/CVE-2026-23023.html * https://www.suse.com/security/cve/CVE-2026-23024.html * https://www.suse.com/security/cve/CVE-2026-23026.html * https://www.suse.com/security/cve/CVE-2026-23030.html * https://www.suse.com/security/cve/CVE-2026-23031.html * https://www.suse.com/security/cve/CVE-2026-23033.html * https://www.suse.com/security/cve/CVE-2026-23035.html * https://www.suse.com/security/cve/CVE-2026-23037.html * https://www.suse.com/security/cve/CVE-2026-23038.html * https://www.suse.com/security/cve/CVE-2026-23042.html * https://www.suse.com/security/cve/CVE-2026-23047.html * https://www.suse.com/security/cve/CVE-2026-23049.html * https://www.suse.com/security/cve/CVE-2026-23050.html * https://www.suse.com/security/cve/CVE-2026-23053.html * https://www.suse.com/security/cve/CVE-2026-23054.html * https://www.suse.com/security/cve/CVE-2026-23055.html * https://www.suse.com/security/cve/CVE-2026-23056.html * https://www.suse.com/security/cve/CVE-2026-23057.html * https://www.suse.com/security/cve/CVE-2026-23058.html * https://www.suse.com/security/cve/CVE-2026-23059.html * https://www.suse.com/security/cve/CVE-2026-23060.html * https://www.suse.com/security/cve/CVE-2026-23061.html * https://www.suse.com/security/cve/CVE-2026-23062.html * https://www.suse.com/security/cve/CVE-2026-23063.html * https://www.suse.com/security/cve/CVE-2026-23064.html * https://www.suse.com/security/cve/CVE-2026-23065.html * https://www.suse.com/security/cve/CVE-2026-23066.html * https://www.suse.com/security/cve/CVE-2026-23068.html * https://www.suse.com/security/cve/CVE-2026-23069.html * https://www.suse.com/security/cve/CVE-2026-23070.html * https://www.suse.com/security/cve/CVE-2026-23071.html * https://www.suse.com/security/cve/CVE-2026-23073.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23076.html * https://www.suse.com/security/cve/CVE-2026-23078.html * https://www.suse.com/security/cve/CVE-2026-23080.html * https://www.suse.com/security/cve/CVE-2026-23082.html * https://www.suse.com/security/cve/CVE-2026-23083.html * https://www.suse.com/security/cve/CVE-2026-23084.html * https://www.suse.com/security/cve/CVE-2026-23085.html * https://www.suse.com/security/cve/CVE-2026-23086.html * https://www.suse.com/security/cve/CVE-2026-23088.html * https://www.suse.com/security/cve/CVE-2026-23089.html * https://www.suse.com/security/cve/CVE-2026-23090.html * https://www.suse.com/security/cve/CVE-2026-23091.html * https://www.suse.com/security/cve/CVE-2026-23094.html * https://www.suse.com/security/cve/CVE-2026-23095.html * https://www.suse.com/security/cve/CVE-2026-23096.html * https://www.suse.com/security/cve/CVE-2026-23097.html * https://www.suse.com/security/cve/CVE-2026-23099.html * https://www.suse.com/security/cve/CVE-2026-23100.html * https://www.suse.com/security/cve/CVE-2026-23101.html * https://www.suse.com/security/cve/CVE-2026-23102.html * https://www.suse.com/security/cve/CVE-2026-23104.html * https://www.suse.com/security/cve/CVE-2026-23105.html * https://www.suse.com/security/cve/CVE-2026-23107.html * https://www.suse.com/security/cve/CVE-2026-23108.html * https://www.suse.com/security/cve/CVE-2026-23110.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23112.html * https://www.suse.com/security/cve/CVE-2026-23116.html * https://www.suse.com/security/cve/CVE-2026-23119.html * https://www.suse.com/security/cve/CVE-2026-23121.html * https://www.suse.com/security/cve/CVE-2026-23123.html * https://www.suse.com/security/cve/CVE-2026-23128.html * https://www.suse.com/security/cve/CVE-2026-23129.html * https://www.suse.com/security/cve/CVE-2026-23131.html * https://www.suse.com/security/cve/CVE-2026-23133.html * https://www.suse.com/security/cve/CVE-2026-23135.html * https://www.suse.com/security/cve/CVE-2026-23136.html * https://www.suse.com/security/cve/CVE-2026-23137.html * https://www.suse.com/security/cve/CVE-2026-23139.html * https://www.suse.com/security/cve/CVE-2026-23141.html * https://www.suse.com/security/cve/CVE-2026-23142.html * https://www.suse.com/security/cve/CVE-2026-23144.html * https://www.suse.com/security/cve/CVE-2026-23145.html * https://www.suse.com/security/cve/CVE-2026-23146.html * https://www.suse.com/security/cve/CVE-2026-23148.html * https://www.suse.com/security/cve/CVE-2026-23150.html * https://www.suse.com/security/cve/CVE-2026-23151.html * https://www.suse.com/security/cve/CVE-2026-23152.html * https://www.suse.com/security/cve/CVE-2026-23154.html * https://www.suse.com/security/cve/CVE-2026-23155.html * https://www.suse.com/security/cve/CVE-2026-23156.html * https://www.suse.com/security/cve/CVE-2026-23157.html * https://www.suse.com/security/cve/CVE-2026-23158.html * https://www.suse.com/security/cve/CVE-2026-23161.html * https://www.suse.com/security/cve/CVE-2026-23163.html * https://www.suse.com/security/cve/CVE-2026-23166.html * https://www.suse.com/security/cve/CVE-2026-23167.html * https://www.suse.com/security/cve/CVE-2026-23169.html * https://www.suse.com/security/cve/CVE-2026-23170.html * https://www.suse.com/security/cve/CVE-2026-23171.html * https://www.suse.com/security/cve/CVE-2026-23172.html * https://www.suse.com/security/cve/CVE-2026-23173.html * https://www.suse.com/security/cve/CVE-2026-23176.html * https://www.suse.com/security/cve/CVE-2026-23177.html * https://www.suse.com/security/cve/CVE-2026-23178.html * https://www.suse.com/security/cve/CVE-2026-23179.html * https://www.suse.com/security/cve/CVE-2026-23182.html * https://www.suse.com/security/cve/CVE-2026-23188.html * https://www.suse.com/security/cve/CVE-2026-23189.html * https://www.suse.com/security/cve/CVE-2026-23190.html * https://www.suse.com/security/cve/CVE-2026-23191.html * https://www.suse.com/security/cve/CVE-2026-23198.html * https://www.suse.com/security/cve/CVE-2026-23202.html * https://www.suse.com/security/cve/CVE-2026-23207.html * https://www.suse.com/security/cve/CVE-2026-23208.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://www.suse.com/security/cve/CVE-2026-23210.html * https://www.suse.com/security/cve/CVE-2026-23213.html * https://www.suse.com/security/cve/CVE-2026-23214.html * https://www.suse.com/security/cve/CVE-2026-23221.html * https://www.suse.com/security/cve/CVE-2026-23222.html * https://www.suse.com/security/cve/CVE-2026-23223.html * https://www.suse.com/security/cve/CVE-2026-23224.html * https://www.suse.com/security/cve/CVE-2026-23229.html * https://www.suse.com/security/cve/CVE-2026-23230.html * https://bugzilla.suse.com/show_bug.cgi?id=1234634 * https://bugzilla.suse.com/show_bug.cgi?id=1249590 * https://bugzilla.suse.com/show_bug.cgi?id=1250748 * https://bugzilla.suse.com/show_bug.cgi?id=1251135 * https://bugzilla.suse.com/show_bug.cgi?id=1251966 * https://bugzilla.suse.com/show_bug.cgi?id=1251971 * https://bugzilla.suse.com/show_bug.cgi?id=1252008 * https://bugzilla.suse.com/show_bug.cgi?id=1252266 * https://bugzilla.suse.com/show_bug.cgi?id=1252911 * https://bugzilla.suse.com/show_bug.cgi?id=1252924 * https://bugzilla.suse.com/show_bug.cgi?id=1253129 * https://bugzilla.suse.com/show_bug.cgi?id=1253691 * https://bugzilla.suse.com/show_bug.cgi?id=1254817 * https://bugzilla.suse.com/show_bug.cgi?id=1254928 * https://bugzilla.suse.com/show_bug.cgi?id=1255129 * https://bugzilla.suse.com/show_bug.cgi?id=1255144 * https://bugzilla.suse.com/show_bug.cgi?id=1255148 * https://bugzilla.suse.com/show_bug.cgi?id=1255311 * https://bugzilla.suse.com/show_bug.cgi?id=1255490 * https://bugzilla.suse.com/show_bug.cgi?id=1255572 * https://bugzilla.suse.com/show_bug.cgi?id=1255721 * https://bugzilla.suse.com/show_bug.cgi?id=1255868 * https://bugzilla.suse.com/show_bug.cgi?id=1256640 * https://bugzilla.suse.com/show_bug.cgi?id=1256675 * https://bugzilla.suse.com/show_bug.cgi?id=1256679 * https://bugzilla.suse.com/show_bug.cgi?id=1256708 * https://bugzilla.suse.com/show_bug.cgi?id=1256732 * https://bugzilla.suse.com/show_bug.cgi?id=1256784 * https://bugzilla.suse.com/show_bug.cgi?id=1256802 * https://bugzilla.suse.com/show_bug.cgi?id=1256865 * https://bugzilla.suse.com/show_bug.cgi?id=1256867 * https://bugzilla.suse.com/show_bug.cgi?id=1257154 * https://bugzilla.suse.com/show_bug.cgi?id=1257174 * https://bugzilla.suse.com/show_bug.cgi?id=1257209 * https://bugzilla.suse.com/show_bug.cgi?id=1257222 * https://bugzilla.suse.com/show_bug.cgi?id=1257228 * https://bugzilla.suse.com/show_bug.cgi?id=1257231 * https://bugzilla.suse.com/show_bug.cgi?id=1257246 * https://bugzilla.suse.com/show_bug.cgi?id=1257332 * https://bugzilla.suse.com/show_bug.cgi?id=1257466 * https://bugzilla.suse.com/show_bug.cgi?id=1257472 * https://bugzilla.suse.com/show_bug.cgi?id=1257473 * https://bugzilla.suse.com/show_bug.cgi?id=1257551 * https://bugzilla.suse.com/show_bug.cgi?id=1257552 * https://bugzilla.suse.com/show_bug.cgi?id=1257553 * https://bugzilla.suse.com/show_bug.cgi?id=1257554 * https://bugzilla.suse.com/show_bug.cgi?id=1257556 * https://bugzilla.suse.com/show_bug.cgi?id=1257557 * https://bugzilla.suse.com/show_bug.cgi?id=1257559 * https://bugzilla.suse.com/show_bug.cgi?id=1257560 * https://bugzilla.suse.com/show_bug.cgi?id=1257561 * https://bugzilla.suse.com/show_bug.cgi?id=1257562 * https://bugzilla.suse.com/show_bug.cgi?id=1257565 * https://bugzilla.suse.com/show_bug.cgi?id=1257570 * https://bugzilla.suse.com/show_bug.cgi?id=1257572 * https://bugzilla.suse.com/show_bug.cgi?id=1257573 * https://bugzilla.suse.com/show_bug.cgi?id=1257576 * https://bugzilla.suse.com/show_bug.cgi?id=1257579 * https://bugzilla.suse.com/show_bug.cgi?id=1257580 * https://bugzilla.suse.com/show_bug.cgi?id=1257581 * https://bugzilla.suse.com/show_bug.cgi?id=1257586 * https://bugzilla.suse.com/show_bug.cgi?id=1257600 * https://bugzilla.suse.com/show_bug.cgi?id=1257631 * https://bugzilla.suse.com/show_bug.cgi?id=1257635 * https://bugzilla.suse.com/show_bug.cgi?id=1257679 * https://bugzilla.suse.com/show_bug.cgi?id=1257682 * https://bugzilla.suse.com/show_bug.cgi?id=1257686 * https://bugzilla.suse.com/show_bug.cgi?id=1257687 * https://bugzilla.suse.com/show_bug.cgi?id=1257688 * https://bugzilla.suse.com/show_bug.cgi?id=1257704 * https://bugzilla.suse.com/show_bug.cgi?id=1257705 * https://bugzilla.suse.com/show_bug.cgi?id=1257706 * https://bugzilla.suse.com/show_bug.cgi?id=1257707 * https://bugzilla.suse.com/show_bug.cgi?id=1257709 * https://bugzilla.suse.com/show_bug.cgi?id=1257714 * https://bugzilla.suse.com/show_bug.cgi?id=1257715 * https://bugzilla.suse.com/show_bug.cgi?id=1257716 * https://bugzilla.suse.com/show_bug.cgi?id=1257718 * https://bugzilla.suse.com/show_bug.cgi?id=1257722 * https://bugzilla.suse.com/show_bug.cgi?id=1257723 * https://bugzilla.suse.com/show_bug.cgi?id=1257726 * https://bugzilla.suse.com/show_bug.cgi?id=1257729 * https://bugzilla.suse.com/show_bug.cgi?id=1257730 * https://bugzilla.suse.com/show_bug.cgi?id=1257732 * https://bugzilla.suse.com/show_bug.cgi?id=1257734 * https://bugzilla.suse.com/show_bug.cgi?id=1257735 * https://bugzilla.suse.com/show_bug.cgi?id=1257737 * https://bugzilla.suse.com/show_bug.cgi?id=1257739 * https://bugzilla.suse.com/show_bug.cgi?id=1257740 * https://bugzilla.suse.com/show_bug.cgi?id=1257741 * https://bugzilla.suse.com/show_bug.cgi?id=1257742 * https://bugzilla.suse.com/show_bug.cgi?id=1257743 * https://bugzilla.suse.com/show_bug.cgi?id=1257745 * https://bugzilla.suse.com/show_bug.cgi?id=1257749 * https://bugzilla.suse.com/show_bug.cgi?id=1257750 * https://bugzilla.suse.com/show_bug.cgi?id=1257755 * https://bugzilla.suse.com/show_bug.cgi?id=1257757 * https://bugzilla.suse.com/show_bug.cgi?id=1257758 * https://bugzilla.suse.com/show_bug.cgi?id=1257759 * https://bugzilla.suse.com/show_bug.cgi?id=1257761 * https://bugzilla.suse.com/show_bug.cgi?id=1257762 * https://bugzilla.suse.com/show_bug.cgi?id=1257763 * https://bugzilla.suse.com/show_bug.cgi?id=1257765 * https://bugzilla.suse.com/show_bug.cgi?id=1257768 * https://bugzilla.suse.com/show_bug.cgi?id=1257770 * https://bugzilla.suse.com/show_bug.cgi?id=1257772 * https://bugzilla.suse.com/show_bug.cgi?id=1257775 * https://bugzilla.suse.com/show_bug.cgi?id=1257776 * https://bugzilla.suse.com/show_bug.cgi?id=1257788 * https://bugzilla.suse.com/show_bug.cgi?id=1257789 * https://bugzilla.suse.com/show_bug.cgi?id=1257790 * https://bugzilla.suse.com/show_bug.cgi?id=1257805 * https://bugzilla.suse.com/show_bug.cgi?id=1257808 * https://bugzilla.suse.com/show_bug.cgi?id=1257809 * https://bugzilla.suse.com/show_bug.cgi?id=1257811 * https://bugzilla.suse.com/show_bug.cgi?id=1257813 * https://bugzilla.suse.com/show_bug.cgi?id=1257814 * https://bugzilla.suse.com/show_bug.cgi?id=1257815 * https://bugzilla.suse.com/show_bug.cgi?id=1257816 * https://bugzilla.suse.com/show_bug.cgi?id=1257817 * https://bugzilla.suse.com/show_bug.cgi?id=1257818 * https://bugzilla.suse.com/show_bug.cgi?id=1257830 * https://bugzilla.suse.com/show_bug.cgi?id=1257942 * https://bugzilla.suse.com/show_bug.cgi?id=1257952 * https://bugzilla.suse.com/show_bug.cgi?id=1258153 * https://bugzilla.suse.com/show_bug.cgi?id=1258181 * https://bugzilla.suse.com/show_bug.cgi?id=1258184 * https://bugzilla.suse.com/show_bug.cgi?id=1258222 * https://bugzilla.suse.com/show_bug.cgi?id=1258232 * https://bugzilla.suse.com/show_bug.cgi?id=1258234 * https://bugzilla.suse.com/show_bug.cgi?id=1258237 * https://bugzilla.suse.com/show_bug.cgi?id=1258245 * https://bugzilla.suse.com/show_bug.cgi?id=1258249 * https://bugzilla.suse.com/show_bug.cgi?id=1258252 * https://bugzilla.suse.com/show_bug.cgi?id=1258256 * https://bugzilla.suse.com/show_bug.cgi?id=1258258 * https://bugzilla.suse.com/show_bug.cgi?id=1258259 * https://bugzilla.suse.com/show_bug.cgi?id=1258272 * https://bugzilla.suse.com/show_bug.cgi?id=1258273 * https://bugzilla.suse.com/show_bug.cgi?id=1258276 * https://bugzilla.suse.com/show_bug.cgi?id=1258277 * https://bugzilla.suse.com/show_bug.cgi?id=1258279 * https://bugzilla.suse.com/show_bug.cgi?id=1258286 * https://bugzilla.suse.com/show_bug.cgi?id=1258289 * https://bugzilla.suse.com/show_bug.cgi?id=1258290 * https://bugzilla.suse.com/show_bug.cgi?id=1258297 * https://bugzilla.suse.com/show_bug.cgi?id=1258298 * https://bugzilla.suse.com/show_bug.cgi?id=1258299 * https://bugzilla.suse.com/show_bug.cgi?id=1258303 * https://bugzilla.suse.com/show_bug.cgi?id=1258304 * https://bugzilla.suse.com/show_bug.cgi?id=1258308 * https://bugzilla.suse.com/show_bug.cgi?id=1258309 * https://bugzilla.suse.com/show_bug.cgi?id=1258313 * https://bugzilla.suse.com/show_bug.cgi?id=1258317 * https://bugzilla.suse.com/show_bug.cgi?id=1258321 * https://bugzilla.suse.com/show_bug.cgi?id=1258323 * https://bugzilla.suse.com/show_bug.cgi?id=1258324 * https://bugzilla.suse.com/show_bug.cgi?id=1258326 * https://bugzilla.suse.com/show_bug.cgi?id=1258331 * https://bugzilla.suse.com/show_bug.cgi?id=1258338 * https://bugzilla.suse.com/show_bug.cgi?id=1258349 * https://bugzilla.suse.com/show_bug.cgi?id=1258354 * https://bugzilla.suse.com/show_bug.cgi?id=1258355 * https://bugzilla.suse.com/show_bug.cgi?id=1258358 * https://bugzilla.suse.com/show_bug.cgi?id=1258374 * https://bugzilla.suse.com/show_bug.cgi?id=1258376 * https://bugzilla.suse.com/show_bug.cgi?id=1258377 * https://bugzilla.suse.com/show_bug.cgi?id=1258379 * https://bugzilla.suse.com/show_bug.cgi?id=1258389 * https://bugzilla.suse.com/show_bug.cgi?id=1258394 * https://bugzilla.suse.com/show_bug.cgi?id=1258395 * https://bugzilla.suse.com/show_bug.cgi?id=1258397 * https://bugzilla.suse.com/show_bug.cgi?id=1258411 * https://bugzilla.suse.com/show_bug.cgi?id=1258415 * https://bugzilla.suse.com/show_bug.cgi?id=1258419 * https://bugzilla.suse.com/show_bug.cgi?id=1258421 * https://bugzilla.suse.com/show_bug.cgi?id=1258422 * https://bugzilla.suse.com/show_bug.cgi?id=1258424 * https://bugzilla.suse.com/show_bug.cgi?id=1258429 * https://bugzilla.suse.com/show_bug.cgi?id=1258430 * https://bugzilla.suse.com/show_bug.cgi?id=1258442 * https://bugzilla.suse.com/show_bug.cgi?id=1258455 * https://bugzilla.suse.com/show_bug.cgi?id=1258461 * https://bugzilla.suse.com/show_bug.cgi?id=1258464 * https://bugzilla.suse.com/show_bug.cgi?id=1258465 * https://bugzilla.suse.com/show_bug.cgi?id=1258468 * https://bugzilla.suse.com/show_bug.cgi?id=1258469 * https://bugzilla.suse.com/show_bug.cgi?id=1258483 * https://bugzilla.suse.com/show_bug.cgi?id=1258484 * https://bugzilla.suse.com/show_bug.cgi?id=1258489 * https://bugzilla.suse.com/show_bug.cgi?id=1258517 * https://bugzilla.suse.com/show_bug.cgi?id=1258518 * https://bugzilla.suse.com/show_bug.cgi?id=1258519 * https://bugzilla.suse.com/show_bug.cgi?id=1258520 * https://bugzilla.suse.com/show_bug.cgi?id=1258524 * https://bugzilla.suse.com/show_bug.cgi?id=1258544 * https://bugzilla.suse.com/show_bug.cgi?id=1258660 * https://bugzilla.suse.com/show_bug.cgi?id=1258672 * https://bugzilla.suse.com/show_bug.cgi?id=1258824 * https://bugzilla.suse.com/show_bug.cgi?id=1259329 * https://jira.suse.com/browse/PED-11563 * https://jira.suse.com/browse/PED-14156 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:37:36 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:37:36 -0000 Subject: SUSE-SU-2026:20930-1: important: Security update for python-pyOpenSSL Message-ID: <177504705601.568.1030129993014988234@634a8d224e68> # Security update for python-pyOpenSSL Announcement ID: SUSE-SU-2026:20930-1 Release Date: 2026-03-25T03:41:11Z Rating: important References: * bsc#1259804 * bsc#1259808 Cross-References: * CVE-2026-27448 * CVE-2026-27459 CVSS scores: * CVE-2026-27448 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27448 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27448 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27448 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27459 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-27459 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-27459 ( NVD ): 7.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27459 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-pyOpenSSL fixes the following issues: * CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804). * CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-439=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * python313-pyOpenSSL-25.0.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27448.html * https://www.suse.com/security/cve/CVE-2026-27459.html * https://bugzilla.suse.com/show_bug.cgi?id=1259804 * https://bugzilla.suse.com/show_bug.cgi?id=1259808 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:37:39 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:37:39 -0000 Subject: SUSE-SU-2026:20929-1: important: Security update for python-pyasn1 Message-ID: <177504705945.568.15409742613806359598@634a8d224e68> # Security update for python-pyasn1 Announcement ID: SUSE-SU-2026:20929-1 Release Date: 2026-03-25T03:09:26Z Rating: important References: * bsc#1259803 Cross-References: * CVE-2026-30922 CVSS scores: * CVE-2026-30922 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-30922 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-30922 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-pyasn1 fixes the following issue: * CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-438=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * python313-pyasn1-0.6.1-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-30922.html * https://bugzilla.suse.com/show_bug.cgi?id=1259803 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:37:45 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:37:45 -0000 Subject: SUSE-SU-2026:20928-1: important: Security update for python-black Message-ID: <177504706598.568.5252855994863776045@634a8d224e68> # Security update for python-black Announcement ID: SUSE-SU-2026:20928-1 Release Date: 2026-03-24T19:41:09Z Rating: important References: * bsc#1259546 * bsc#1259608 Cross-References: * CVE-2026-31900 * CVE-2026-32274 CVSS scores: * CVE-2026-31900 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31900 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31900 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31900 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32274 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-32274 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-32274 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-32274 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-black fixes the following issues: * CVE-2026-31900: a malicious pyproject.toml edit can lead to arbitrary code execution (bsc#1259546). * CVE-2026-32274: arbitrary file writes from unsanitized user input in cache file name (bsc#1259608). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-437=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * python313-black-25.1.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31900.html * https://www.suse.com/security/cve/CVE-2026-32274.html * https://bugzilla.suse.com/show_bug.cgi?id=1259546 * https://bugzilla.suse.com/show_bug.cgi?id=1259608 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:37:50 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:37:50 -0000 Subject: SUSE-SU-2026:20927-1: important: Security update for 389-ds Message-ID: <177504707064.568.5976844605707459762@634a8d224e68> # Security update for 389-ds Announcement ID: SUSE-SU-2026:20927-1 Release Date: 2026-03-24T17:50:31Z Rating: important References: * bsc#1258727 Cross-References: * CVE-2025-14905 CVSS scores: * CVE-2025-14905 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-14905 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2025-14905 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for 389-ds fixes the following issue: Update to 389-ds 3.0.6~git249.6688af9b2: * CVE-2025-14905: heap buffer overflow due to improper size calculation in `schema_attr_enum_callback` can lead to DoS and RCE (bsc#1258727). Changelog: * Issue 7277 - UI - Fix Japanese translation for "Successfully updated group" in Cockpit UI (#7278) * Issue 7275 - UI - Improve password policy field validation in Cockpit UI (#7276) * Issue 7279 - UI - Fix typo in export certificate dialog (#7280) * Issue 7273 - In a chaining environment binding as remote user causes an invalid error in the logs * Issue 7271 - plugins that create threads need to update active thread count * Issue 5853 - Update concread to 0.5.10 * Issue 7053 - Remove memberof_del_dn_from_groups from MemberOf plugin (#7064) * Issue 7223 - Remove integerOrderingMatch requirement for parentid (#7264) * Issue 7066/7052 - allow password history to be set to zero and remove history * Issue 7223 - Use lexicographical order for ancestorid (#7256) * Issue 7213 - (2nd) MDB_BAD_VALSIZE error while handling VLV (#7258) * Issue 7184 - (2nd) argparse.HelpFormatter _format_actions_usage() is deprecated (#7257) * Issue - CLI - dsctl db2index needs some hardening with MBD * Issue 7248 - CLI - attribute uniqueness - fix usage for exclude subtree option * Issue 7231 - Sync repl tests fail in FIPS mode due to non FIPS compliant crypto (#7232) * Issue 7121 - (2nd) LeakSanitizer: various leaks during replication (#7212) * Issue 6947 - Fix health_system_indexes_test.py * Issue 7076 - Fix revert_cache() never called in modrdn (#7220) * Issue 7076, 6992, 6784, 6214 - Fix CI test failures (#7077) * Issue 7096 - (2nd) During replication online total init the function idl_id_is_in_idlist is not scaling with large database (#7205) * Issue 3555 - UI - Fix audit issue with npm - @isaacs/brace-expansion (#7228) * Issue 7223 - Add dsctl index-check command for offline index repair * Issue 7223 - Detect and log index ordering mismatch during backend startup * Issue 7223 - Add upgrade function to remove ancestorid index config entry * Issue 7223 - Add upgrade function to remove nsIndexIDListScanLimit from parentid * Issue 7223 - Revert index scan limits for system indexes * Issue 6542 - RPM build errors on Fedora 42 * Issue 7224 - CI Test - Simplify test_reserve_descriptor_validation (#7225) * Issue 7194 - Repl Log Analysis - Add CSN propagation details (#7195) * Issue 7213 - MDB_BAD_VALSIZE error while handling VLV (#7214) * Issue 7027 - (2nd) 389-ds-base OpenScanHub Leaks Detected (#7211) * Issue 7184 - argparse.HelpFormatter _format_actions_usage() is deprecated * Issue 7198 - Web console doesn't show sub-suffix when parent-suffix points to an entry (#7202) * Issue 7189 - DSBLE0007 generates incorrect remediation commands for scan limits * Bump lodash from 4.17.21 to 4.17.23 in /src/cockpit/389-console (#7203) * Issue 7172 - (2nd) Index ordering mismatch after upgrade (#7180) * Issue 7172 - Index ordering mismatch after upgrade (#7173) * Issue - Revise paged result search locking * Issue 7096 - During replication online total init the function idl_id_is_in_idlist is not scaling with large database (#7145) * Revert "Issue 7160 - Add lib389 version sync check to configure (#7165)" * Issue 7160 - Add lib389 version sync check to configure (#7165) * Issue 7049 - RetroCL plugin generates invalid LDIF * Issue 7150 - Compressed access log rotations skipped, accesslog-list out of sync (#7151) * Restore definition for slapi_entry_attr_get_valuearray * Issue 1793 - RFE - Dynamic lists - UI and CLI updates * Issue 7119 - Fix DNA shared config replication test (#7143) * Issue 7081 - Repl Log Analysis - Implement data sampling with performance and timezone fixes (#7086) * Issue 1793 - RFE - Implement dynamic lists * Issue 6753 - Port ticket tests * Issue 6753 - Port and fix ticket 47823 tests * Issue 6753 - Add 'add_exclude_subtree' and 'remove_exclude_subtree' methods to Attribute uniqueness plugin * Issue 6753 - Port ticket test 48026 * Issue 7128 - memory corruption in alias entry plugin (#7131) * Issue 7091 - Duplicate local password policy entries listed (#7092) * Issue 7124 - BDB cursor race condition with transaction isolation (#7125) * Issue 7132 - Keep alive entry updated too soon after an offline import (#7133) * Issue 7121 - LeakSanitizer: various leaks during replication (#7122) * Issue 7115 - LeakSanitizer: leak in `slapd_bind_local_user()` (#7116) * Issue 7109 - AddressSanitizer: SEGV ldap/servers/slapd/csnset.c:302 in csnset_dup (#7114) * Issue 7056 - DSBLE0007 doesn't generate remediation steps for missing indexes * Issue 7119 - Harden DNA plugin locking for shared server list operations (#7120) * Issue 7084 - UI - schema - sorting attributes breaks expanded row * Issue 7007 - Improve paged result search locking * Issue 3555 - UI - Fix audit issue with npm - glob (#7107) * Issue 6846 - Attribute uniqueness is not enforced with modrdn (#7026) * Issue 6901 - Update changelog trimming logging - fix tests * Issue 6901 - Update changelog trimming logging * Bump js-yaml from 4.1.0 to 4.1.1 in /src/cockpit/389-console (#7097) * Issue 7069 - Fix error reporting in HAProxy trusted IP parsing (#7094) * Issue 7055 - Online initialization of consumers fails with error -23 (#7075) * Issue 7042 - Enable global_backend_lock when memberofallbackend is enabled (#7043) * Issue 7078 - audit json logging does not encode binary values * Issue 7069 - Add Subnet/CIDR Support for HAProxy Trusted IPs (#7070) * Issue 6660 - CLI, UI - Improve replication log analyzer usability (#7062) * Issue 7065 - A search filter containing a non normalized DN assertion does not return matching entries (#7068) * Issue 7071 - search filter (&(cn:dn:=groups)) no longer returns results * Issue 7073 - Add NDN cache size configuration and enforcement tests (#7074) * Issue 7041 - CLI/UI - memberOf - no way to add/remove specific group filters * Issue 7061 - CLI/UI - Improve error messages for dsconf localpwp list * Issue 7059 - UI - unable to upload pem file * Issue 7032 - The new ipahealthcheck test ipahealthcheck.ds.backends.BackendsCheck raises CRITICAL issue (#7036) * Issue 7047 - MemberOf plugin logs null attribute name on fixup task completion (#7048) * Issue 7044 - RFE - index sudoHost by default (#7046) * Issue 6979 - Improve the way to detect asynchronous operations in the access logs (#6980) * Issue 7035 - RFE - memberOf - adding scoping for specific groups * Issue - CLI/UI - Add option to delete all replication conflict entries * Issue 7033 - lib389 - basic plugin status not in JSON * Issue 7023 - UI - if first instance that is loaded is stopped it breaks parts of the UI * Issue 7027 - 389-ds-base OpenScanHub Leaks Detected (#7028) * Issue 6966 - On large DB, unlimited IDL scan limit reduce the SRCH performance (#6967) * Issue 6660 - UI - Improve replication log analysis charts and usability (#6968) * Issue 6982 - UI - MemberOf shared config does not validate DN properly (#6983) * Issue 7021 - Units for changing MDB max size are not consistent across different tools (#7022) * Issue 6954 - do not delete referrals on chain_on_update backend * Issue 7018 - BUG - prevent stack depth being hit (#7019) * Issue 6928 - The parentId attribute is indexed with improper matching rule * Issue 6933 - When deferred memberof update is enabled after the server crashed it should not launch memberof fixup task by default (#6935) * Issue 6904 - Fix config_test.py::test_lmdb_config * Issue 7014 - memberOf - ignored deferred updates with LMDB * Issue 7012 - improve dscrl dbverify result when backend does not exists (#7013) * Issue 6929 - Compilation failure with rust-1.89 on Fedora ELN * Issue 6990 - UI - Replace deprecated Select components with new TypeaheadSelect (#6996) * Issue 6990 - UI - Fix typeahead Select fields losing values on Enter keypress (#6991) * Issue 6887 - Enhance logconv.py to add support for JSON access logs (#6889) * Issue 6985 - Some logconv CI tests fail with BDB (#6986) * Issue 6891 - JSON logging - add wrapper function that checks for NULL * Issue 6977 - UI - Show error message when trying to use unavailable ports (#6978) * Issue 6956 - More UI fixes * Issue 6947 - Revise time skew check in healthcheck tool and add option to exclude checks * Issue 6805 - RFE - Multiple backend entry cache tuning * Issue 6843 - Add CI tests for logconv.py (#6856) * Issue - UI - update Radio handlers and LDAP entries last modified time * Issue 6660 - UI - Fix minor typo (#6955) * Issue 6910 - Fix latest coverity issues * Issue 6919 - numSubordinates/tombstoneNumSubordinates are inconsisten... (#6920) * Issue 6663 - Fix NULL subsystem crash in JSON error logging (#6883) * Issue 6940 - dsconf monitor server fails with ldapi:// due to absent server ID (#6941) * Issue 6936 - Make user/subtree policy creation idempotent (#6937) * Issue 6865 - AddressSanitizer: leak in agmt_update_init_status * Issue 6848 - AddressSanitizer: leak in do_search * Issue 6850 - AddressSanitizer: memory leak in mdb_init * Issue 6778 - Memory leak in roles_cache_create_object_from_entry part 2 * Issue 6778 - Memory leak in roles_cache_create_object_from_entry * Issue 6181 - RFE - Allow system to manage uid/gid at startup * Issues 6913, 6886, 6250 - Adjust xfail marks (#6914) * Issue 6768 - ns-slapd crashes when a referral is added (#6780) * Issue 6468 - CLI - Fix default error log level * Issue 6339 - Address Coverity scan issues in memberof and bdb_layer (#6353) * Issue 6897 - Fix disk monitoring test failures and improve test maintainability (#6898) * Issue 6884 - Mask password hashes in audit logs (#6885) * Issue 6594 - Add test for numSubordinates replication consistency with tombstones (#6862) * Issue 6250 - Add test for entryUSN overflow on failed add operations (#6821) * Issue 6895 - Crash if repl keep alive entry can not be created * Issue 6893 - Log user that is updated during password modify extended operation * Issue 6772 - dsconf - Replicas with the "consumer" role allow for viewing and modification of their changelog. (#6773) * Issue 6888 - Missing access JSON logging for TLS/Client auth * Issue 6680 - instance read-only mode is broken (#6681) * Issue 6878 - Prevent repeated disconnect logs during shutdown (#6879) * Issue 6872 - compressed log rotation creates files with world readable permission * Issue 6859 - str2filter is not fully applying matching rules * Issue 6868 - UI - schema attribute table expansion break after moving to a new page * Issue 6854 - Refactor for improved data management (#6855) * Issue 6756 - CLI, UI - Properly handle disabled NDN cache (#6757) * Issue 6857 - uiduniq: allow specifying match rules in the filter * Issue 6838 - lib389/replica.py is using nonexistent datetime.UTC in Python 3.9 * Issue 6822 - Backend creation cleanup and Database UI tab error handling (#6823) * Issue 6782 - Improve paged result locking * Issue 6825 - RootDN Access Control Plugin with wildcards for IP addre... (#6826) * Issue 6736 - Exception thrown by dsconf instance repl get_ruv (#6742) * Issue 6819 - Incorrect pwdpolicysubentry returned for an entry with user password policy * Issue 6553 - Update concread to 0.5.6 (#6824) * Issue 1081 - Add a CI test (#6063) * Issue 6761 - Password modify extended operation should skip password policy checks when executed by root DN * Issue 6791 - crash in liblmdb during instance shutdown (#6793) * Issue 6641 - modrdn fails when a user is member of multiple groups (#6643) * Issue 6776 - Enabling audit log makes slapd coredump * Issue 6534 - CI fails with Fedora 41 and DNF5 * Issue 6787 - Improve error message when bulk import connection is closed * Issue 6727 - RFE - database compaction interval should be persistent * Issue 6438 - Add basic dsidm organizational unit tests * Issue 6439 - Fix dsidm service get_dn option * Issue 5120 - ns-slapd doesn't start in referral mode (#6763) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-434=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * 389-ds-snmp-debuginfo-3.0.6~git249.6688af9b2-160000.1.1 * libsvrcore0-debuginfo-3.0.6~git249.6688af9b2-160000.1.1 * 389-ds-debuginfo-3.0.6~git249.6688af9b2-160000.1.1 * 389-ds-snmp-3.0.6~git249.6688af9b2-160000.1.1 * 389-ds-devel-3.0.6~git249.6688af9b2-160000.1.1 * 389-ds-3.0.6~git249.6688af9b2-160000.1.1 * 389-ds-debugsource-3.0.6~git249.6688af9b2-160000.1.1 * lib389-3.0.6~git249.6688af9b2-160000.1.1 * libsvrcore0-3.0.6~git249.6688af9b2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14905.html * https://bugzilla.suse.com/show_bug.cgi?id=1258727 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:37:59 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:37:59 -0000 Subject: SUSE-SU-2026:20926-1: important: Security update for tomcat11 Message-ID: <177504707984.568.8812476377750971950@634a8d224e68> # Security update for tomcat11 Announcement ID: SUSE-SU-2026:20926-1 Release Date: 2026-03-24T16:08:32Z Rating: important References: * bsc#1253460 * bsc#1258371 * bsc#1258385 * bsc#1258387 Cross-References: * CVE-2025-66614 * CVE-2026-24733 * CVE-2026-24734 CVSS scores: * CVE-2025-66614 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-66614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-66614 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-66614 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2026-24733 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-24733 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-24733 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-24733 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-24734 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-24734 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-24734 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves three vulnerabilities and has one fix can now be installed. ## Description: This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: * CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371). * CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385). * CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387). Changelog: * Fix: 69932: Fix request end access log pattern regression, which would log the start time of the request instead. (remm) * Fix: 69623: Additional fix for the long standing regression that meant that calls to ClassLoader.getResource().getContent() failed when made from within a web application with resource caching enabled if the target resource was packaged in a JAR file. (markt) * Fix: Pull request #923: Avoid adding multiple CSRF tokens to a URL in the CsrfPreventionFilter. (schultz) * Fix: 69918: Ensure request parameters are correctly parsed for HTTP/2 requests when the content-length header is not set. (dsoumis) * Update: Enable minimum and recommended Tomcat Native versions to be set separately for Tomcat Native 1.x and 2.x. Update the minimum and recommended versions for Tomcat Native 1.x to 1.3.4. Update the minimum and recommended versions for Tomcat Native 2.x to 2.0.12. (markt) * Add: Add a new ssoReauthenticationMode to the Tomcat provided Authenticators that provides a per Authenticator override of the SSO Valve requireReauthentication attribute. (markt) * Fix: Ensure URL encoding errors in the Rewrite Valve trigger an exception rather than silently using a replacement character. (markt) * Fix: 69871: Increase log level to INFO for missing configuration for the rewrite valve. (remm) * Fix: Add log warnings for additional Host appBase suspicious values. (remm) * Fix: Remove hard dependency on tomcat-jni.jar for catalina.jar. org.apache.catalina.Connector no longer requires org.apache.tomcat.jni.AprStatus to be present. (markt) * Add: Add the ability to use a custom function to generate the client identifier in the CrawlerSessionManagerValve. This is only available programmatically. Pull request #902 by Brian Matzon. (markt) * Fix: Change the SSO reauthentication behaviour for SPNEGO authentication so that a normal SPNEGO authentication is performed if the SSL Valve is configured with reauthentication enabled. This is so that the delegated credentials will be available to the web application. (markt) * Fix: When generating the class path in the Loader, re-order the check on individual class path components to avoid a potential NullPointerException. Identified by Coverity Scan. (markt) * Fix: Fix SSL socket factory configuration in the JNDI realm. Based on pull request #915 by Joshua Rogers. (remm) * Update: Add an attribute, digestInRfc3112Order, to MessageDigestCredentialHandler to control the order in which the credential and salt are digested. By default, the current, non-RFC 3112 compliant, order of salt then credential will be used. This default will change in Tomcat 12 to the RFC 3112 compliant order of credential then salt. (markt) * Cluster * Add: 62814: Document that human-readable names may be used for mapSendOptions and align documentation with channelSendOptions. Based on pull request #929 by archan0621. (markt) * Clustering * Fix: Correct a regression introduced in 11.0.11 that broke some clustering configurations. (markt) * Coyote * Fix: 69936: Fix bug in previous fix for Tomcat Native crashes on shutdown that triggered a significant memory leak. Patch provided by Wes. (markt) * Fix: Prevent concurrent release of OpenSSLEngine resources and the termination of the Tomcat Native library as it can cause crashes during Tomcat shutdown. (markt) * Fix: Improve warnings when setting ciphers lists in the FFM code, mirroring the tomcat-native changes. (remm) * Fix: 69910: Dereference TLS objects right after closing a socket to improve memory efficiency. (remm) * Fix: Relax the JSSE vs OpenSSL configuration style checks on SSLHostConfig to reflect the existing implementation that allows one configuration style to be used for the trust attributes and a different style for all the other attributes. (markt) * Fix: Better warning message when OpenSSLConf configuration elements are used with a JSSE TLS implementation. (markt) * Fix: When using OpenSSL via FFM, don't log a warning about missing CA certificates unless CA certificates were configured and the configuration failed. (markt) * Add: For configuration consistency between OpenSSL and JSSE TLS implementations, TLSv1.3 cipher suites included in the ciphers attribute of an SSLHostConfig are now always ignored (previously they would be ignored with OpenSSL implementations and used with JSSE implementations) and a warning is logged that the cipher suite has been ignored. (markt) * Add: Add the ciphersuite attribute to SSLHostConfig to configure the TLSv1.3 cipher suites. (markt) * Add: Add OCSP support to JSSE based TLS connectors and make the use of OCSP configurable per connector for both JSSE and OpenSSL based TLS implementations. Align the checks performed by OpenSSL with those performed by JSSE. (markt) * Add: Add support for soft failure of OCSP checks with soft failure support disabled by default. (markt) * Add: Add support for configuring the verification flags passed to OCSP_basic_verify when using an OpenSSL based TLS implementation. (markt) * Fix: Fix OpenSSL FFM code compatibility with LibreSSL versions below 3.5. * Fix: Don't log an incorrect certificate KeyStore location when creating a TLS connector if the KeyStore instance has been set directly on the connector. (markt) * Fix: HTTP/0.9 only allows GET as the HTTP method. (remm) * Add: Add strictSni attribute on the Connector to allow matching the SSLHostConfig configuration associated with the SNI host name to the SSLHostConfig configuration matched from the HTTP protocol host name. Non matching configurations will cause the request to be rejected. The attribute default value is true, enabling the matching. (remm) * Fix: Graceful failure for OCSP on BoringSSL in the FFM code. (remm) * Fix: 69866: Fix a memory leak when using a trust store with the OpenSSL provider. Pull request #912 by aogburn. (markt) * Fix: Fix potential crash on shutdown when a Connector depends on the Tomcat Native library. (markt) * Fix: Fix AJP message length check. Pull request #916 by Joshua Rogers. * Jasper * Fix: 69333: Correct a regression in the previous fix for 69333 and ensure that reuse() or release() is always called for a tag. (markt) * Fix: 69877: Catch IllegalArgumentException when processing URIs when creating the classpath to handle invalid URIs. (remm) * Fix: Fix populating the classpath with the webapp classloader repositories. (remm) * Fix: 69862: Avoid NPE unwrapping Servlet exception which would hide some exception details. Patch submitted by Eric Blanquer. (remm) * Jdbc-pool * Fix: 64083: If the underlying connection has been closed, don't add it to the pool when it is returned. Pull request #235 by Alex Panchenko. (markt) * Web applications * Fix: Manager: Fix abrupt truncation of the HTML and JSON complete server status output if one or more of the web applications failed to start. (schultz) * Add: Manager: Include web application state in the HTML and JSON complete server status output. (markt) * Add: Documentation: Expand the documentation to better explain when OCSP is supported and when it is not. (markt) * Websocket * Fix: 69920: When attempting to write to a closed Writer or OutputStream obtained from a WebSocket session, throw an IOException rather than an IllegalStateExcpetion as required by Writer and strongly suggested by OutputStream. (markt) * Other * Add: Add property "gpg.sign.files" to optionally disable release artefact signing with GPG. (rjung) * Add: Add test.silent property to suppress JUnit console output during test execution. Useful for cleaner console output when running tests with multiple threads. (csutherl) * Update: Update the internal fork of Commons Pool to 2.13.1. (markt) * Update: Update the internal fork of Commons DBCP to 2.14.0. (markt) * Update: Update Commons Daemon to 1.5.1. (markt) * Update: Update to the Eclipse JDT compiler 4.37. (markt) * Update: Update ByteBuddy to 1.18.3. (markt) * Update: Update UnboundID to 7.0.4. (markt) * Update: Update Checkstyle to 12.3.1. (markt) * Add: Improvements to French translations. (markt) * Add: Improvements to Japanese translations provided by tak7iji. (markt) * Add: Improvements to Chinese translations provided by Yang. vincent.h and yong hu. (markt) * Update: Update Tomcat Native to 2.0.12. (markt) * Add: Add test profile system for selective test execution. Profiles can be specified via -Dtest.profile= to run specific test subsets without using patterns directly. Profile patterns are defined in test- profiles.properties. (csutherl) * Update: Update file extension to media type mappings to align with the current list used by the Apache Web Server (httpd). (markt) * Update: Update the packaged version of the Tomcat Migration Tool for Jakarta EE to 1.0.10. (markt) * Update: Update Commons Daemon to 1.5.0. (markt) * Update: Update Byte Buddy to 1.18.2. (markt) * Update: Update Checkstyle to 12.2.0. (markt) * Add: Improvements to Spanish translations provided by White Vogel. (markt) * Add: Improvements to French translations. (remm) * Update: Update the internal fork of Apache Commons BCEL to 6.11.0. (markt) * Update: Update to Byte Buddy 1.17.8. (markt) * Update: Update to Checkstyle 12.1.1. (markt) * Update: Update to Jacoco 0.8.14. (markt) * Update: Update to SpotBugs 4.9.8. (markt) * Update: Update to JSign 7.4. (markt) * Update: Update Maven Resolver Ant Tasks to 1.6.0. (rjung) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-433=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * tomcat11-servlet-6_1-api-11.0.18-160000.1.1 * tomcat11-el-6_0-api-11.0.18-160000.1.1 * tomcat11-jsp-4_0-api-11.0.18-160000.1.1 * tomcat11-docs-webapp-11.0.18-160000.1.1 * tomcat11-webapps-11.0.18-160000.1.1 * tomcat11-11.0.18-160000.1.1 * tomcat11-jsvc-11.0.18-160000.1.1 * tomcat11-admin-webapps-11.0.18-160000.1.1 * tomcat11-doc-11.0.18-160000.1.1 * tomcat11-embed-11.0.18-160000.1.1 * tomcat11-lib-11.0.18-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-66614.html * https://www.suse.com/security/cve/CVE-2026-24733.html * https://www.suse.com/security/cve/CVE-2026-24734.html * https://bugzilla.suse.com/show_bug.cgi?id=1253460 * https://bugzilla.suse.com/show_bug.cgi?id=1258371 * https://bugzilla.suse.com/show_bug.cgi?id=1258385 * https://bugzilla.suse.com/show_bug.cgi?id=1258387 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:38:02 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:38:02 -0000 Subject: SUSE-SU-2026:20925-1: important: Security update for nghttp2 Message-ID: <177504708282.568.15226487872974136036@634a8d224e68> # Security update for nghttp2 Announcement ID: SUSE-SU-2026:20925-1 Release Date: 2026-03-24T12:30:27Z Rating: important References: * bsc#1259845 Cross-References: * CVE-2026-27135 CVSS scores: * CVE-2026-27135 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27135 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27135 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for nghttp2 fixes the following issue: * CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-432=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * libnghttp2-devel-1.64.0-160000.3.1 * libnghttp2-14-debuginfo-1.64.0-160000.3.1 * libnghttp2-14-1.64.0-160000.3.1 * nghttp2-1.64.0-160000.3.1 * nghttp2-debuginfo-1.64.0-160000.3.1 * nghttp2-debugsource-1.64.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27135.html * https://bugzilla.suse.com/show_bug.cgi?id=1259845 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:38:05 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:38:05 -0000 Subject: SUSE-RU-2026:20924-1: moderate: Recommended update for rust-keylime Message-ID: <177504708562.568.314542778960931668@634a8d224e68> # Recommended update for rust-keylime Announcement ID: SUSE-RU-2026:20924-1 Release Date: 2026-03-23T12:42:59Z Rating: moderate References: * bsc#1259963 Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that has one fix can now be installed. ## Description: This update for rust-keylime fixes the following issues: Changes in rust-keylime: * Suggests only the IMA policy package, and keep it as example (bsc#1259963) Update to version 0.2.9+8: * Remove generate-bindings feature from tss-esapi * Use port constants instead of hardcoded values in tests * push-attestation: Use registrar TLS port when TLS is enabled * dist: Make the services to conflict with each other * Bump version to 0.2.9 * cargo: Bump tracing_subscriber to version 0.3.20 * cargo: Bump time to version 0.3.47 * Update reqwest from 0.12 to 0.13 * auth: Load CA certificate in authentication client * packit: Add missing e2e tests * registrar: Rename insecure option to disable_tls * push-attestation: Drop self-signed mTLS certificate generation * config: Add missing config options to keylime-agent.conf * config: Add support for "default" in registrar_api_versions option * config: Add support for "default" in registrar_tls_ca_cert option * config: Drop unused config options and constants * push-attestation: Drop support for mTLS to registrar * push-attestation: Drop mTLS support and require PoP authentication * auth: Reuse existing ContextInfo to avoid duplicate TPM objects * resilient_client: Reauthenticate if a 403 error is received ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-425=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * rust-keylime-0.2.9+8-160000.1.1 * rust-keylime-debugsource-0.2.9+8-160000.1.1 * rust-keylime-debuginfo-0.2.9+8-160000.1.1 * keylime-ima-policy-0.2.9+8-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1259963 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:38:18 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:38:18 -0000 Subject: SUSE-SU-2026:20923-1: important: Security update for exiv2 Message-ID: <177504709884.568.7328192273403417250@634a8d224e68> # Security update for exiv2 Announcement ID: SUSE-SU-2026:20923-1 Release Date: 2026-03-23T09:44:37Z Rating: important References: * bsc#1219870 * bsc#1219871 * bsc#1227528 * bsc#1237347 * bsc#1248962 * bsc#1248963 * bsc#1259083 * bsc#1259084 * bsc#1259085 Cross-References: * CVE-2024-24826 * CVE-2024-25112 * CVE-2024-39695 * CVE-2025-26623 * CVE-2025-54080 * CVE-2025-55304 * CVE-2026-25884 * CVE-2026-27596 * CVE-2026-27631 CVSS scores: * CVE-2024-24826 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-24826 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2024-24826 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-25112 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-25112 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2024-25112 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-39695 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2024-39695 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2025-26623 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-26623 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-26623 ( NVD ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-54080 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-54080 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-54080 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-55304 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-55304 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-55304 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25884 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25884 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-25884 ( NVD ): 2.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25884 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-27596 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27596 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27596 ( NVD ): 2.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27596 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27631 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27631 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-27631 ( NVD ): 2.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27631 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves nine vulnerabilities can now be installed. ## Description: This update for exiv2 fixes the following issues: Update to exiv2 0.28.8: * CVE-2024-24826: out-of-bounds read in QuickTimeVideo: NikonTagsDecoder (bsc#1219870). * CVE-2024-25112: denial of service due to unbounded recursion in QuickTimeVideo: multipleEntriesDecoder (bsc#1219871). * CVE-2024-39695: out-of-bounds read in AsfVideo: streamProperties (bsc#1227528). * CVE-2025-26623: heap buffer overflow via writing metadata into a crafted image file (bsc#1237347). * CVE-2025-54080: out-of-bounds read in `Exiv2: EpsImage: writeMetadata()` when writing metadata into a crafted image file (bsc#1248962). * CVE-2025-55304: quadratic performance algorithm in the ICC profile parsing code of `JpegBase: readMetadata` (bsc#1248963). * CVE-2026-25884: out-of-bounds read in `CrwMap: decode0x0805` (bsc#1259083). * CVE-2026-27596: integer overflow in `LoaderNative: getData()` leads to out- of-bounds read (bsc#1259084). * CVE-2026-27631: crash due to uncaught exception when trying to create `std: vector` larger than `max_size()` (bsc#1259085). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-424=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * exiv2-debugsource-0.28.8-160000.1.1 * libexiv2-28-0.28.8-160000.1.1 * libexiv2-28-debuginfo-0.28.8-160000.1.1 * exiv2-debuginfo-0.28.8-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (x86_64) * libexiv2-28-x86-64-v3-0.28.8-160000.1.1 * libexiv2-28-x86-64-v3-debuginfo-0.28.8-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-24826.html * https://www.suse.com/security/cve/CVE-2024-25112.html * https://www.suse.com/security/cve/CVE-2024-39695.html * https://www.suse.com/security/cve/CVE-2025-26623.html * https://www.suse.com/security/cve/CVE-2025-54080.html * https://www.suse.com/security/cve/CVE-2025-55304.html * https://www.suse.com/security/cve/CVE-2026-25884.html * https://www.suse.com/security/cve/CVE-2026-27596.html * https://www.suse.com/security/cve/CVE-2026-27631.html * https://bugzilla.suse.com/show_bug.cgi?id=1219870 * https://bugzilla.suse.com/show_bug.cgi?id=1219871 * https://bugzilla.suse.com/show_bug.cgi?id=1227528 * https://bugzilla.suse.com/show_bug.cgi?id=1237347 * https://bugzilla.suse.com/show_bug.cgi?id=1248962 * https://bugzilla.suse.com/show_bug.cgi?id=1248963 * https://bugzilla.suse.com/show_bug.cgi?id=1259083 * https://bugzilla.suse.com/show_bug.cgi?id=1259084 * https://bugzilla.suse.com/show_bug.cgi?id=1259085 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:38:21 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:38:21 -0000 Subject: SUSE-SU-2026:20922-1: moderate: Security update for harfbuzz Message-ID: <177504710170.568.13356285706118340025@634a8d224e68> # Security update for harfbuzz Announcement ID: SUSE-SU-2026:20922-1 Release Date: 2026-03-20T15:26:24Z Rating: moderate References: * bsc#1256459 Cross-References: * CVE-2026-22693 CVSS scores: * CVE-2026-22693 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22693 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22693 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for harfbuzz fixes the following issues: Update to version 11.4.5: Security fixes: * CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create (bsc#1256459). Other fixes: * Bug fixes for ?AAT? shaping, and other shaping micro optimizations. * Fix a shaping regression affecting mark glyphs in certain fonts. * Fix pruning of mark filtering sets when subsetting fonts, which caused changes in shaping behaviour. * Make shaping fail much faster for certain malformed fonts (e.g., those that trigger infinite recursion). * Fix undefined behaviour introduced in 11.4.2. * Fix detection of the ?Cambria Math? font when fonts are scaled, so the workaround for the bad MATH table constant is applied. * Various performance and memory usage improvements. * The hb-shape command line tool can now be built with the amalgamated harfbuzz.cc source. * Fix regression in handling version 2 of avar table. * Increase various buffer length limits for better handling of fonts that generate huge number of glyphs per codepoint (e.g. Noto Sans Duployan). * Improvements to the harfrust shaper for more accurate testing. * Fix clang compiler warnings. * General shaping and subsetting speedups. * Fix in Graphite shaping backend when glyph advances became negative. * Subsetting improvements, pruning empty mark-attachment lookups. * Don't use the macro name _S, which is reserved by system liberaries. * Build fixes and speedup. * Add a kbts shaping backend that calls into the kb_text_shape single-header shaping library. This is purely for testing and performance evaluation and we do NOT recommend using it for any other purposes. * Fix bug in vertical shaping of fonts without the vmtx table. * Fix build with non-compliant C++11 compilers that don't recognize the "and" keyword. * Fix crasher in the glyph_v_origin function introduced in 11.3.0. * Speed up handling fonts with very large number of variations. * Speed up getting horizontal and vertical glyph advances by up to 24%. * Significantly speed up vertical text shaping. * Various documentation improvements. * Various build improvements. * Various subsetting improvements. * Various improvements to Rust font functions (fontations integration) and shaper (HarfRust integration). * Rename harfruzz option and shaper to harfrust following upstream rename. * Implement hb_face_reference_blob() for DirectWrite font functions. * Various build improvements. * Fix build with HB_NO_DRAW and HB_NO_PAINT. * Add an optional harfruzz shaper that uses HarfRuzz; an ongoing Rust port of HarfBuzz shaping. This shaper is mainly used for testing the output of the Rust implementation. * Fix regression that caused applying unsafe_to_break() to the whole buffer to be ignored. * Update USE data files. * Fix getting advances of out-of-rage glyph indices in DirectWrite font functions. * Painting of COLRv1 fonts without clip boxes is now about 10 times faster. * Synthetic bold/slant of a sub font is now respected, instead of using the parent?s. * Glyph extents for fonts synthetic bold/slant are now accurately calculated. * Various build fixes. * Include bidi mirroring variants of the requested codepoints when subsetting. The new HB_SUBSET_FLAGS_NO_BIDI_CLOSURE can be used to disable this behaviour. * Various bug fixes. * Various build fixes and improvements. * Various test suite improvements. * The change in version 10.3.0 to apply ?trak? table tracking values to glyph advances directly has been reverted as it required every font functions implementation to handle it, which breaks existing custom font functions. Tracking is instead back to being applied during shaping. * When directwrite integration is enabled, we now link to dwrite.dll instead of dynamically loading it. * A new experimental APIs for getting raw ?CFF? and ?CFF2? CharStrings. * We now provide manpages for the various command line utilities. Building manpages requires ?help2man? and will be skipped if it is not present. * The command line utilities now set different return value for different kinds of failures. Details are provided in the manpages. * Various fixes and improvements to fontations font functions. * All shaping operations using the ot shaper have become memory allocation- free. * Glyph extents returned by hb-ot and hb-ft font functions are now rounded in stead of flooring/ceiling them, which also matches what other font libraries do. * Fix ?AAT? deleted glyph marks interfering with fallback mark positioning. * Glyph outlines emboldening have been moved out of hb-ot and hb-ft font functions to the HarfBuzz font layer, so that it works with any font functions implementation. * Fix our fallback C++11 atomics integration, which seems to not be widely used. * Various testing fixes and improvements. * Various subsetting fixes and improvements. * Various other fixes and improvements. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-423=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * harfbuzz-debugsource-11.4.5-160000.1.1 * libharfbuzz-cairo0-debuginfo-11.4.5-160000.1.1 * harfbuzz-tools-11.4.5-160000.1.1 * libharfbuzz-subset0-debuginfo-11.4.5-160000.1.1 * libharfbuzz0-debuginfo-11.4.5-160000.1.1 * libharfbuzz-gobject0-debuginfo-11.4.5-160000.1.1 * libharfbuzz-icu0-11.4.5-160000.1.1 * typelib-1_0-HarfBuzz-0_0-11.4.5-160000.1.1 * libharfbuzz-icu0-debuginfo-11.4.5-160000.1.1 * libharfbuzz-gobject0-11.4.5-160000.1.1 * harfbuzz-tools-debuginfo-11.4.5-160000.1.1 * libharfbuzz0-11.4.5-160000.1.1 * libharfbuzz-cairo0-11.4.5-160000.1.1 * harfbuzz-devel-11.4.5-160000.1.1 * libharfbuzz-subset0-11.4.5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-22693.html * https://bugzilla.suse.com/show_bug.cgi?id=1256459 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:38:42 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:38:42 -0000 Subject: SUSE-SU-2026:20921-1: important: Security update for postgresql18 Message-ID: <177504712207.568.8294443706921040138@634a8d224e68> # Security update for postgresql18 Announcement ID: SUSE-SU-2026:20921-1 Release Date: 2026-03-20T14:50:43Z Rating: important References: * bsc#1258008 * bsc#1258009 * bsc#1258010 * bsc#1258011 * bsc#1258012 * bsc#1258754 Cross-References: * CVE-2026-2003 * CVE-2026-2004 * CVE-2026-2005 * CVE-2026-2006 * CVE-2026-2007 CVSS scores: * CVE-2026-2003 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2003 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2004 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2004 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2005 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2005 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2006 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2006 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2007 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-2007 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves five vulnerabilities and has one fix can now be installed. ## Description: This update for postgresql18 fixes the following issues: * Update to version 18.3. (bsc#1258754) * CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector (bsc#1258008) * CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. (bsc#1258009) * CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. (bsc#1258010) * CVE-2026-2006: Fix inadequate validation of multibyte character lengths. (bsc#1258011) * CVE-2026-2007: Harden contrib/pg_trgm against changes in string lowercasing behavior. (bsc#1258012) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-422=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * postgresql18-server-18.3-160000.1.1 * postgresql18-debuginfo-18.3-160000.1.1 * libpq5-debuginfo-18.3-160000.1.1 * postgresql18-server-debuginfo-18.3-160000.1.1 * postgresql18-server-devel-18.3-160000.1.1 * postgresql18-plperl-18.3-160000.1.1 * postgresql18-18.3-160000.1.1 * postgresql18-plpython-debuginfo-18.3-160000.1.1 * postgresql18-contrib-18.3-160000.1.1 * postgresql18-contrib-debuginfo-18.3-160000.1.1 * libecpg6-debuginfo-18.3-160000.1.1 * libecpg6-18.3-160000.1.1 * postgresql18-devel-18.3-160000.1.1 * postgresql18-pltcl-18.3-160000.1.1 * postgresql18-debugsource-18.3-160000.1.1 * postgresql18-devel-debuginfo-18.3-160000.1.1 * postgresql18-pltcl-debuginfo-18.3-160000.1.1 * libpq5-18.3-160000.1.1 * postgresql18-plpython-18.3-160000.1.1 * postgresql18-plperl-debuginfo-18.3-160000.1.1 * postgresql18-server-devel-debuginfo-18.3-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * postgresql18-docs-18.3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2003.html * https://www.suse.com/security/cve/CVE-2026-2004.html * https://www.suse.com/security/cve/CVE-2026-2005.html * https://www.suse.com/security/cve/CVE-2026-2006.html * https://www.suse.com/security/cve/CVE-2026-2007.html * https://bugzilla.suse.com/show_bug.cgi?id=1258008 * https://bugzilla.suse.com/show_bug.cgi?id=1258009 * https://bugzilla.suse.com/show_bug.cgi?id=1258010 * https://bugzilla.suse.com/show_bug.cgi?id=1258011 * https://bugzilla.suse.com/show_bug.cgi?id=1258012 * https://bugzilla.suse.com/show_bug.cgi?id=1258754 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:38:46 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:38:46 -0000 Subject: SUSE-SU-2026:20920-1: moderate: Security update for python-orjson Message-ID: <177504712659.568.10318143760981783664@634a8d224e68> # Security update for python-orjson Announcement ID: SUSE-SU-2026:20920-1 Release Date: 2026-03-20T12:07:21Z Rating: moderate References: * bsc#1257121 Cross-References: * CVE-2025-67221 CVSS scores: * CVE-2025-67221 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67221 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67221 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-orjson fixes the following issues: * CVE-2025-67221: Fixed write outsize of allocated memory on json dump (bsc#1257121). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-421=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * python313-orjson-3.10.15-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67221.html * https://bugzilla.suse.com/show_bug.cgi?id=1257121 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:38:50 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:38:50 -0000 Subject: SUSE-SU-2026:20919-1: important: Security update for python-tornado6 Message-ID: <177504713060.568.15248080696515573945@634a8d224e68> # Security update for python-tornado6 Announcement ID: SUSE-SU-2026:20919-1 Release Date: 2026-03-20T10:53:33Z Rating: important References: * bsc#1259553 * bsc#1259630 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for python-tornado6 fixes the following issues: * CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553). * incomplete validation of cookie attributes allows for injection of user- controlled values in other cookie attributes (bsc#1259630). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-420=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * python313-tornado6-debuginfo-6.5-160000.4.1 * python313-tornado6-6.5-160000.4.1 * python-tornado6-debugsource-6.5-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1259553 * https://bugzilla.suse.com/show_bug.cgi?id=1259630 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:38:57 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:38:57 -0000 Subject: SUSE-SU-2026:20918-1: important: Security update for curl Message-ID: <177504713771.568.11790614732559385860@634a8d224e68> # Security update for curl Announcement ID: SUSE-SU-2026:20918-1 Release Date: 2026-03-20T09:36:45Z Rating: important References: * bsc#1259362 * bsc#1259363 * bsc#1259364 * bsc#1259365 Cross-References: * CVE-2026-1965 * CVE-2026-3783 * CVE-2026-3784 * CVE-2026-3805 CVSS scores: * CVE-2026-1965 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N * CVE-2026-1965 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2026-1965 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-3783 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-3783 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-3783 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-3784 ( SUSE ): 1.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N * CVE-2026-3784 ( SUSE ): 4.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N * CVE-2026-3784 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3805 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-3805 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-3805 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues: * CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362). * CVE-2026-3783: token leak with redirect and netrc (bsc#1259363). * CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364). * CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-418=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * curl-debugsource-8.14.1-160000.5.1 * libcurl4-8.14.1-160000.5.1 * curl-mini-debugsource-8.14.1-160000.5.1 * curl-debuginfo-8.14.1-160000.5.1 * libcurl4-debuginfo-8.14.1-160000.5.1 * curl-8.14.1-160000.5.1 * libcurl-devel-8.14.1-160000.5.1 * libcurl-mini4-debuginfo-8.14.1-160000.5.1 * libcurl-mini4-8.14.1-160000.5.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * curl-zsh-completion-8.14.1-160000.5.1 * libcurl-devel-doc-8.14.1-160000.5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1965.html * https://www.suse.com/security/cve/CVE-2026-3783.html * https://www.suse.com/security/cve/CVE-2026-3784.html * https://www.suse.com/security/cve/CVE-2026-3805.html * https://bugzilla.suse.com/show_bug.cgi?id=1259362 * https://bugzilla.suse.com/show_bug.cgi?id=1259363 * https://bugzilla.suse.com/show_bug.cgi?id=1259364 * https://bugzilla.suse.com/show_bug.cgi?id=1259365 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:39:23 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:39:23 -0000 Subject: SUSE-SU-2026:20917-1: important: Security update for ImageMagick Message-ID: <177504716367.568.578658658730570434@634a8d224e68> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:20917-1 Release Date: 2026-03-20T09:31:54Z Rating: important References: * bsc#1258790 * bsc#1259446 * bsc#1259447 * bsc#1259448 * bsc#1259450 * bsc#1259451 * bsc#1259452 * bsc#1259455 * bsc#1259456 * bsc#1259457 * bsc#1259463 * bsc#1259464 * bsc#1259466 * bsc#1259467 * bsc#1259468 * bsc#1259469 * bsc#1259497 * bsc#1259528 Cross-References: * CVE-2026-24484 * CVE-2026-28493 * CVE-2026-28494 * CVE-2026-28686 * CVE-2026-28687 * CVE-2026-28688 * CVE-2026-28689 * CVE-2026-28690 * CVE-2026-28691 * CVE-2026-28692 * CVE-2026-28693 * CVE-2026-30883 * CVE-2026-30929 * CVE-2026-30931 * CVE-2026-30935 * CVE-2026-30936 * CVE-2026-30937 * CVE-2026-31853 CVSS scores: * CVE-2026-24484 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28493 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28493 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28493 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28494 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28494 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28494 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-28686 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28686 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28686 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28687 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28687 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28687 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28688 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28688 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28689 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-28689 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28689 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28690 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28690 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28690 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H * CVE-2026-28690 ( NVD ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H * CVE-2026-28691 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28691 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28691 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28692 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28692 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-28692 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-28693 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28693 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28693 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30883 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30883 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30883 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30883 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30929 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30929 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30929 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-30929 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30931 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30931 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30931 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30931 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30935 ( SUSE ): 4.8 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-30935 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-30935 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-30936 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-30936 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-30936 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-30937 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30937 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31853 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-31853 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves 18 vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790). * CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write (bsc#1259446). * CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow (bsc#1259447). * CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow (bsc#1259448). * CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450). * CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451). * CVE-2026-28689: `domain="path"` authorization is checked before final file open/use and allows for read/write bypass via symlink swaps (bsc#1259452). * CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456). * CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference (bsc#1259455). * CVE-2026-28692: 32-bit integer overflow in MAT decoder can lead to a heap buffer over-read (bsc#1259457). * CVE-2026-28693: integer overflow in the DIB coder can lead to an out-of- bounds read or write (bsc#1259466). * CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467). * CVE-2026-30929: improper use of fixed-size stack buffer in `MagnifyImage`can lead to a stack buffer overflow (bsc#1259468). * CVE-2026-30931: value truncation in the UHDR encoder can lead to a heap buffer overflow (bsc#1259469). * CVE-2026-30935: heap-based buffer over-read in BilateralBlurImage (bsc#1259497). * CVE-2026-30936: heap Buffer Overflow in WaveletDenoiseImage (bsc#1259464). * CVE-2026-30937: heap buffer overflow in XWD encoder due to CARD32 arithmetic overflow (bsc#1259463). * CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit systems when processing extremely large images (bsc#1259528). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-419=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * libMagick++-devel-7.1.2.0-160000.7.1 * perl-PerlMagick-7.1.2.0-160000.7.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.2.0-160000.7.1 * ImageMagick-extra-7.1.2.0-160000.7.1 * ImageMagick-debugsource-7.1.2.0-160000.7.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.2.0-160000.7.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.2.0-160000.7.1 * libMagickWand-7_Q16HDRI10-7.1.2.0-160000.7.1 * perl-PerlMagick-debuginfo-7.1.2.0-160000.7.1 * ImageMagick-extra-debuginfo-7.1.2.0-160000.7.1 * libMagickCore-7_Q16HDRI10-7.1.2.0-160000.7.1 * libMagick++-7_Q16HDRI5-7.1.2.0-160000.7.1 * ImageMagick-7.1.2.0-160000.7.1 * ImageMagick-devel-7.1.2.0-160000.7.1 * ImageMagick-debuginfo-7.1.2.0-160000.7.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * ImageMagick-config-7-upstream-open-7.1.2.0-160000.7.1 * ImageMagick-config-7-upstream-limited-7.1.2.0-160000.7.1 * ImageMagick-config-7-upstream-secure-7.1.2.0-160000.7.1 * ImageMagick-config-7-upstream-websafe-7.1.2.0-160000.7.1 * ImageMagick-config-7-SUSE-7.1.2.0-160000.7.1 * ImageMagick-doc-7.1.2.0-160000.7.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24484.html * https://www.suse.com/security/cve/CVE-2026-28493.html * https://www.suse.com/security/cve/CVE-2026-28494.html * https://www.suse.com/security/cve/CVE-2026-28686.html * https://www.suse.com/security/cve/CVE-2026-28687.html * https://www.suse.com/security/cve/CVE-2026-28688.html * https://www.suse.com/security/cve/CVE-2026-28689.html * https://www.suse.com/security/cve/CVE-2026-28690.html * https://www.suse.com/security/cve/CVE-2026-28691.html * https://www.suse.com/security/cve/CVE-2026-28692.html * https://www.suse.com/security/cve/CVE-2026-28693.html * https://www.suse.com/security/cve/CVE-2026-30883.html * https://www.suse.com/security/cve/CVE-2026-30929.html * https://www.suse.com/security/cve/CVE-2026-30931.html * https://www.suse.com/security/cve/CVE-2026-30935.html * https://www.suse.com/security/cve/CVE-2026-30936.html * https://www.suse.com/security/cve/CVE-2026-30937.html * https://www.suse.com/security/cve/CVE-2026-31853.html * https://bugzilla.suse.com/show_bug.cgi?id=1258790 * https://bugzilla.suse.com/show_bug.cgi?id=1259446 * https://bugzilla.suse.com/show_bug.cgi?id=1259447 * https://bugzilla.suse.com/show_bug.cgi?id=1259448 * https://bugzilla.suse.com/show_bug.cgi?id=1259450 * https://bugzilla.suse.com/show_bug.cgi?id=1259451 * https://bugzilla.suse.com/show_bug.cgi?id=1259452 * https://bugzilla.suse.com/show_bug.cgi?id=1259455 * https://bugzilla.suse.com/show_bug.cgi?id=1259456 * https://bugzilla.suse.com/show_bug.cgi?id=1259457 * https://bugzilla.suse.com/show_bug.cgi?id=1259463 * https://bugzilla.suse.com/show_bug.cgi?id=1259464 * https://bugzilla.suse.com/show_bug.cgi?id=1259466 * https://bugzilla.suse.com/show_bug.cgi?id=1259467 * https://bugzilla.suse.com/show_bug.cgi?id=1259468 * https://bugzilla.suse.com/show_bug.cgi?id=1259469 * https://bugzilla.suse.com/show_bug.cgi?id=1259497 * https://bugzilla.suse.com/show_bug.cgi?id=1259528 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:39:29 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:39:29 -0000 Subject: SUSE-SU-2026:20916-1: important: Security update for vim Message-ID: <177504716953.568.10951663503644647387@634a8d224e68> # Security update for vim Announcement ID: SUSE-SU-2026:20916-1 Release Date: 2026-03-20T03:15:00Z Rating: important References: * bsc#1246602 * bsc#1258229 * bsc#1259051 Cross-References: * CVE-2025-53906 * CVE-2026-26269 * CVE-2026-28417 CVSS scores: * CVE-2025-53906 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L * CVE-2025-53906 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L * CVE-2025-53906 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L * CVE-2026-26269 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2026-26269 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26269 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2026-28417 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-28417 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-28417 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-28417 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * Update Vim to version 9.2.0110 that includes security fixes for: * CVE-2026-28417: crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051). * CVE-2026-26269: stack buffer overflow in Vim's NetBeans integration when processing the specialKeys command (bsc#1258229). * CVE-2025-53906: path traversal in Vim's zip.vim plugin (bsc#1246602). * Other changes: * Add wayland-client to BuildRequires and enable Wayland support. * Add Wayland include path to CFLAGS to fix clipboard compilation. * Package new Swedish (sv) man pages and clean up duplicate encodings (sv.ISO8859-1 and sv.UTF-8). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-417=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * vim-debuginfo-9.2.0110-160000.1.1 * vim-debugsource-9.2.0110-160000.1.1 * vim-9.2.0110-160000.1.1 * vim-small-debuginfo-9.2.0110-160000.1.1 * xxd-9.2.0110-160000.1.1 * xxd-debuginfo-9.2.0110-160000.1.1 * gvim-debuginfo-9.2.0110-160000.1.1 * vim-small-9.2.0110-160000.1.1 * gvim-9.2.0110-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * vim-data-common-9.2.0110-160000.1.1 * vim-data-9.2.0110-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-53906.html * https://www.suse.com/security/cve/CVE-2026-26269.html * https://www.suse.com/security/cve/CVE-2026-28417.html * https://bugzilla.suse.com/show_bug.cgi?id=1246602 * https://bugzilla.suse.com/show_bug.cgi?id=1258229 * https://bugzilla.suse.com/show_bug.cgi?id=1259051 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:39:34 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:39:34 -0000 Subject: SUSE-SU-2026:20915-1: important: Security update for gstreamer-plugins-ugly Message-ID: <177504717409.568.8075678712806457058@634a8d224e68> # Security update for gstreamer-plugins-ugly Announcement ID: SUSE-SU-2026:20915-1 Release Date: 2026-03-19T13:48:14Z Rating: important References: * bsc#1259367 * bsc#1259370 Cross-References: * CVE-2026-2920 * CVE-2026-2922 CVSS scores: * CVE-2026-2920 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-2920 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-2922 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-2922 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-ugly fixes the following issues: * CVE-2026-2920: GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability (bsc#1259367). * CVE-2026-2922: GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability (bsc#1259370). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-416=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * gstreamer-plugins-ugly-debugsource-1.26.7-160000.2.1 * gstreamer-plugins-ugly-1.26.7-160000.2.1 * gstreamer-plugins-ugly-debuginfo-1.26.7-160000.2.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * gstreamer-plugins-ugly-lang-1.26.7-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2920.html * https://www.suse.com/security/cve/CVE-2026-2922.html * https://bugzilla.suse.com/show_bug.cgi?id=1259367 * https://bugzilla.suse.com/show_bug.cgi?id=1259370 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:39:35 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:39:35 -0000 Subject: SUSE-RU-2026:20914-1: moderate: Recommended update for hwinfo Message-ID: <177504717550.568.13770437717768789588@634a8d224e68> # Recommended update for hwinfo Announcement ID: SUSE-RU-2026:20914-1 Release Date: 2026-03-19T09:22:25Z Rating: moderate References: * jsc#PED-14832 Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that contains one feature can now be installed. ## Description: This update for hwinfo fixes the following issues: * upgrade to version 25.1 * include package spec file in git repo * adjust spec file for immutable mode: switch to using systemd-tmpfiles (jsc#PED-14832) * update git2log script ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-414=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * libhd25-25.1-160000.1.1 * libhd25-debuginfo-25.1-160000.1.1 * hwinfo-devel-debuginfo-25.1-160000.1.1 * hwinfo-debuginfo-25.1-160000.1.1 * hwinfo-devel-25.1-160000.1.1 * hwinfo-debugsource-25.1-160000.1.1 * hwinfo-25.1-160000.1.1 ## References: * https://jira.suse.com/browse/PED-14832 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:39:39 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:39:39 -0000 Subject: SUSE-SU-2026:20913-1: moderate: Security update for libsodium Message-ID: <177504717975.568.9536752707733473956@634a8d224e68> # Security update for libsodium Announcement ID: SUSE-SU-2026:20913-1 Release Date: 2026-03-19T08:18:59Z Rating: moderate References: * bsc#1256070 Cross-References: * CVE-2025-15444 CVSS scores: * CVE-2025-15444 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-15444 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for libsodium fixes the following issues: * CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-413=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * libsodium26-1.0.20-160000.3.1 * libsodium-debugsource-1.0.20-160000.3.1 * libsodium26-debuginfo-1.0.20-160000.3.1 * libsodium-devel-1.0.20-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-15444.html * https://bugzilla.suse.com/show_bug.cgi?id=1256070 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:39:42 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:39:42 -0000 Subject: SUSE-SU-2026:20912-1: critical: Security update for keylime Message-ID: <177504718246.568.8834133870457014854@634a8d224e68> # Security update for keylime Announcement ID: SUSE-SU-2026:20912-1 Release Date: 2026-03-19T08:18:59Z Rating: critical References: * bsc#1257895 * jsc#PED-14735 Cross-References: * CVE-2026-1709 CVSS scores: * CVE-2026-1709 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-1709 ( SUSE ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H * CVE-2026-1709 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H * CVE-2026-1709 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for keylime fixes the following issues: * Update to version 7.14.0+0 (CVE-2026-1709, bsc#1257895): * CVE-2026-1709: Fixed an authentication bypass which may allow unauthorized administrative operations due to missing client-side TLS authentication. (bsc#1257895) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-412=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * keylime-logrotate-7.14.0+0-160000.1.1 * keylime-registrar-7.14.0+0-160000.1.1 * keylime-firewalld-7.14.0+0-160000.1.1 * keylime-verifier-7.14.0+0-160000.1.1 * keylime-tpm_cert_store-7.14.0+0-160000.1.1 * keylime-tenant-7.14.0+0-160000.1.1 * python313-keylime-7.14.0+0-160000.1.1 * keylime-config-7.14.0+0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1709.html * https://bugzilla.suse.com/show_bug.cgi?id=1257895 * https://jira.suse.com/browse/PED-14735 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:39:49 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:39:49 -0000 Subject: SUSE-SU-2026:20911-1: moderate: Security update for poppler Message-ID: <177504718981.568.6138054599405492664@634a8d224e68> # Security update for poppler Announcement ID: SUSE-SU-2026:20911-1 Release Date: 2026-03-19T08:11:15Z Rating: moderate References: * bsc#1252337 Cross-References: * CVE-2025-11896 CVSS scores: * CVE-2025-11896 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-11896 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-11896 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2025-11896: infinite recursion leading to stack overflow due to object loop in PDF CMap (bsc#1252337). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-411=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * libpoppler148-debuginfo-25.04.0-160000.4.1 * poppler-debugsource-25.04.0-160000.4.1 * libpoppler-glib8-debuginfo-25.04.0-160000.4.1 * typelib-1_0-Poppler-0_18-25.04.0-160000.4.1 * libpoppler-cpp2-25.04.0-160000.4.1 * libpoppler-qt6-devel-25.04.0-160000.4.1 * libpoppler-glib8-25.04.0-160000.4.1 * libpoppler-qt6-3-debuginfo-25.04.0-160000.4.1 * libpoppler-devel-25.04.0-160000.4.1 * libpoppler-qt6-3-25.04.0-160000.4.1 * libpoppler-cpp2-debuginfo-25.04.0-160000.4.1 * libpoppler148-25.04.0-160000.4.1 * poppler-tools-25.04.0-160000.4.1 * poppler-qt6-debugsource-25.04.0-160000.4.1 * poppler-tools-debuginfo-25.04.0-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11896.html * https://bugzilla.suse.com/show_bug.cgi?id=1252337 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:39:56 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:39:56 -0000 Subject: SUSE-SU-2026:20910-1: moderate: Security update for librsvg Message-ID: <177504719610.568.10698236145791996367@634a8d224e68> # Security update for librsvg Announcement ID: SUSE-SU-2026:20910-1 Release Date: 2026-03-19T08:11:15Z Rating: moderate References: * bsc#1229376 * bsc#1229950 * bsc#1243867 Cross-References: * CVE-2024-12224 * CVE-2024-43806 CVSS scores: * CVE-2024-12224 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-12224 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-12224 ( NVD ): 5.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-43806 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for librsvg fixes the following issues: Update to version 2.60.2: * CVE-2024-12224: Fixed idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243867). * CVE-2024-43806: Fixed memory explosion in rustix (bsc#1229950). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-410=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * librsvg-2-2-debuginfo-2.60.2-160000.1.1 * librsvg-2-2-2.60.2-160000.1.1 * typelib-1_0-Rsvg-2_0-2.60.2-160000.1.1 * gdk-pixbuf-loader-rsvg-2.60.2-160000.1.1 * rsvg-convert-2.60.2-160000.1.1 * librsvg-devel-2.60.2-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * rsvg-thumbnailer-2.60.2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-12224.html * https://www.suse.com/security/cve/CVE-2024-43806.html * https://bugzilla.suse.com/show_bug.cgi?id=1229376 * https://bugzilla.suse.com/show_bug.cgi?id=1229950 * https://bugzilla.suse.com/show_bug.cgi?id=1243867 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:40:05 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:40:05 -0000 Subject: SUSE-RU-2026:20909-1: moderate: Recommended update for go Message-ID: <177504720573.568.10702276704898984361@634a8d224e68> # Recommended update for go Announcement ID: SUSE-RU-2026:20909-1 Release Date: 2026-03-18T23:16:07Z Rating: moderate References: * bsc#1244485 Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that has one fix can now be installed. ## Description: This update for go fixes the following issues: Changes in go: * Update to current stable go1.25 (boo#1244485) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-409=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * go-race-1.25-160000.1.1 * go-1.25-160000.1.1 * go-doc-1.25-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1244485 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:40:10 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:40:10 -0000 Subject: SUSE-RU-2026:20908-1: important: Recommended update for gcc15 Message-ID: <177504721065.568.3840508717782845463@634a8d224e68> # Recommended update for gcc15 Announcement ID: SUSE-RU-2026:20908-1 Release Date: 2026-03-18T22:55:39Z Rating: important References: * bsc#1257463 Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that has one fix can now be installed. ## Description: This update for gcc15 fixes the following issues: Changes in gcc15: * Fixed bogus expression simplification (bsc#1257463) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-407=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * libstdc++6-devel-gcc15-15.2.0+git10201-160000.2.1 * libgccjit0-devel-gcc15-15.2.0+git10201-160000.2.1 * liblsan0-debuginfo-15.2.0+git10201-160000.2.1 * libubsan1-15.2.0+git10201-160000.2.1 * libgomp1-15.2.0+git10201-160000.2.1 * libtsan2-15.2.0+git10201-160000.2.1 * cpp15-15.2.0+git10201-160000.2.1 * libatomic1-15.2.0+git10201-160000.2.1 * libgfortran5-debuginfo-15.2.0+git10201-160000.2.1 * libgcc_s1-debuginfo-15.2.0+git10201-160000.2.1 * libtsan2-debuginfo-15.2.0+git10201-160000.2.1 * libasan8-15.2.0+git10201-160000.2.1 * libitm1-debuginfo-15.2.0+git10201-160000.2.1 * gcc15-PIE-15.2.0+git10201-160000.2.1 * libstdc++6-15.2.0+git10201-160000.2.1 * libitm1-15.2.0+git10201-160000.2.1 * libasan8-debuginfo-15.2.0+git10201-160000.2.1 * libgccjit0-15.2.0+git10201-160000.2.1 * gcc15-c++-debuginfo-15.2.0+git10201-160000.2.1 * libubsan1-debuginfo-15.2.0+git10201-160000.2.1 * gcc15-debugsource-15.2.0+git10201-160000.2.1 * libgfortran5-15.2.0+git10201-160000.2.1 * gcc15-fortran-15.2.0+git10201-160000.2.1 * libatomic1-debuginfo-15.2.0+git10201-160000.2.1 * gcc15-locale-15.2.0+git10201-160000.2.1 * gcc15-15.2.0+git10201-160000.2.1 * libgomp1-debuginfo-15.2.0+git10201-160000.2.1 * liblsan0-15.2.0+git10201-160000.2.1 * libstdc++6-locale-15.2.0+git10201-160000.2.1 * cpp15-debuginfo-15.2.0+git10201-160000.2.1 * libobjc4-debuginfo-15.2.0+git10201-160000.2.1 * libstdc++6-pp-15.2.0+git10201-160000.2.1 * libgccjit0-debuginfo-15.2.0+git10201-160000.2.1 * libstdc++6-debuginfo-15.2.0+git10201-160000.2.1 * gcc15-debuginfo-15.2.0+git10201-160000.2.1 * gcc15-fortran-debuginfo-15.2.0+git10201-160000.2.1 * libobjc4-15.2.0+git10201-160000.2.1 * gcc15-c++-15.2.0+git10201-160000.2.1 * libgcc_s1-15.2.0+git10201-160000.2.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * gcc15-info-15.2.0+git10201-160000.2.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 x86_64) * libhwasan0-15.2.0+git10201-160000.2.1 * libhwasan0-debuginfo-15.2.0+git10201-160000.2.1 * SUSE Linux Enterprise Server - BCI 16.0 (ppc64le x86_64) * libquadmath0-15.2.0+git10201-160000.2.1 * libquadmath0-debuginfo-15.2.0+git10201-160000.2.1 * libquadmath0-devel-gcc15-15.2.0+git10201-160000.2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1257463 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:40:21 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:40:21 -0000 Subject: SUSE-SU-2026:20907-1: moderate: Security update for protobuf Message-ID: <177504722138.568.3223581156202787409@634a8d224e68> # Security update for protobuf Announcement ID: SUSE-SU-2026:20907-1 Release Date: 2026-03-18T18:15:53Z Rating: moderate References: * bsc#1244663 * bsc#1244918 * bsc#1257173 Cross-References: * CVE-2025-4565 * CVE-2026-0994 CVSS scores: * CVE-2025-4565 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-4565 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-4565 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-4565 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-0994 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-0994 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-0994 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for protobuf fixes the following issues: Security fixes: * CVE-2025-4565: Fixed parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that could lead to crash due to RecursionError (bsc#1244663). * CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173). Other fixes: * Fixed import issues of reverse-dependency packages within the google namespace (bsc#1244918). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-408=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * protobuf-devel-28.3-160000.3.1 * libutf8_range-28_3_0-28.3-160000.3.1 * protobuf-devel-debuginfo-28.3-160000.3.1 * libprotobuf28_3_0-28.3-160000.3.1 * libprotobuf-lite28_3_0-debuginfo-28.3-160000.3.1 * libprotobuf28_3_0-debuginfo-28.3-160000.3.1 * libprotoc28_3_0-28.3-160000.3.1 * libutf8_range-28_3_0-debuginfo-28.3-160000.3.1 * python313-protobuf-debuginfo-5.28.3-160000.3.1 * libprotobuf-lite28_3_0-28.3-160000.3.1 * python313-protobuf-5.28.3-160000.3.1 * protobuf-debugsource-28.3-160000.3.1 * python-protobuf-debugsource-5.28.3-160000.3.1 * libprotoc28_3_0-debuginfo-28.3-160000.3.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * protobuf-java-28.3-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-4565.html * https://www.suse.com/security/cve/CVE-2026-0994.html * https://bugzilla.suse.com/show_bug.cgi?id=1244663 * https://bugzilla.suse.com/show_bug.cgi?id=1244918 * https://bugzilla.suse.com/show_bug.cgi?id=1257173 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:40:32 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:40:32 -0000 Subject: SUSE-SU-2026:20906-1: important: Security update for postgresql17 Message-ID: <177504723215.568.8613017104904504418@634a8d224e68> # Security update for postgresql17 Announcement ID: SUSE-SU-2026:20906-1 Release Date: 2026-03-18T15:31:19Z Rating: important References: * bsc#1258008 * bsc#1258009 * bsc#1258010 * bsc#1258011 * bsc#1258754 Cross-References: * CVE-2026-2003 * CVE-2026-2004 * CVE-2026-2005 * CVE-2026-2006 CVSS scores: * CVE-2026-2003 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2003 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2004 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2004 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2005 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2005 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2006 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2006 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves four vulnerabilities and has one fix can now be installed. ## Description: This update for postgresql17 fixes the following issues: * Update to version 17.9. (bsc#1258754) * CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector (bsc#1258008) * CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. (bsc#1258009) * CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. (bsc#1258010) * CVE-2026-2006: Fix inadequate validation of multibyte character lengths. (bsc#1258011) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-406=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * postgresql17-debugsource-17.9-160000.1.1 * postgresql17-plpython-debuginfo-17.9-160000.1.1 * postgresql17-server-debuginfo-17.9-160000.1.1 * postgresql17-plperl-debuginfo-17.9-160000.1.1 * postgresql17-plperl-17.9-160000.1.1 * postgresql17-devel-17.9-160000.1.1 * postgresql17-pltcl-debuginfo-17.9-160000.1.1 * postgresql17-contrib-17.9-160000.1.1 * postgresql17-pltcl-17.9-160000.1.1 * postgresql17-contrib-debuginfo-17.9-160000.1.1 * postgresql17-debuginfo-17.9-160000.1.1 * postgresql17-plpython-17.9-160000.1.1 * postgresql17-server-17.9-160000.1.1 * postgresql17-server-devel-debuginfo-17.9-160000.1.1 * postgresql17-devel-debuginfo-17.9-160000.1.1 * postgresql17-server-devel-17.9-160000.1.1 * postgresql17-17.9-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * postgresql17-docs-17.9-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2003.html * https://www.suse.com/security/cve/CVE-2026-2004.html * https://www.suse.com/security/cve/CVE-2026-2005.html * https://www.suse.com/security/cve/CVE-2026-2006.html * https://bugzilla.suse.com/show_bug.cgi?id=1258008 * https://bugzilla.suse.com/show_bug.cgi?id=1258009 * https://bugzilla.suse.com/show_bug.cgi?id=1258010 * https://bugzilla.suse.com/show_bug.cgi?id=1258011 * https://bugzilla.suse.com/show_bug.cgi?id=1258754 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:40:36 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:40:36 -0000 Subject: SUSE-SU-2026:20905-1: important: Security update for busybox Message-ID: <177504723697.568.13923789292231923444@634a8d224e68> # Security update for busybox Announcement ID: SUSE-SU-2026:20905-1 Release Date: 2026-03-18T15:29:19Z Rating: important References: * bsc#1258163 * bsc#1258167 * jsc#PED-13039 Cross-References: * CVE-2026-26157 * CVE-2026-26158 CVSS scores: * CVE-2026-26157 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26157 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26157 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26158 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26158 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26158 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for busybox fixes the following issues: Changes in busybox: * CVE-2026-26157: Fixed arbitrary file overwrite and potential code execution via incomplete path sanitization. (bsc#1258163) * CVE-2026-26158: Fixed arbitrary file modification and privilege escalation via unvalidated tar archive entries. (bsc#1258167) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-405=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * busybox-static-1.37.0-160000.5.1 * busybox-debugsource-1.37.0-160000.5.1 * busybox-static-debuginfo-1.37.0-160000.5.1 * busybox-1.37.0-160000.5.1 * busybox-debuginfo-1.37.0-160000.5.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 x86_64) * busybox-warewulf3-debuginfo-1.37.0-160000.5.1 * busybox-warewulf3-1.37.0-160000.5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26157.html * https://www.suse.com/security/cve/CVE-2026-26158.html * https://bugzilla.suse.com/show_bug.cgi?id=1258163 * https://bugzilla.suse.com/show_bug.cgi?id=1258167 * https://jira.suse.com/browse/PED-13039 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:40:58 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:40:58 -0000 Subject: SUSE-SU-2026:20904-1: moderate: Security update for cosign Message-ID: <177504725820.568.10882181604080438120@634a8d224e68> # Security update for cosign Announcement ID: SUSE-SU-2026:20904-1 Release Date: 2026-03-18T11:29:30Z Rating: moderate References: * bsc#1250620 * bsc#1253913 * bsc#1256496 * bsc#1256562 * bsc#1257080 * bsc#1257085 * bsc#1257139 * bsc#1258542 * bsc#1258612 Cross-References: * CVE-2025-11065 * CVE-2025-58181 * CVE-2026-22703 * CVE-2026-22772 * CVE-2026-23991 * CVE-2026-23992 * CVE-2026-24122 * CVE-2026-24137 * CVE-2026-26958 CVSS scores: * CVE-2025-11065 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-11065 ( SUSE ): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N * CVE-2025-11065 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2025-58181 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-58181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-58181 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22703 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-22703 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-22703 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-22772 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N * CVE-2026-22772 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2026-22772 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2026-22772 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-23991 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23991 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-23991 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23991 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23992 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23992 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-23992 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23992 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-24122 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-24122 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-24122 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-24137 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-24137 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-24137 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N * CVE-2026-26958 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-26958 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L * CVE-2026-26958 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves nine vulnerabilities can now be installed. ## Description: This update for cosign fixes the following issues: Update to version 3.0.5: * CVE-2026-24122: Fixed improper validation of certificates that outlive expired CA certificates (bsc#1258542) * CVE-2026-26958: Fixed filippo.io/edwards25519: failure to initialize receiver in MultiScalarMult can produce invalid results and lead to undefined behavior (bsc#1258612) * CVE-2026-24137: Fixed github.com/sigstore/sigstore/pkg/tuf: legacy TUF client allows for arbitrary file writes with target cache path traversal (bsc#1257139) * CVE-2026-22772: Fixed github.com/sigstore/fulcio: bypass MetaIssuer URL validation bypass can trigger SSRF to arbitrary internal services (bsc#1256562) * CVE-2026-23991: Fixed github.com/theupdateframework/go-tuf/v2: denial of service due to invalid TUF metadata JSON returned by TUF repository (bsc#1257080) * CVE-2026-23992: Fixed github.com/theupdateframework/go-tuf/v2: unauthorized modification to TUF metadata files due to a compromised or misconfigured TUF repository (bsc#1257085) * CVE-2025-11065: Fixed github.com/go-viper/mapstructure/v2: sensitive Information leak in logs (bsc#1250620) * CVE-2026-22703: Fixed that cosign verification accepts any valid Rekor entry under certain conditions (bsc#1256496) * CVE-2025-58181: Fixed golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption (bsc#1253913) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-404=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * cosign-debuginfo-3.0.5-160000.1.1 * cosign-3.0.5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11065.html * https://www.suse.com/security/cve/CVE-2025-58181.html * https://www.suse.com/security/cve/CVE-2026-22703.html * https://www.suse.com/security/cve/CVE-2026-22772.html * https://www.suse.com/security/cve/CVE-2026-23991.html * https://www.suse.com/security/cve/CVE-2026-23992.html * https://www.suse.com/security/cve/CVE-2026-24122.html * https://www.suse.com/security/cve/CVE-2026-24137.html * https://www.suse.com/security/cve/CVE-2026-26958.html * https://bugzilla.suse.com/show_bug.cgi?id=1250620 * https://bugzilla.suse.com/show_bug.cgi?id=1253913 * https://bugzilla.suse.com/show_bug.cgi?id=1256496 * https://bugzilla.suse.com/show_bug.cgi?id=1256562 * https://bugzilla.suse.com/show_bug.cgi?id=1257080 * https://bugzilla.suse.com/show_bug.cgi?id=1257085 * https://bugzilla.suse.com/show_bug.cgi?id=1257139 * https://bugzilla.suse.com/show_bug.cgi?id=1258542 * https://bugzilla.suse.com/show_bug.cgi?id=1258612 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:41:03 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:41:03 -0000 Subject: SUSE-SU-2026:20903-1: important: Security update for libjxl Message-ID: <177504726324.568.1685914895883773332@634a8d224e68> # Security update for libjxl Announcement ID: SUSE-SU-2026:20903-1 Release Date: 2026-03-18T10:13:37Z Rating: important References: * bsc#1258090 * bsc#1258091 Cross-References: * CVE-2025-12474 * CVE-2026-1837 CVSS scores: * CVE-2025-12474 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-12474 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-12474 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-1837 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-1837 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-1837 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for libjxl fixes the following issues: Update to libjxl 0.11.2: * CVE-2025-12474: a specially crafted file can cause the decoder to read pixel data from uninitialized allocated memory (bsc#1258090). * CVE-2026-1837: a specially crafted file can cause the decoder to write pixel data to uninitialized unallocated memory (bsc#1258091). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-403=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * libjxl-debugsource-0.11.2-160000.1.1 * libjxl-devel-0.11.2-160000.1.1 * libjxl0_11-debuginfo-0.11.2-160000.1.1 * libjxl0_11-0.11.2-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (x86_64) * libjxl0_11-x86-64-v3-debuginfo-0.11.2-160000.1.1 * libjxl0_11-x86-64-v3-0.11.2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12474.html * https://www.suse.com/security/cve/CVE-2026-1837.html * https://bugzilla.suse.com/show_bug.cgi?id=1258090 * https://bugzilla.suse.com/show_bug.cgi?id=1258091 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:41:23 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:41:23 -0000 Subject: SUSE-SU-2026:20902-1: important: Security update for libsoup Message-ID: <177504728339.568.3613220265818985792@634a8d224e68> # Security update for libsoup Announcement ID: SUSE-SU-2026:20902-1 Release Date: 2026-03-18T10:01:12Z Rating: important References: * bsc#1240751 * bsc#1252555 * bsc#1254876 * bsc#1257398 * bsc#1257441 * bsc#1257597 * bsc#1258120 * bsc#1258170 * bsc#1258508 Cross-References: * CVE-2025-12105 * CVE-2025-14523 * CVE-2025-32049 * CVE-2026-1467 * CVE-2026-1539 * CVE-2026-1760 * CVE-2026-2369 * CVE-2026-2443 * CVE-2026-2708 CVSS scores: * CVE-2025-12105 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-12105 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2025-12105 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-14523 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-14523 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2025-14523 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2025-32049 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-32049 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-32049 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1467 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N * CVE-2026-1467 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-1467 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N * CVE-2026-1467 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-1539 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N * CVE-2026-1539 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2026-1539 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2026-1539 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N * CVE-2026-1760 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-1760 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L * CVE-2026-1760 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-2369 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-2369 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-2369 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-2443 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-2443 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2443 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2443 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2708 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-2708 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves nine vulnerabilities can now be installed. ## Description: This update for libsoup fixes the following issues: Update to libsoup 3.6.6: * CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion (bsc#1252555). * CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (bsc#1254876). * CVE-2025-32049: Denial of Service attack to websocket server (bsc#1240751). * CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398). * CVE-2026-1539: proxy authentication credentials leaked via the Proxy- Authorization header when handling HTTP redirects (bsc#1257441). * CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request smuggling and potential DoS (bsc#1257597). * CVE-2026-2369: Buffer overread due to integer underflow when handling zero- length resources (bsc#1258120). * CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information disclosure to remote attackers (bsc#1258170). * CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508). Changelog: * websocket: Fix out-of-bounds read in process_frame * Check nulls returned by soup_date_time_new_from_http_string() * Numerous fixes to handling of Range headers * server: close the connection after responsing a request containing Content- Length and Transfer-Encoding * Use CRLF as line boundary when parsing chunked enconding data * websocket: do not accept messages frames after closing due to an error * Sanitize filename of content disposition header values * Always validate the headers value when coming from untrusted source * uri-utils: do host validation when checking if a GUri is valid * multipart: check length of bytes read soup_filter_input_stream_read_until() * message-headers: Reject duplicate Host headers * server: null-check soup_date_time_to_string() * auth-digest: fix crash in soup_auth_digest_get_protection_space() * session: fix 'heap-use-after-free' caused by 'finishing' queue item twice * cookies: Avoid expires attribute if date is invalid * http1: Set EOF flag once content-length bytes have been read * date-utils: Add value checks for date/time parsing * multipart: Fix multiple boundry limits * Fixed multiple possible memory leaks * message-headers: Correct merge of ranges * body-input-stream: Correct chunked trailers end detection * server-http2: Correctly validate URIs * multipart: Fix read out of buffer bounds under soup_multipart_new_from_message() * headers: Ensure Request-Line comprises entire first line * tests: Fix MSVC build error * Fix possible deadlock on init from gmodule usage * Updated translations. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-402=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * libsoup-3_0-0-debuginfo-3.6.6-160000.1.1 * libsoup-debugsource-3.6.6-160000.1.1 * libsoup-devel-3.6.6-160000.1.1 * libsoup-3_0-0-3.6.6-160000.1.1 * typelib-1_0-Soup-3_0-3.6.6-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * libsoup-lang-3.6.6-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12105.html * https://www.suse.com/security/cve/CVE-2025-14523.html * https://www.suse.com/security/cve/CVE-2025-32049.html * https://www.suse.com/security/cve/CVE-2026-1467.html * https://www.suse.com/security/cve/CVE-2026-1539.html * https://www.suse.com/security/cve/CVE-2026-1760.html * https://www.suse.com/security/cve/CVE-2026-2369.html * https://www.suse.com/security/cve/CVE-2026-2443.html * https://www.suse.com/security/cve/CVE-2026-2708.html * https://bugzilla.suse.com/show_bug.cgi?id=1240751 * https://bugzilla.suse.com/show_bug.cgi?id=1252555 * https://bugzilla.suse.com/show_bug.cgi?id=1254876 * https://bugzilla.suse.com/show_bug.cgi?id=1257398 * https://bugzilla.suse.com/show_bug.cgi?id=1257441 * https://bugzilla.suse.com/show_bug.cgi?id=1257597 * https://bugzilla.suse.com/show_bug.cgi?id=1258120 * https://bugzilla.suse.com/show_bug.cgi?id=1258170 * https://bugzilla.suse.com/show_bug.cgi?id=1258508 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:41:26 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:41:26 -0000 Subject: SUSE-SU-2026:20901-1: important: Security update for net-snmp Message-ID: <177504728689.568.4063977370643928327@634a8d224e68> # Security update for net-snmp Announcement ID: SUSE-SU-2026:20901-1 Release Date: 2026-03-18T09:56:31Z Rating: important References: * bsc#1255491 Cross-References: * CVE-2025-68615 CVSS scores: * CVE-2025-68615 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68615 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68615 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for net-snmp fixes the following issues: * CVE-2025-68615: Fixed snmptrapd buffer overflow (bsc#1255491). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-401=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * perl-SNMP-debuginfo-5.9.4-160000.3.1 * net-snmp-debuginfo-5.9.4-160000.3.1 * snmp-mibs-5.9.4-160000.3.1 * python313-net-snmp-5.9.4-160000.3.1 * libsnmp40-debuginfo-5.9.4-160000.3.1 * net-snmp-5.9.4-160000.3.1 * perl-SNMP-5.9.4-160000.3.1 * net-snmp-devel-5.9.4-160000.3.1 * libsnmp40-5.9.4-160000.3.1 * python313-net-snmp-debuginfo-5.9.4-160000.3.1 * net-snmp-debugsource-5.9.4-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68615.html * https://bugzilla.suse.com/show_bug.cgi?id=1255491 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 12:41:33 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 12:41:33 -0000 Subject: SUSE-SU-2026:1162-1: important: Security update for python-tornado Message-ID: <177504729371.568.12407639109642916821@634a8d224e68> # Security update for python-tornado Announcement ID: SUSE-SU-2026:1162-1 Release Date: 2026-03-31T22:02:19Z Rating: important References: * bsc#1254903 * bsc#1254905 * bsc#1259553 * bsc#1259630 Cross-References: * CVE-2025-67724 * CVE-2025-67725 * CVE-2026-31958 CVSS scores: * CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Desktop 12 * SUSE Linux Enterprise Desktop 12 SP1 * SUSE Linux Enterprise Desktop 12 SP2 * SUSE Linux Enterprise Desktop 12 SP3 * SUSE Linux Enterprise Desktop 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 * SUSE Manager Client Tools for SLE 12 An update that solves three vulnerabilities and has one security fix can now be installed. ## Description: This update for python-tornado fixes the following issues: * CVE-2025-67724: missing validation of the supplied reason phrase (bsc#1254903). * CVE-2025-67725: Denial of Service (DoS) via maliciously crafted HTTP request caused by the HTTPHeaders.add method (bsc#1254905). * CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553). * incomplete validation of cookie attributes allows for injection of user- controlled values in other cookie attributes (bsc#1259630). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 12 zypper in -t patch SUSE-SLE-Manager-Tools-12-2026-1162=1 ## Package List: * SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * python3-tornado-4.2.1-17.18.1 * python-tornado-debuginfo-4.2.1-17.18.1 * python-tornado-debugsource-4.2.1-17.18.1 * python-tornado-4.2.1-17.18.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67724.html * https://www.suse.com/security/cve/CVE-2025-67725.html * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://bugzilla.suse.com/show_bug.cgi?id=1259553 * https://bugzilla.suse.com/show_bug.cgi?id=1259630 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 16:30:09 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 16:30:09 -0000 Subject: SUSE-SU-2026:20949-1: important: Security update for docker-compose Message-ID: <177506100921.841.13628104062294428739@ea440c8e37cc> # Security update for docker-compose Announcement ID: SUSE-SU-2026:20949-1 Release Date: 2026-03-27T10:12:24Z Rating: important References: * bsc#1252752 * bsc#1253584 * bsc#1254041 Cross-References: * CVE-2025-47913 * CVE-2025-47914 * CVE-2025-62725 CVSS scores: * CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47914 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47914 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-62725 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-62725 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-62725 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Micro 6.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for docker-compose fixes the following issues: * CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253584). * CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1254041). * CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files (bsc#1252752). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-455=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * docker-compose-2.33.1-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-47913.html * https://www.suse.com/security/cve/CVE-2025-47914.html * https://www.suse.com/security/cve/CVE-2025-62725.html * https://bugzilla.suse.com/show_bug.cgi?id=1252752 * https://bugzilla.suse.com/show_bug.cgi?id=1253584 * https://bugzilla.suse.com/show_bug.cgi?id=1254041 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 16:30:19 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 16:30:19 -0000 Subject: SUSE-SU-2026:20948-1: moderate: Security update for net-tools Message-ID: <177506101906.841.1428460901021251431@ea440c8e37cc> # Security update for net-tools Announcement ID: SUSE-SU-2026:20948-1 Release Date: 2026-03-26T15:12:22Z Rating: moderate References: * bsc#1243581 * bsc#1248410 * bsc#1248687 * bsc#142461 * bsc#430864 * bsc#544339 Cross-References: * CVE-2025-46836 CVSS scores: * CVE-2025-46836 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-46836 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-46836 ( NVD ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability and has five fixes can now be installed. ## Description: This update for net-tools fixes the following issues: * Fix stack buffer overflow in parse_hex (bsc#1248687, GHSA-h667-qrp8-gj58). * Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687, GHSA-w7jq- cmw2-cq59). * Avoid unsafe memcpy in ifconfig (bsc#1248687). * Prevent overflow in ax25 and netrom (bsc#1248687) * Keep possibility to enter long interface names, even if they are not accepted by the kernel, because it was always possible up to CVE-2025-46836 fix. But issue a warning about an interface name concatenation (bsc#1248410). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-454=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * net-tools-debuginfo-2.10-160000.3.1 * net-tools-debugsource-2.10-160000.3.1 * net-tools-2.10-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-46836.html * https://bugzilla.suse.com/show_bug.cgi?id=1243581 * https://bugzilla.suse.com/show_bug.cgi?id=1248410 * https://bugzilla.suse.com/show_bug.cgi?id=1248687 * https://bugzilla.suse.com/show_bug.cgi?id=142461 * https://bugzilla.suse.com/show_bug.cgi?id=430864 * https://bugzilla.suse.com/show_bug.cgi?id=544339 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 16:30:26 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 16:30:26 -0000 Subject: SUSE-SU-2026:1163-1: important: Security update for MozillaThunderbird Message-ID: <177506102656.841.301743202821235467@ea440c8e37cc> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2026:1163-1 Release Date: 2026-04-01T08:49:15Z Rating: important References: * bsc#1260083 Cross-References: * CVE-2025-59375 * CVE-2026-3889 * CVE-2026-4371 * CVE-2026-4684 * CVE-2026-4685 * CVE-2026-4686 * CVE-2026-4687 * CVE-2026-4688 * CVE-2026-4689 * CVE-2026-4690 * CVE-2026-4691 * CVE-2026-4692 * CVE-2026-4693 * CVE-2026-4694 * CVE-2026-4695 * CVE-2026-4696 * CVE-2026-4697 * CVE-2026-4698 * CVE-2026-4699 * CVE-2026-4700 * CVE-2026-4701 * CVE-2026-4702 * CVE-2026-4704 * CVE-2026-4705 * CVE-2026-4706 * CVE-2026-4707 * CVE-2026-4708 * CVE-2026-4709 * CVE-2026-4710 * CVE-2026-4711 * CVE-2026-4712 * CVE-2026-4713 * CVE-2026-4714 * CVE-2026-4715 * CVE-2026-4716 * CVE-2026-4717 * CVE-2026-4718 * CVE-2026-4719 * CVE-2026-4720 * CVE-2026-4721 CVSS scores: * CVE-2025-59375 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-59375 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59375 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3889 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-3889 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4371 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4371 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-4684 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4684 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4685 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4685 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4685 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4686 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4686 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4686 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4687 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4687 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2026-4687 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4688 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4688 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-4688 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4689 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4689 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-4689 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-4690 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4690 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2026-4690 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4691 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4691 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4691 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4692 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4692 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-4692 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4693 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4693 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4693 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4694 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4694 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4694 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4695 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4695 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4695 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4696 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4696 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4696 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4697 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4697 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4697 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4698 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4698 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4698 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4699 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4699 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4699 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4700 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-4700 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4700 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4701 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4701 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4701 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4702 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4702 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4702 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4704 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-4704 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4704 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4705 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4705 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4705 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4706 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4706 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4706 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4707 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4707 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4707 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4708 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4708 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4708 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4709 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4709 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4709 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4710 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4710 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4710 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4711 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4711 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4711 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4712 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-4712 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4712 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4713 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4713 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4713 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4714 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4714 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4714 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4715 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4715 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-4715 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-4716 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4716 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-4716 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-4717 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4717 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4717 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4718 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4718 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-4718 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-4719 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4719 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4719 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4720 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4720 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4721 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4721 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves 40 vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.9 (MFSA 2026-24, bsc#1260083): * CVE-2026-3889: Spoofing issue in Thunderbird * CVE-2026-4371: Out of bounds read in IMAP parsing * CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component * CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4686: Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4687: Sandbox escape due to incorrect boundary conditions in the Telemetry component * CVE-2026-4688: Sandbox escape due to use-after-free in the Disability Access APIs component * CVE-2026-4689: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component * CVE-2026-4690: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component * CVE-2026-4691: Use-after-free in the CSS Parsing and Computation component * CVE-2026-4692: Sandbox escape in the Responsive Design Mode component * CVE-2026-4693: Incorrect boundary conditions in the Audio/Video: Playback component * CVE-2026-4694: Incorrect boundary conditions, integer overflow in the Graphics component * CVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs component * CVE-2026-4696: Use-after-free in the Layout: Text and Fonts component * CVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs component * CVE-2026-4698: JIT miscompilation in the JavaScript Engine: JIT component * CVE-2026-4699: Incorrect boundary conditions in the Layout: Text and Fonts component * CVE-2026-4700: Mitigation bypass in the Networking: HTTP component * CVE-2026-4701: Use-after-free in the JavaScript Engine component * CVE-2026-4702: JIT miscompilation in the JavaScript Engine component * CVE-2026-4704: Denial-of-service in the WebRTC: Signaling component * CVE-2026-4705: Undefined behavior in the WebRTC: Signaling component * CVE-2026-4706: Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4707: Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4708: Incorrect boundary conditions in the Graphics component * CVE-2026-4709: Incorrect boundary conditions in the Audio/Video: GMP component * CVE-2026-4710: Incorrect boundary conditions in the Audio/Video component * CVE-2026-4711: Use-after-free in the Widget: Cocoa component * CVE-2026-4712: Information disclosure in the Widget: Cocoa component * CVE-2026-4713: Incorrect boundary conditions in the Graphics component * CVE-2026-4714: Incorrect boundary conditions in the Audio/Video component * CVE-2026-4715: Uninitialized memory in the Graphics: Canvas2D component * CVE-2026-4716: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component * CVE-2026-4717: Privilege escalation in the Netmonitor component * CVE-2025-59375: Denial-of-service in the XML component * CVE-2026-4718: Undefined behavior in the WebRTC: Signaling component * CVE-2026-4719: Incorrect boundary conditions in the Graphics: Text component * CVE-2026-4720: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 * CVE-2026-4721: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1163=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1163=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1163=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * MozillaThunderbird-debuginfo-140.9.0-150200.8.263.1 * MozillaThunderbird-translations-common-140.9.0-150200.8.263.1 * MozillaThunderbird-140.9.0-150200.8.263.1 * MozillaThunderbird-translations-other-140.9.0-150200.8.263.1 * MozillaThunderbird-debugsource-140.9.0-150200.8.263.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * MozillaThunderbird-debuginfo-140.9.0-150200.8.263.1 * MozillaThunderbird-translations-common-140.9.0-150200.8.263.1 * MozillaThunderbird-140.9.0-150200.8.263.1 * MozillaThunderbird-translations-other-140.9.0-150200.8.263.1 * MozillaThunderbird-debugsource-140.9.0-150200.8.263.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debuginfo-140.9.0-150200.8.263.1 * MozillaThunderbird-translations-common-140.9.0-150200.8.263.1 * MozillaThunderbird-140.9.0-150200.8.263.1 * MozillaThunderbird-translations-other-140.9.0-150200.8.263.1 * MozillaThunderbird-debugsource-140.9.0-150200.8.263.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59375.html * https://www.suse.com/security/cve/CVE-2026-3889.html * https://www.suse.com/security/cve/CVE-2026-4371.html * https://www.suse.com/security/cve/CVE-2026-4684.html * https://www.suse.com/security/cve/CVE-2026-4685.html * https://www.suse.com/security/cve/CVE-2026-4686.html * https://www.suse.com/security/cve/CVE-2026-4687.html * https://www.suse.com/security/cve/CVE-2026-4688.html * https://www.suse.com/security/cve/CVE-2026-4689.html * https://www.suse.com/security/cve/CVE-2026-4690.html * https://www.suse.com/security/cve/CVE-2026-4691.html * https://www.suse.com/security/cve/CVE-2026-4692.html * https://www.suse.com/security/cve/CVE-2026-4693.html * https://www.suse.com/security/cve/CVE-2026-4694.html * https://www.suse.com/security/cve/CVE-2026-4695.html * https://www.suse.com/security/cve/CVE-2026-4696.html * https://www.suse.com/security/cve/CVE-2026-4697.html * https://www.suse.com/security/cve/CVE-2026-4698.html * https://www.suse.com/security/cve/CVE-2026-4699.html * https://www.suse.com/security/cve/CVE-2026-4700.html * https://www.suse.com/security/cve/CVE-2026-4701.html * https://www.suse.com/security/cve/CVE-2026-4702.html * https://www.suse.com/security/cve/CVE-2026-4704.html * https://www.suse.com/security/cve/CVE-2026-4705.html * https://www.suse.com/security/cve/CVE-2026-4706.html * https://www.suse.com/security/cve/CVE-2026-4707.html * https://www.suse.com/security/cve/CVE-2026-4708.html * https://www.suse.com/security/cve/CVE-2026-4709.html * https://www.suse.com/security/cve/CVE-2026-4710.html * https://www.suse.com/security/cve/CVE-2026-4711.html * https://www.suse.com/security/cve/CVE-2026-4712.html * https://www.suse.com/security/cve/CVE-2026-4713.html * https://www.suse.com/security/cve/CVE-2026-4714.html * https://www.suse.com/security/cve/CVE-2026-4715.html * https://www.suse.com/security/cve/CVE-2026-4716.html * https://www.suse.com/security/cve/CVE-2026-4717.html * https://www.suse.com/security/cve/CVE-2026-4718.html * https://www.suse.com/security/cve/CVE-2026-4719.html * https://www.suse.com/security/cve/CVE-2026-4720.html * https://www.suse.com/security/cve/CVE-2026-4721.html * https://bugzilla.suse.com/show_bug.cgi?id=1260083 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 20:30:13 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 20:30:13 -0000 Subject: SUSE-SU-2026:1165-1: important: Security update for freerdp Message-ID: <177507541310.1226.913577009664578997@7334c935c7bb> # Security update for freerdp Announcement ID: SUSE-SU-2026:1165-1 Release Date: 2026-04-01T13:41:01Z Rating: important References: * bsc#1258979 * bsc#1258982 * bsc#1258985 * bsc#1259653 * bsc#1259679 * bsc#1259686 Cross-References: * CVE-2026-26271 * CVE-2026-26955 * CVE-2026-26965 * CVE-2026-31806 * CVE-2026-31883 * CVE-2026-31885 CVSS scores: * CVE-2026-26271 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26271 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-26955 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26955 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26955 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26965 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26965 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26965 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-31806 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31806 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-31806 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31806 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31883 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-31883 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31883 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31883 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-31885 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31885 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2026-31885 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-31885 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for freerdp fixes the following issues: * CVE-2026-26271: Buffer Overread in FreeRDP Icon Processing (bsc#1258979). * CVE-2026-26955: Out-of-bounds Write in freerdp (bsc#1258982). * CVE-2026-26965: Out-of-bounds Write in freerdp (bsc#1258985). * CVE-2026-31806: improper validation of server messages can lead to a heap buffer overflow and arbitrary code execution (bsc#1259653). * CVE-2026-31883: crafted RDPSND audio format and wave data can cause a heap buffer overflow write (bsc#1259679). * CVE-2026-31885: unchecked predictor can lead to an out-of-bounds read (bsc#1259686). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1165=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1165=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * freerdp-devel-2.1.2-12.63.1 * winpr2-devel-2.1.2-12.63.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * freerdp-devel-2.1.2-12.63.1 * winpr2-devel-2.1.2-12.63.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26271.html * https://www.suse.com/security/cve/CVE-2026-26955.html * https://www.suse.com/security/cve/CVE-2026-26965.html * https://www.suse.com/security/cve/CVE-2026-31806.html * https://www.suse.com/security/cve/CVE-2026-31883.html * https://www.suse.com/security/cve/CVE-2026-31885.html * https://bugzilla.suse.com/show_bug.cgi?id=1258979 * https://bugzilla.suse.com/show_bug.cgi?id=1258982 * https://bugzilla.suse.com/show_bug.cgi?id=1258985 * https://bugzilla.suse.com/show_bug.cgi?id=1259653 * https://bugzilla.suse.com/show_bug.cgi?id=1259679 * https://bugzilla.suse.com/show_bug.cgi?id=1259686 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 1 20:30:22 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 01 Apr 2026 20:30:22 -0000 Subject: SUSE-SU-2026:1164-1: important: Security update for freerdp2 Message-ID: <177507542236.1226.17465848533491222959@7334c935c7bb> # Security update for freerdp2 Announcement ID: SUSE-SU-2026:1164-1 Release Date: 2026-04-01T13:40:49Z Rating: important References: * bsc#1258979 * bsc#1258982 * bsc#1258985 * bsc#1259653 * bsc#1259679 * bsc#1259686 Cross-References: * CVE-2026-26271 * CVE-2026-26955 * CVE-2026-26965 * CVE-2026-31806 * CVE-2026-31883 * CVE-2026-31885 CVSS scores: * CVE-2026-26271 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26271 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-26955 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26955 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26955 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26965 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26965 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26965 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-31806 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31806 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-31806 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31806 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31883 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-31883 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31883 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31883 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-31885 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31885 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2026-31885 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-31885 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves six vulnerabilities can now be installed. ## Description: This update for freerdp2 fixes the following issues: * CVE-2026-26271: Buffer Overread in FreeRDP Icon Processing (bsc#1258979). * CVE-2026-26955: Out-of-bounds Write in freerdp (bsc#1258982). * CVE-2026-26965: Out-of-bounds Write in freerdp (bsc#1258985). * CVE-2026-31806: improper validation of server messages can lead to a heap buffer overflow and arbitrary code execution (bsc#1259653). * CVE-2026-31883: crafted RDPSND audio format and wave data can cause a heap buffer overflow write (bsc#1259679). * CVE-2026-31885: unchecked predictor can lead to an out-of-bounds read (bsc#1259686). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1164=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1164=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * freerdp2-debuginfo-2.11.7-150700.3.14.1 * winpr2-devel-2.11.7-150700.3.14.1 * freerdp2-debugsource-2.11.7-150700.3.14.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * freerdp2-debuginfo-2.11.7-150700.3.14.1 * freerdp2-devel-2.11.7-150700.3.14.1 * libwinpr2-2-2.11.7-150700.3.14.1 * freerdp2-server-debuginfo-2.11.7-150700.3.14.1 * freerdp2-debugsource-2.11.7-150700.3.14.1 * libfreerdp2-2-2.11.7-150700.3.14.1 * winpr2-devel-2.11.7-150700.3.14.1 * freerdp2-2.11.7-150700.3.14.1 * libfreerdp2-2-debuginfo-2.11.7-150700.3.14.1 * freerdp2-proxy-debuginfo-2.11.7-150700.3.14.1 * freerdp2-server-2.11.7-150700.3.14.1 * libwinpr2-2-debuginfo-2.11.7-150700.3.14.1 * freerdp2-proxy-2.11.7-150700.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26271.html * https://www.suse.com/security/cve/CVE-2026-26955.html * https://www.suse.com/security/cve/CVE-2026-26965.html * https://www.suse.com/security/cve/CVE-2026-31806.html * https://www.suse.com/security/cve/CVE-2026-31883.html * https://www.suse.com/security/cve/CVE-2026-31885.html * https://bugzilla.suse.com/show_bug.cgi?id=1258979 * https://bugzilla.suse.com/show_bug.cgi?id=1258982 * https://bugzilla.suse.com/show_bug.cgi?id=1258985 * https://bugzilla.suse.com/show_bug.cgi?id=1259653 * https://bugzilla.suse.com/show_bug.cgi?id=1259679 * https://bugzilla.suse.com/show_bug.cgi?id=1259686 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 12:30:09 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 02 Apr 2026 12:30:09 -0000 Subject: SUSE-RU-2026:1168-1: important: Recommended update for apache2 Message-ID: <177513300950.1256.14474278463587611291@c2c2e0ac4d9f> # Recommended update for apache2 Announcement ID: SUSE-RU-2026:1168-1 Release Date: 2026-04-02T06:23:50Z Rating: important References: * bsc#1254182 * jsc#PED-15953 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that contains one feature and has one fix can now be installed. ## Description: This update for apache2 fixes the following issues: * Update to 2.4.66: * ECO: (jsc#PED-15953): * Fix: apache2-worker segfaults (bsc#1254182) * Removed patches, as they've been merged/fixed upstream. * Removed these FIPS-related patches too, as they too have been merged upstream ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1168=1 openSUSE-SLE-15.6-2026-1168=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1168=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1168=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * apache2-prefork-debugsource-2.4.66-150600.5.47.1 * apache2-event-2.4.66-150600.5.47.1 * apache2-utils-2.4.66-150600.5.47.1 * apache2-worker-2.4.66-150600.5.47.1 * apache2-debugsource-2.4.66-150600.5.47.1 * apache2-worker-debuginfo-2.4.66-150600.5.47.1 * apache2-2.4.66-150600.5.47.1 * apache2-event-debuginfo-2.4.66-150600.5.47.1 * apache2-utils-debugsource-2.4.66-150600.5.47.1 * apache2-prefork-2.4.66-150600.5.47.1 * apache2-devel-2.4.66-150600.5.47.1 * apache2-utils-debuginfo-2.4.66-150600.5.47.1 * apache2-worker-debugsource-2.4.66-150600.5.47.1 * apache2-prefork-debuginfo-2.4.66-150600.5.47.1 * apache2-event-debugsource-2.4.66-150600.5.47.1 * apache2-debuginfo-2.4.66-150600.5.47.1 * openSUSE Leap 15.6 (noarch) * apache2-manual-2.4.66-150600.5.47.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * apache2-prefork-debugsource-2.4.66-150600.5.47.1 * apache2-worker-2.4.66-150600.5.47.1 * apache2-debugsource-2.4.66-150600.5.47.1 * apache2-worker-debuginfo-2.4.66-150600.5.47.1 * apache2-2.4.66-150600.5.47.1 * apache2-utils-debugsource-2.4.66-150600.5.47.1 * apache2-prefork-2.4.66-150600.5.47.1 * apache2-devel-2.4.66-150600.5.47.1 * apache2-utils-debuginfo-2.4.66-150600.5.47.1 * apache2-worker-debugsource-2.4.66-150600.5.47.1 * apache2-prefork-debuginfo-2.4.66-150600.5.47.1 * apache2-utils-2.4.66-150600.5.47.1 * apache2-debuginfo-2.4.66-150600.5.47.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * apache2-prefork-debugsource-2.4.66-150600.5.47.1 * apache2-worker-2.4.66-150600.5.47.1 * apache2-debugsource-2.4.66-150600.5.47.1 * apache2-worker-debuginfo-2.4.66-150600.5.47.1 * apache2-2.4.66-150600.5.47.1 * apache2-utils-debugsource-2.4.66-150600.5.47.1 * apache2-prefork-2.4.66-150600.5.47.1 * apache2-devel-2.4.66-150600.5.47.1 * apache2-utils-debuginfo-2.4.66-150600.5.47.1 * apache2-worker-debugsource-2.4.66-150600.5.47.1 * apache2-prefork-debuginfo-2.4.66-150600.5.47.1 * apache2-utils-2.4.66-150600.5.47.1 * apache2-debuginfo-2.4.66-150600.5.47.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1254182 * https://jira.suse.com/browse/PED-15953 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 12:30:14 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 02 Apr 2026 12:30:14 -0000 Subject: SUSE-RU-2026:1167-1: important: Recommended update for apache2 Message-ID: <177513301494.1256.12624628106209000497@c2c2e0ac4d9f> # Recommended update for apache2 Announcement ID: SUSE-RU-2026:1167-1 Release Date: 2026-04-02T06:23:33Z Rating: important References: * bsc#1254182 * jsc#PED-15953 Affected Products: * Basesystem Module 15-SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that contains one feature and has one fix can now be installed. ## Description: This update for apache2 fixes the following issues: * Update to 2.4.66: * ECO: (jsc#PED-15953): * Fix: apache2-worker segfaults (bsc#1254182) * Removed patches, as they've been merged/fixed upstream. * Removed these FIPS-related patches too, as they too have been merged upstream ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1167=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1167=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1167=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * apache2-debugsource-2.4.66-150700.4.15.1 * apache2-2.4.66-150700.4.15.1 * apache2-prefork-debuginfo-2.4.66-150700.4.15.1 * apache2-debuginfo-2.4.66-150700.4.15.1 * apache2-prefork-debugsource-2.4.66-150700.4.15.1 * apache2-prefork-2.4.66-150700.4.15.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * apache2-event-debugsource-2.4.66-150700.4.15.1 * apache2-event-2.4.66-150700.4.15.1 * apache2-event-debuginfo-2.4.66-150700.4.15.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * apache2-utils-debuginfo-2.4.66-150700.4.15.1 * apache2-worker-debuginfo-2.4.66-150700.4.15.1 * apache2-worker-2.4.66-150700.4.15.1 * apache2-utils-2.4.66-150700.4.15.1 * apache2-utils-debugsource-2.4.66-150700.4.15.1 * apache2-devel-2.4.66-150700.4.15.1 * apache2-worker-debugsource-2.4.66-150700.4.15.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1254182 * https://jira.suse.com/browse/PED-15953 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 12:30:35 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 02 Apr 2026 12:30:35 -0000 Subject: SUSE-SU-2026:1166-1: important: Security update for expat Message-ID: <177513303559.1256.6748021885196471897@c2c2e0ac4d9f> # Security update for expat Announcement ID: SUSE-SU-2026:1166-1 Release Date: 2026-04-02T01:08:59Z Rating: important References: * bsc#1259711 * bsc#1259726 * bsc#1259729 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). * CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). * CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1166=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1166=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1166=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1166=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1166=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1166=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1166=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1166=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1166=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1166=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1166=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1166=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1166=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1166=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1166=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1166=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1166=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libexpat1-debuginfo-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libexpat1-debuginfo-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libexpat1-debuginfo-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libexpat1-debuginfo-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libexpat1-debuginfo-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-2.7.1-150400.3.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * openSUSE Leap 15.4 (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat-devel-32bit-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libexpat-devel-64bit-2.7.1-150400.3.37.1 * libexpat1-64bit-debuginfo-2.7.1-150400.3.37.1 * libexpat1-64bit-2.7.1-150400.3.37.1 * expat-64bit-debuginfo-2.7.1-150400.3.37.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libexpat1-2.7.1-150400.3.37.1 * libexpat-devel-2.7.1-150400.3.37.1 * expat-2.7.1-150400.3.37.1 * expat-debuginfo-2.7.1-150400.3.37.1 * expat-debugsource-2.7.1-150400.3.37.1 * libexpat1-debuginfo-2.7.1-150400.3.37.1 * openSUSE Leap 15.6 (x86_64) * libexpat1-32bit-2.7.1-150400.3.37.1 * libexpat-devel-32bit-2.7.1-150400.3.37.1 * expat-32bit-debuginfo-2.7.1-150400.3.37.1 * libexpat1-32bit-debuginfo-2.7.1-150400.3.37.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259711 * https://bugzilla.suse.com/show_bug.cgi?id=1259726 * https://bugzilla.suse.com/show_bug.cgi?id=1259729 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 16:30:06 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 02 Apr 2026 16:30:06 -0000 Subject: SUSE-RU-2026:1172-1: important: Recommended update for re2c Message-ID: <177514740652.1447.7307782640992705460@c2c2e0ac4d9f> # Recommended update for re2c Announcement ID: SUSE-RU-2026:1172-1 Release Date: 2026-04-02T09:17:49Z Rating: important References: * bsc#1252224 Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has one fix can now be installed. ## Description: This update for re2c fixes the following issues: * package LICENSE and tag is as %license (bsc#1252224) * added sources: * LICENSE ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1172=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1172=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * re2c-debugsource-1.0.3-150000.3.6.1 * re2c-debuginfo-1.0.3-150000.3.6.1 * re2c-1.0.3-150000.3.6.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * re2c-debugsource-1.0.3-150000.3.6.1 * re2c-debuginfo-1.0.3-150000.3.6.1 * re2c-1.0.3-150000.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1252224 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 16:30:13 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 02 Apr 2026 16:30:13 -0000 Subject: SUSE-SU-2026:1171-1: important: Security update for python-tornado Message-ID: <177514741333.1447.17173922232495269477@c2c2e0ac4d9f> # Security update for python-tornado Announcement ID: SUSE-SU-2026:1171-1 Release Date: 2026-04-02T08:57:10Z Rating: important References: * bsc#1254905 * bsc#1259553 * bsc#1259630 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for python-tornado fixes the following issues: * CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553). * incomplete validation of cookie attributes allows for injection of user- controlled values in other cookie attributes (bsc#1259630). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1171=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1171=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1171=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1171=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1171=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1171=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1171=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1171=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1171=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1171=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1171=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1171=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1171=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1171=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1171=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1171=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1171=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1171=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * python3-tornado-4.5.3-150000.3.19.1 * python-tornado-debugsource-4.5.3-150000.3.19.1 * python-tornado-debuginfo-4.5.3-150000.3.19.1 * python3-tornado-debuginfo-4.5.3-150000.3.19.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://bugzilla.suse.com/show_bug.cgi?id=1259553 * https://bugzilla.suse.com/show_bug.cgi?id=1259630 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 16:30:17 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 02 Apr 2026 16:30:17 -0000 Subject: SUSE-SU-2026:1170-1: important: Security update for perl-Crypt-URandom Message-ID: <177514741735.1447.11010767014536939725@c2c2e0ac4d9f> # Security update for perl-Crypt-URandom Announcement ID: SUSE-SU-2026:1170-1 Release Date: 2026-04-02T08:42:08Z Rating: important References: * bsc#1258266 Cross-References: * CVE-2026-2474 CVSS scores: * CVE-2026-2474 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-2474 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-2474 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for perl-Crypt-URandom fixes the following issue: Update to 0.550.0 (0.55): * CVE-2026-2474: heap buffer overflow in the XS function `crypt_urandom_getrandom()` (bsc#1258266). Changelog: * Fix for sysread/read failures. Thanks to Miha Purg for GH#20. * Fix for test suite failures on STDOUT encoding. Thanks to Lukas Mai for GH#19. For full changelog see /usr/share/doc/packages/perl-Crypt-URandom/Changes. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1170=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1170=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * perl-Crypt-URandom-0.550.0-1.6.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * perl-Crypt-URandom-0.550.0-1.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2474.html * https://bugzilla.suse.com/show_bug.cgi?id=1258266 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 16:30:41 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 02 Apr 2026 16:30:41 -0000 Subject: SUSE-SU-2026:1169-1: important: Security update for wireshark Message-ID: <177514744183.1447.851398012745234452@c2c2e0ac4d9f> # Security update for wireshark Announcement ID: SUSE-SU-2026:1169-1 Release Date: 2026-04-02T08:29:33Z Rating: important References: * bsc#1231475 * bsc#1231476 * bsc#1233593 * bsc#1233594 * bsc#1237414 * bsc#1244081 * bsc#1249090 * bsc#1254108 * bsc#1254262 * bsc#1254471 * bsc#1254472 * bsc#1256734 * bsc#1256736 * bsc#1256738 * bsc#1256739 * bsc#1258907 * bsc#1258908 * bsc#1258909 * jsc#PED-15400 Cross-References: * CVE-2024-11595 * CVE-2024-11596 * CVE-2024-9780 * CVE-2024-9781 * CVE-2025-13499 * CVE-2025-13674 * CVE-2025-13945 * CVE-2025-13946 * CVE-2025-1492 * CVE-2025-5601 * CVE-2025-9817 * CVE-2026-0959 * CVE-2026-0960 * CVE-2026-0961 * CVE-2026-0962 * CVE-2026-3201 * CVE-2026-3202 * CVE-2026-3203 CVSS scores: * CVE-2024-11595 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-11595 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-11595 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-11596 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-11596 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-11596 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-9780 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-9780 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-9780 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9781 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-9781 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-9781 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-13499 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-13499 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2025-13499 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-13499 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13674 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-13674 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13674 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13945 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13945 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13946 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13946 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-1492 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-1492 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-1492 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-1492 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-5601 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H * CVE-2025-5601 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-5601 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-9817 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-9817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-9817 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-9817 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-0959 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-0959 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0959 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0959 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0960 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-0960 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0960 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0960 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0961 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-0961 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0961 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0961 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0962 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-0962 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0962 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0962 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-3201 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-3201 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-3201 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-3201 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3202 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-3202 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-3202 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-3202 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3203 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-3203 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-3203 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-3203 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 18 vulnerabilities and contains one feature can now be installed. ## Description: This update for wireshark fixes the following issues: Update Wireshark to version 4.6.4 (jsc#PED-15400). * CVE-2024-9780: ITS dissector crash (bsc#1231475). * CVE-2024-9781: AppleTalk and RELOAD Framing dissector crash (bsc#1231476). * CVE-2024-11595: Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark (bsc#1233594). * CVE-2024-11596: Buffer Over-read in Wireshark (bsc#1233593). * CVE-2025-1492: Uncontrolled Recursion in Wireshark (bsc#1237414). * CVE-2025-5601: Column handling crashes in Wireshark allows denial of service (bsc#1244081). * CVE-2025-9817: NULL Pointer Dereference in ssh dissector (bsc#1249090). * CVE-2025-13499: a malformed packet can lead to a Kafka dissector crash (bsc#1254108). * CVE-2025-13674: injecting a malformed packet can cause a crash (bsc#1254262). * CVE-2025-13945: HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service (bsc#1254471). * CVE-2025-13946: MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service (bsc#1254472). * CVE-2026-0959: denial of service via IEEE 802.11 protocol dissector crash (bsc#1256734). * CVE-2026-0960: denial of Service via HTTP3 protocol dissector infinite loop (bsc#1256736). * CVE-2026-0961: denial of Service vulnerability in BLF file parser (bsc#1256738). * CVE-2026-0962: denial of Service via SOME/IP-SD protocol dissector crash (bsc#1256739). * CVE-2026-3201: missing limit checks in USB HID protocol dissector's `parse_report_descriptor` function can lead to memory exhaustion (bsc#1258907). * CVE-2026-3202: missing checks in NTS-KE protocol dissector can lead to crash (bsc#1258908). * CVE-2026-3203: missing length checks in the RF4CE Profile protocol dissector can lead to illegal memory access and crash (bsc#1258909). Also libvirt was rebuilt against wireshark for the libvirt plugin. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1169=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1169=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1169=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libwsutil17-debuginfo-4.6.4-150700.21.8.1 * wireshark-debugsource-4.6.4-150700.21.8.1 * libwiretap16-debuginfo-4.6.4-150700.21.8.1 * wireshark-4.6.4-150700.21.8.1 * libwiretap16-4.6.4-150700.21.8.1 * libvirt-libs-debuginfo-11.0.0-150700.4.19.1 * libwireshark19-4.6.4-150700.21.8.1 * libvirt-libs-11.0.0-150700.4.19.1 * libvirt-debugsource-11.0.0-150700.4.19.1 * wireshark-debuginfo-4.6.4-150700.21.8.1 * libwireshark19-debuginfo-4.6.4-150700.21.8.1 * libwsutil17-4.6.4-150700.21.8.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * wireshark-ui-qt-4.6.4-150700.21.8.1 * wireshark-debuginfo-4.6.4-150700.21.8.1 * wireshark-ui-qt-debuginfo-4.6.4-150700.21.8.1 * wireshark-devel-4.6.4-150700.21.8.1 * wireshark-debugsource-4.6.4-150700.21.8.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libvirt-daemon-driver-storage-core-11.0.0-150700.4.19.1 * libvirt-daemon-config-nwfilter-11.0.0-150700.4.19.1 * libvirt-daemon-driver-nwfilter-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-proxy-11.0.0-150700.4.19.1 * libvirt-daemon-lock-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-mpath-11.0.0-150700.4.19.1 * libvirt-nss-11.0.0-150700.4.19.1 * libvirt-client-11.0.0-150700.4.19.1 * libvirt-11.0.0-150700.4.19.1 * libvirt-daemon-driver-secret-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-core-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-lock-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-iscsi-direct-11.0.0-150700.4.19.1 * libvirt-daemon-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-nodedev-11.0.0-150700.4.19.1 * libvirt-daemon-driver-secret-11.0.0-150700.4.19.1 * libvirt-nss-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-qemu-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-disk-debuginfo-11.0.0-150700.4.19.1 * libvirt-debugsource-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-plugin-lockd-11.0.0-150700.4.19.1 * libvirt-daemon-log-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-logical-11.0.0-150700.4.19.1 * libvirt-daemon-driver-nwfilter-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-scsi-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-mpath-debuginfo-11.0.0-150700.4.19.1 * libvirt-devel-11.0.0-150700.4.19.1 * libvirt-daemon-driver-network-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-config-network-11.0.0-150700.4.19.1 * libvirt-daemon-driver-interface-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-plugin-lockd-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-disk-11.0.0-150700.4.19.1 * libvirt-daemon-plugin-sanlock-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-nodedev-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-logical-debuginfo-11.0.0-150700.4.19.1 * libvirt-client-qemu-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-scsi-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-iscsi-11.0.0-150700.4.19.1 * libvirt-daemon-qemu-11.0.0-150700.4.19.1 * libvirt-daemon-driver-interface-11.0.0-150700.4.19.1 * libvirt-daemon-common-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-proxy-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-network-11.0.0-150700.4.19.1 * libvirt-daemon-hooks-11.0.0-150700.4.19.1 * libvirt-daemon-log-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-11.0.0-150700.4.19.1 * libvirt-daemon-common-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-qemu-debuginfo-11.0.0-150700.4.19.1 * libvirt-client-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-plugin-sanlock-11.0.0-150700.4.19.1 * libvirt-daemon-11.0.0-150700.4.19.1 * Server Applications Module 15-SP7 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-11.0.0-150700.4.19.1 * libvirt-daemon-driver-storage-rbd-debuginfo-11.0.0-150700.4.19.1 * Server Applications Module 15-SP7 (noarch) * libvirt-doc-11.0.0-150700.4.19.1 * Server Applications Module 15-SP7 (x86_64) * libvirt-daemon-xen-11.0.0-150700.4.19.1 * libvirt-daemon-driver-libxl-debuginfo-11.0.0-150700.4.19.1 * libvirt-daemon-driver-libxl-11.0.0-150700.4.19.1 ## References: * https://www.suse.com/security/cve/CVE-2024-11595.html * https://www.suse.com/security/cve/CVE-2024-11596.html * https://www.suse.com/security/cve/CVE-2024-9780.html * https://www.suse.com/security/cve/CVE-2024-9781.html * https://www.suse.com/security/cve/CVE-2025-13499.html * https://www.suse.com/security/cve/CVE-2025-13674.html * https://www.suse.com/security/cve/CVE-2025-13945.html * https://www.suse.com/security/cve/CVE-2025-13946.html * https://www.suse.com/security/cve/CVE-2025-1492.html * https://www.suse.com/security/cve/CVE-2025-5601.html * https://www.suse.com/security/cve/CVE-2025-9817.html * https://www.suse.com/security/cve/CVE-2026-0959.html * https://www.suse.com/security/cve/CVE-2026-0960.html * https://www.suse.com/security/cve/CVE-2026-0961.html * https://www.suse.com/security/cve/CVE-2026-0962.html * https://www.suse.com/security/cve/CVE-2026-3201.html * https://www.suse.com/security/cve/CVE-2026-3202.html * https://www.suse.com/security/cve/CVE-2026-3203.html * https://bugzilla.suse.com/show_bug.cgi?id=1231475 * https://bugzilla.suse.com/show_bug.cgi?id=1231476 * https://bugzilla.suse.com/show_bug.cgi?id=1233593 * https://bugzilla.suse.com/show_bug.cgi?id=1233594 * https://bugzilla.suse.com/show_bug.cgi?id=1237414 * https://bugzilla.suse.com/show_bug.cgi?id=1244081 * https://bugzilla.suse.com/show_bug.cgi?id=1249090 * https://bugzilla.suse.com/show_bug.cgi?id=1254108 * https://bugzilla.suse.com/show_bug.cgi?id=1254262 * https://bugzilla.suse.com/show_bug.cgi?id=1254471 * https://bugzilla.suse.com/show_bug.cgi?id=1254472 * https://bugzilla.suse.com/show_bug.cgi?id=1256734 * https://bugzilla.suse.com/show_bug.cgi?id=1256736 * https://bugzilla.suse.com/show_bug.cgi?id=1256738 * https://bugzilla.suse.com/show_bug.cgi?id=1256739 * https://bugzilla.suse.com/show_bug.cgi?id=1258907 * https://bugzilla.suse.com/show_bug.cgi?id=1258908 * https://bugzilla.suse.com/show_bug.cgi?id=1258909 * https://jira.suse.com/browse/PED-15400 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 20:30:05 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 02 Apr 2026 20:30:05 -0000 Subject: SUSE-SU-2026:1179-1: moderate: Security update for libsoup2 Message-ID: <177516180516.1584.8632462471772275471@c2c2e0ac4d9f> # Security update for libsoup2 Announcement ID: SUSE-SU-2026:1179-1 Release Date: 2026-04-02T15:08:35Z Rating: moderate References: * bsc#1256418 Cross-References: * CVE-2026-0716 CVSS scores: * CVE-2026-0716 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-0716 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L * CVE-2026-0716 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for libsoup2 fixes the following issue: * CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1179=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1179=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1179=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1179=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1179=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1179=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libsoup-2_4-1-2.74.2-150400.3.34.1 * libsoup-2_4-1-debuginfo-2.74.2-150400.3.34.1 * libsoup2-devel-2.74.2-150400.3.34.1 * typelib-1_0-Soup-2_4-2.74.2-150400.3.34.1 * libsoup2-debugsource-2.74.2-150400.3.34.1 * openSUSE Leap 15.4 (x86_64) * libsoup-2_4-1-32bit-2.74.2-150400.3.34.1 * libsoup2-devel-32bit-2.74.2-150400.3.34.1 * libsoup-2_4-1-32bit-debuginfo-2.74.2-150400.3.34.1 * openSUSE Leap 15.4 (noarch) * libsoup2-lang-2.74.2-150400.3.34.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libsoup2-devel-64bit-2.74.2-150400.3.34.1 * libsoup-2_4-1-64bit-2.74.2-150400.3.34.1 * libsoup-2_4-1-64bit-debuginfo-2.74.2-150400.3.34.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.34.1 * libsoup-2_4-1-2.74.2-150400.3.34.1 * libsoup2-debugsource-2.74.2-150400.3.34.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.34.1 * libsoup-2_4-1-2.74.2-150400.3.34.1 * libsoup2-debugsource-2.74.2-150400.3.34.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.34.1 * libsoup-2_4-1-2.74.2-150400.3.34.1 * libsoup2-debugsource-2.74.2-150400.3.34.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.34.1 * libsoup-2_4-1-2.74.2-150400.3.34.1 * libsoup2-debugsource-2.74.2-150400.3.34.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libsoup-2_4-1-debuginfo-2.74.2-150400.3.34.1 * libsoup-2_4-1-2.74.2-150400.3.34.1 * libsoup2-debugsource-2.74.2-150400.3.34.1 ## References: * https://www.suse.com/security/cve/CVE-2026-0716.html * https://bugzilla.suse.com/show_bug.cgi?id=1256418 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 20:30:08 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 02 Apr 2026 20:30:08 -0000 Subject: SUSE-SU-2026:1178-1: moderate: Security update for libsoup Message-ID: <177516180860.1584.720419035232686827@c2c2e0ac4d9f> # Security update for libsoup Announcement ID: SUSE-SU-2026:1178-1 Release Date: 2026-04-02T15:08:02Z Rating: moderate References: * bsc#1256418 Cross-References: * CVE-2026-0716 CVSS scores: * CVE-2026-0716 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-0716 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L * CVE-2026-0716 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for libsoup fixes the following issue: * CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1178=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libsoup-3_0-0-3.0.4-150400.3.40.1 * libsoup-3_0-0-debuginfo-3.0.4-150400.3.40.1 * libsoup-devel-3.0.4-150400.3.40.1 * libsoup-debugsource-3.0.4-150400.3.40.1 * typelib-1_0-Soup-3_0-3.0.4-150400.3.40.1 * openSUSE Leap 15.4 (x86_64) * libsoup-3_0-0-32bit-debuginfo-3.0.4-150400.3.40.1 * libsoup-devel-32bit-3.0.4-150400.3.40.1 * libsoup-3_0-0-32bit-3.0.4-150400.3.40.1 * openSUSE Leap 15.4 (noarch) * libsoup-lang-3.0.4-150400.3.40.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libsoup-3_0-0-64bit-3.0.4-150400.3.40.1 * libsoup-3_0-0-64bit-debuginfo-3.0.4-150400.3.40.1 * libsoup-devel-64bit-3.0.4-150400.3.40.1 ## References: * https://www.suse.com/security/cve/CVE-2026-0716.html * https://bugzilla.suse.com/show_bug.cgi?id=1256418 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 20:30:12 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 02 Apr 2026 20:30:12 -0000 Subject: SUSE-SU-2026:1177-1: important: Security update for tar Message-ID: <177516181260.1584.11953673555762418588@c2c2e0ac4d9f> # Security update for tar Announcement ID: SUSE-SU-2026:1177-1 Release Date: 2026-04-02T15:01:24Z Rating: important References: * bsc#1246399 Cross-References: * CVE-2025-45582 CVSS scores: * CVE-2025-45582 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-45582 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-45582 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for tar fixes the following issue: * CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1177=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1177=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1177=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1177=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1177=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1177=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1177=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1177=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1177=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1177=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1177=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1177=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1177=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1177=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1177=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1177=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1177=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1177=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1177=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * tar-debugsource-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * tar-debugsource-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * tar-debugsource-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * tar-debugsource-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * tar-debugsource-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * Basesystem Module 15-SP7 (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * tar-lang-1.34-150000.3.37.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * tar-debugsource-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * tar-debugsource-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * tar-tests-debuginfo-1.34-150000.3.37.1 * tar-rmt-1.34-150000.3.37.1 * tar-debuginfo-1.34-150000.3.37.1 * tar-1.34-150000.3.37.1 * tar-tests-1.34-150000.3.37.1 * tar-debugsource-1.34-150000.3.37.1 * tar-rmt-debuginfo-1.34-150000.3.37.1 * openSUSE Leap 15.6 (noarch) * tar-backup-scripts-1.34-150000.3.37.1 * tar-doc-1.34-150000.3.37.1 * tar-lang-1.34-150000.3.37.1 ## References: * https://www.suse.com/security/cve/CVE-2025-45582.html * https://bugzilla.suse.com/show_bug.cgi?id=1246399 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 20:30:17 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 02 Apr 2026 20:30:17 -0000 Subject: SUSE-RU-2026:1176-1: moderate: Recommended update for nvidia-open-driver-G07-signed Message-ID: <177516181735.1584.8877119914576813829@c2c2e0ac4d9f> # Recommended update for nvidia-open-driver-G07-signed Announcement ID: SUSE-RU-2026:1176-1 Release Date: 2026-04-02T13:40:01Z Rating: moderate References: * bsc#1259719 * bsc#1260044 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that has two fixes can now be installed. ## Description: This update for nvidia-open-driver-G07-signed fixes the following issues: * adding 'ExcludeArch: %ix86 s390x ppc64le' to no longer get autoclines by buildservice hoping that this wont't break RPM descriptions for -cuda variant again * update CUDA variant to 595.58.03 * update non-CUDA version to 595.58.03 (bsc#1260044) * do not set ExclusiveArch in order to fix RPM description for -cuda variant (bsc#1259719) * improved RPM description for -cuda and non-cuda variant * add 'Provides: open-driver-non-cuda-variant = %version' for non-CUDA variant: * to be able to distinguish between both variants; * to be used by nvidia-open-driver-G07-signed-kmp-meta for TW; ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1176=1 openSUSE-SLE-15.6-2026-1176=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1176=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1176=1 ## Package List: * openSUSE Leap 15.6 (x86_64) * nvidia-open-driver-G07-signed-cuda-azure-devel-595.58.03-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-kmp-azure-595.58.03_k6.4.0_150600.8.58-150600.13.6.1 * nvidia-open-driver-G07-signed-kmp-azure-debuginfo-595.58.03_k6.4.0_150600.8.58-150600.13.6.1 * nvidia-open-driver-G07-signed-kmp-azure-595.58.03_k6.4.0_150600.8.58-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-kmp-azure-debuginfo-595.58.03_k6.4.0_150600.8.58-150600.13.6.1 * nvidia-open-driver-G07-signed-azure-devel-595.58.03-150600.13.6.1 * openSUSE Leap 15.6 (noarch) * nvidia-open-driver-G07-signed-check-595.58.03-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-check-595.58.03-150600.13.6.1 * openSUSE Leap 15.6 (aarch64 x86_64) * nv-prefer-signed-open-driver-G07-595.58.03-150600.13.6.1 * nvidia-open-driver-G07-signed-default-devel-595.58.03-150600.13.6.1 * nvidia-open-driver-G07-signed-kmp-default-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * nvidia-open-driver-G07-signed-debugsource-595.58.03-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-kmp-default-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-kmp-default-debuginfo-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-debugsource-595.58.03-150600.13.6.1 * nvidia-open-driver-G07-signed-kmp-default-debuginfo-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-default-devel-595.58.03-150600.13.6.1 * openSUSE Leap 15.6 (aarch64) * nvidia-open-driver-G07-signed-64kb-devel-595.58.03-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-kmp-64kb-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * nvidia-open-driver-G07-signed-kmp-64kb-debuginfo-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-64kb-devel-595.58.03-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-kmp-64kb-debuginfo-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * nvidia-open-driver-G07-signed-kmp-64kb-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 x86_64) * nv-prefer-signed-open-driver-G07-595.58.03-150600.13.6.1 * nvidia-open-driver-G07-signed-default-devel-595.58.03-150600.13.6.1 * nvidia-open-driver-G07-signed-kmp-default-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * nvidia-open-driver-G07-signed-debugsource-595.58.03-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-kmp-default-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-kmp-default-debuginfo-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-debugsource-595.58.03-150600.13.6.1 * nvidia-open-driver-G07-signed-kmp-default-debuginfo-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-default-devel-595.58.03-150600.13.6.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64) * nvidia-open-driver-G07-signed-64kb-devel-595.58.03-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-kmp-64kb-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * nvidia-open-driver-G07-signed-kmp-64kb-debuginfo-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-64kb-devel-595.58.03-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-kmp-64kb-debuginfo-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * nvidia-open-driver-G07-signed-kmp-64kb-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * nv-prefer-signed-open-driver-G07-595.58.03-150600.13.6.1 * nvidia-open-driver-G07-signed-default-devel-595.58.03-150600.13.6.1 * nvidia-open-driver-G07-signed-kmp-default-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * nvidia-open-driver-G07-signed-debugsource-595.58.03-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-kmp-default-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-kmp-default-debuginfo-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-debugsource-595.58.03-150600.13.6.1 * nvidia-open-driver-G07-signed-kmp-default-debuginfo-595.58.03_k6.4.0_150600.23.92-150600.13.6.1 * nvidia-open-driver-G07-signed-cuda-default-devel-595.58.03-150600.13.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1259719 * https://bugzilla.suse.com/show_bug.cgi?id=1260044 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 20:30:21 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 02 Apr 2026 20:30:21 -0000 Subject: SUSE-OU-2026:1175-1: moderate: Optional update for nvidia-open-driver-G07-signed Message-ID: <177516182143.1584.15816302588076245889@c2c2e0ac4d9f> # Optional update for nvidia-open-driver-G07-signed Announcement ID: SUSE-OU-2026:1175-1 Release Date: 2026-04-02T13:39:52Z Rating: moderate References: * bsc#1259719 * bsc#1260044 * jsc#PED-15550 * jsc#PED-15551 Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that contains two features and has two fixes can now be installed. ## Description: This update for nvidia-open-driver-G07-signed fixes the following issues: * adding 'ExcludeArch: %ix86 s390x ppc64le' to no longer get autoclines by buildservice hoping that this wont't break RPM descriptions for -cuda variant again * update CUDA variant to 595.58.03 * update non-CUDA version to 595.58.03 (bsc#1260044) * do not set ExclusiveArch in order to fix RPM description for -cuda variant (bsc#1259719) * improved RPM description for -cuda and non-cuda variant * add 'Provides: open-driver-non-cuda-variant = %version' for non-CUDA variant: * to be able to distinguish between both variants; * to be used by nvidia-open-driver-G07-signed-kmp-meta for TW; * Ships CUDA variant in versin 595.45.04. * Ships non-CUDA variant in version 595.45.04. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1175=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 x86_64) * nvidia-open-driver-G07-signed-kmp-default-595.58.03_k6.4.0_150700.53.34-150700.16.5.1 * nvidia-open-driver-G07-signed-cuda-kmp-default-debuginfo-595.58.03_k6.4.0_150700.53.34-150700.16.5.1 * nvidia-open-driver-G07-signed-default-devel-595.58.03-150700.16.5.1 * nvidia-open-driver-G07-signed-cuda-default-devel-595.58.03-150700.16.5.1 * nv-prefer-signed-open-driver-G07-595.58.03-150700.16.5.1 * nvidia-open-driver-G07-signed-cuda-kmp-default-595.58.03_k6.4.0_150700.53.34-150700.16.5.1 * nvidia-open-driver-G07-signed-cuda-debugsource-595.58.03-150700.16.5.1 * nvidia-open-driver-G07-signed-kmp-default-debuginfo-595.58.03_k6.4.0_150700.53.34-150700.16.5.1 * nvidia-open-driver-G07-signed-debugsource-595.58.03-150700.16.5.1 * Basesystem Module 15-SP7 (aarch64) * nvidia-open-driver-G07-signed-64kb-devel-595.58.03-150700.16.5.1 * nvidia-open-driver-G07-signed-cuda-kmp-64kb-595.58.03_k6.4.0_150700.53.34-150700.16.5.1 * nvidia-open-driver-G07-signed-cuda-kmp-64kb-debuginfo-595.58.03_k6.4.0_150700.53.34-150700.16.5.1 * nvidia-open-driver-G07-signed-cuda-64kb-devel-595.58.03-150700.16.5.1 * nvidia-open-driver-G07-signed-kmp-64kb-debuginfo-595.58.03_k6.4.0_150700.53.34-150700.16.5.1 * nvidia-open-driver-G07-signed-kmp-64kb-595.58.03_k6.4.0_150700.53.34-150700.16.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1259719 * https://bugzilla.suse.com/show_bug.cgi?id=1260044 * https://jira.suse.com/browse/PED-15550 * https://jira.suse.com/browse/PED-15551 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 20:30:26 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 02 Apr 2026 20:30:26 -0000 Subject: SUSE-SU-2026:1174-1: important: Security update for LibVNCServer Message-ID: <177516182635.1584.11085765589215288454@c2c2e0ac4d9f> # Security update for LibVNCServer Announcement ID: SUSE-SU-2026:1174-1 Release Date: 2026-04-02T12:43:28Z Rating: important References: * bsc#1260429 * bsc#1260431 Cross-References: * CVE-2026-32853 * CVE-2026-32854 CVSS scores: * CVE-2026-32853 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32853 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2026-32853 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-32853 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-32854 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32854 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32854 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-32854 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for LibVNCServer fixes the following issues: * CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service (bsc#1260431). * CVE-2026-32854: crafted HTTP requests can cause a denial of service (bsc#1260429). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1174=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1174=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * LibVNCServer-devel-0.9.9-17.44.1 * libvncserver0-0.9.9-17.44.1 * LibVNCServer-debugsource-0.9.9-17.44.1 * libvncserver0-debuginfo-0.9.9-17.44.1 * libvncclient0-0.9.9-17.44.1 * libvncclient0-debuginfo-0.9.9-17.44.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * LibVNCServer-devel-0.9.9-17.44.1 * libvncserver0-0.9.9-17.44.1 * LibVNCServer-debugsource-0.9.9-17.44.1 * libvncserver0-debuginfo-0.9.9-17.44.1 * libvncclient0-0.9.9-17.44.1 * libvncclient0-debuginfo-0.9.9-17.44.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32853.html * https://www.suse.com/security/cve/CVE-2026-32854.html * https://bugzilla.suse.com/show_bug.cgi?id=1260429 * https://bugzilla.suse.com/show_bug.cgi?id=1260431 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 2 20:30:30 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 02 Apr 2026 20:30:30 -0000 Subject: SUSE-SU-2026:1173-1: important: Security update for LibVNCServer Message-ID: <177516183099.1584.9731394376083000564@c2c2e0ac4d9f> # Security update for LibVNCServer Announcement ID: SUSE-SU-2026:1173-1 Release Date: 2026-04-02T12:43:17Z Rating: important References: * bsc#1260429 * bsc#1260431 Cross-References: * CVE-2026-32853 * CVE-2026-32854 CVSS scores: * CVE-2026-32853 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32853 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2026-32853 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-32853 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-32854 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32854 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32854 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-32854 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for LibVNCServer fixes the following issues: * CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service (bsc#1260431). * CVE-2026-32854: crafted HTTP requests can cause a denial of service (bsc#1260429). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1173=1 openSUSE-SLE-15.6-2026-1173=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1173=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1173=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * LibVNCServer-devel-0.9.14-150600.3.6.1 * LibVNCServer-debugsource-0.9.14-150600.3.6.1 * libvncclient1-debuginfo-0.9.14-150600.3.6.1 * libvncserver1-debuginfo-0.9.14-150600.3.6.1 * libvncclient1-0.9.14-150600.3.6.1 * libvncserver1-0.9.14-150600.3.6.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * LibVNCServer-devel-0.9.14-150600.3.6.1 * LibVNCServer-debugsource-0.9.14-150600.3.6.1 * libvncclient1-debuginfo-0.9.14-150600.3.6.1 * libvncserver1-debuginfo-0.9.14-150600.3.6.1 * libvncclient1-0.9.14-150600.3.6.1 * libvncserver1-0.9.14-150600.3.6.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * LibVNCServer-debugsource-0.9.14-150600.3.6.1 * libvncclient1-debuginfo-0.9.14-150600.3.6.1 * libvncserver1-debuginfo-0.9.14-150600.3.6.1 * libvncclient1-0.9.14-150600.3.6.1 * libvncserver1-0.9.14-150600.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32853.html * https://www.suse.com/security/cve/CVE-2026-32854.html * https://bugzilla.suse.com/show_bug.cgi?id=1260429 * https://bugzilla.suse.com/show_bug.cgi?id=1260431 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 6 08:30:16 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 06 Apr 2026 08:30:16 -0000 Subject: SUSE-SU-2026:1188-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 15 SP7) Message-ID: <177546421683.9814.11403548041821125239@f480087f4571> # Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1188-1 Release Date: 2026-04-05T10:34:17Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.3 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1188=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_3-rt-13-150700.2.1 * kernel-livepatch-6_4_0-150700_7_3-rt-debuginfo-13-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_1-debugsource-13-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 6 08:30:25 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 06 Apr 2026 08:30:25 -0000 Subject: SUSE-SU-2026:1187-1: important: Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Message-ID: <177546422577.9814.18317777527462485558@f480087f4571> # Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1187-1 Release Date: 2026-04-05T10:04:24Z Rating: important References: * bsc#1258051 * bsc#1258183 * bsc#1258784 * bsc#1259896 * bsc#1259962 Cross-References: * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.31 fixes various security issues The following security issues were fixed: * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). The following non security issue was fixed: * Fix NULL pointer dereference in smb2_query_server_interfaces Livepatch for to restore a null check of server->ops->query_server_interfaces that was dropped by mistake. (bsc#1259896 bsc#1259962). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1187=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-SLE15-SP7-RT_Update_9-debugsource-2-150700.2.1 * kernel-livepatch-6_4_0-150700_7_31-rt-2-150700.2.1 * kernel-livepatch-6_4_0-150700_7_31-rt-debuginfo-2-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 * https://bugzilla.suse.com/show_bug.cgi?id=1259896 * https://bugzilla.suse.com/show_bug.cgi?id=1259962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 6 08:30:34 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 06 Apr 2026 08:30:34 -0000 Subject: SUSE-SU-2026:1189-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise 15 SP7) Message-ID: <177546423424.9814.2154515863686415640@f480087f4571> # Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1189-1 Release Date: 2026-04-05T10:34:20Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.25 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1189=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1186=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_25-rt-debuginfo-3-150700.2.1 * kernel-livepatch-6_4_0-150700_7_28-rt-debuginfo-3-150700.2.1 * kernel-livepatch-6_4_0-150700_7_25-rt-3-150700.2.1 * kernel-livepatch-6_4_0-150700_7_28-rt-3-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_7-debugsource-3-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_8-debugsource-3-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 6 08:30:46 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 06 Apr 2026 08:30:46 -0000 Subject: SUSE-SU-2026:1185-1: important: Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 15 SP7) Message-ID: <177546424604.9814.1589661867218413905@f480087f4571> # Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1185-1 Release Date: 2026-04-03T16:41:59Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.5 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1185=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1184=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-1183=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1182=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1181=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_19-rt-5-150700.2.1 * kernel-livepatch-6_4_0-150700_7_19-rt-debuginfo-5-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_2-debugsource-12-150700.2.1 * kernel-livepatch-6_4_0-150700_5-rt-13-150700.3.1 * kernel-livepatch-SLE15-SP7-RT_Update_3-debugsource-8-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_0-debugsource-13-150700.3.1 * kernel-livepatch-SLE15-SP7-RT_Update_5-debugsource-5-150700.2.1 * kernel-livepatch-6_4_0-150700_5-rt-debuginfo-13-150700.3.1 * kernel-livepatch-6_4_0-150700_7_13-rt-debuginfo-8-150700.2.1 * kernel-livepatch-6_4_0-150700_7_8-rt-12-150700.2.1 * kernel-livepatch-6_4_0-150700_7_13-rt-8-150700.2.1 * kernel-livepatch-6_4_0-150700_7_8-rt-debuginfo-12-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource-8-150700.2.1 * kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo-8-150700.2.1 * kernel-livepatch-6_4_0-150700_7_16-rt-8-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 6 08:30:55 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 06 Apr 2026 08:30:55 -0000 Subject: SUSE-SU-2026:1180-1: important: Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 15 SP7) Message-ID: <177546425549.9814.12387403711528326414@f480087f4571> # Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1180-1 Release Date: 2026-04-03T16:41:43Z Rating: important References: * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.22 fixes various security issues The following security issues were fixed: * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1180=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_22-rt-debuginfo-4-150700.2.1 * kernel-livepatch-6_4_0-150700_7_22-rt-4-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_6-debugsource-4-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 6 12:31:22 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 06 Apr 2026 12:31:22 -0000 Subject: SUSE-RU-2026:1190-1: moderate: Recommended update for libreoffice Message-ID: <177547868206.10224.11418693222515371686@f480087f4571> # Recommended update for libreoffice Announcement ID: SUSE-RU-2026:1190-1 Release Date: 2026-04-06T07:35:30Z Rating: moderate References: * jsc#PED-15587 Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that contains one feature can now be installed. ## Description: This update for libreoffice fixes the following issues: Libreoffice was updated to version 25.8.5.1 (jsc#PED-15587) * Numbertext is now built-in, no longer an extension. * Updated dependencies: * Updated boost from 1.86.0 to 1.88.0 * Updated fontconfig from 2.16.2 to 2.17.1 * Updated harfbuzz from 8.5.0 to 12.3.0 * Updated icu4c from 75.1 to 77.1 * Updated libgpg-error from 1.55 to 1.56 * Updated pdfium from 6764 to 7012 * Updated poppler from 25.08.0 to 25.12.0 * Updated skia from m130-3c64459d5df2fa9794b277f0959ed8a92552bf4c to m136-28685d899b0a35894743e2cedad4c9f525e90e1e * Added liborcus-0.20.1 * Added mdds-3.1.0 * Added harfbuzz-12.3.0 (replacing harfbuzz-8.5.0) * Removed bundled unowinreg.dll, converttexttonumber, swingExSrc, rhino1_5R5, nlpsolver, numbertext (no longer needed) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1190=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1190=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1190=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1190=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * libreoffice-base-drivers-postgresql-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-calc-25.8.5.1-150500.20.32.6 * libreoffice-draw-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-debugsource-25.8.5.1-150500.20.32.6 * libreoffice-pyuno-25.8.5.1-150500.20.32.6 * libreoffice-writer-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-25.8.5.1-150500.20.32.6 * libreoffice-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-calc-extensions-25.8.5.1-150500.20.32.6 * libreoffice-gnome-25.8.5.1-150500.20.32.6 * libreoffice-writer-25.8.5.1-150500.20.32.6 * libreoffice-math-25.8.5.1-150500.20.32.6 * libreoffice-math-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-calc-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-draw-25.8.5.1-150500.20.32.6 * libreoffice-base-drivers-postgresql-25.8.5.1-150500.20.32.6 * libreoffice-impress-25.8.5.1-150500.20.32.6 * libreoffice-officebean-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-impress-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-gtk3-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-base-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-mailmerge-25.8.5.1-150500.20.32.6 * libreoffice-pyuno-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-writer-extensions-25.8.5.1-150500.20.32.6 * libreoffice-gnome-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-base-25.8.5.1-150500.20.32.6 * libreoffice-gtk3-25.8.5.1-150500.20.32.6 * libreofficekit-25.8.5.1-150500.20.32.6 * libreoffice-officebean-25.8.5.1-150500.20.32.6 * libreoffice-filters-optional-25.8.5.1-150500.20.32.6 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * libreoffice-l10n-el-25.8.5.1-150500.20.32.6 * libreoffice-l10n-en-25.8.5.1-150500.20.32.6 * libreoffice-l10n-tr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ja-25.8.5.1-150500.20.32.6 * libreoffice-l10n-mai-25.8.5.1-150500.20.32.6 * libreoffice-l10n-fa-25.8.5.1-150500.20.32.6 * libreoffice-l10n-zu-25.8.5.1-150500.20.32.6 * libreoffice-l10n-dz-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ga-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ar-25.8.5.1-150500.20.32.6 * libreoffice-branding-upstream-25.8.5.1-150500.20.32.6 * libreoffice-l10n-de-25.8.5.1-150500.20.32.6 * libreoffice-l10n-it-25.8.5.1-150500.20.32.6 * libreoffice-l10n-br-25.8.5.1-150500.20.32.6 * libreoffice-l10n-gu-25.8.5.1-150500.20.32.6 * libreoffice-l10n-hi-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nso-25.8.5.1-150500.20.32.6 * libreoffice-l10n-zh_CN-25.8.5.1-150500.20.32.6 * libreoffice-l10n-mr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ml-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nb-25.8.5.1-150500.20.32.6 * libreoffice-l10n-st-25.8.5.1-150500.20.32.6 * libreoffice-l10n-as-25.8.5.1-150500.20.32.6 * libreoffice-l10n-da-25.8.5.1-150500.20.32.6 * libreoffice-l10n-fi-25.8.5.1-150500.20.32.6 * libreoffice-l10n-eo-25.8.5.1-150500.20.32.6 * libreoffice-l10n-pl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-gl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-uk-25.8.5.1-150500.20.32.6 * libreoffice-l10n-af-25.8.5.1-150500.20.32.6 * libreoffice-icon-themes-25.8.5.1-150500.20.32.6 * libreoffice-l10n-he-25.8.5.1-150500.20.32.6 * libreoffice-l10n-fr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ss-25.8.5.1-150500.20.32.6 * libreoffice-l10n-hy-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sv-25.8.5.1-150500.20.32.6 * libreoffice-l10n-fur-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ta-25.8.5.1-150500.20.32.6 * libreoffice-l10n-eu-25.8.5.1-150500.20.32.6 * libreoffice-l10n-zh_TW-25.8.5.1-150500.20.32.6 * libreoffice-l10n-cs-25.8.5.1-150500.20.32.6 * libreoffice-l10n-or-25.8.5.1-150500.20.32.6 * libreoffice-l10n-et-25.8.5.1-150500.20.32.6 * libreoffice-l10n-pt_PT-25.8.5.1-150500.20.32.6 * libreoffice-l10n-pt_BR-25.8.5.1-150500.20.32.6 * libreoffice-l10n-es-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ts-25.8.5.1-150500.20.32.6 * libreoffice-l10n-xh-25.8.5.1-150500.20.32.6 * libreoffice-l10n-si-25.8.5.1-150500.20.32.6 * libreoffice-l10n-bg-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ca-25.8.5.1-150500.20.32.6 * libreoffice-l10n-cy-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ckb-25.8.5.1-150500.20.32.6 * libreoffice-l10n-kn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ro-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ru-25.8.5.1-150500.20.32.6 * libreoffice-l10n-lv-25.8.5.1-150500.20.32.6 * libreoffice-l10n-bn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-te-25.8.5.1-150500.20.32.6 * libreoffice-l10n-tn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ve-25.8.5.1-150500.20.32.6 * libreoffice-l10n-kk-25.8.5.1-150500.20.32.6 * libreoffice-l10n-hr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sk-25.8.5.1-150500.20.32.6 * libreoffice-l10n-hu-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ko-25.8.5.1-150500.20.32.6 * libreoffice-l10n-pa-25.8.5.1-150500.20.32.6 * libreoffice-l10n-lt-25.8.5.1-150500.20.32.6 * libreoffice-l10n-th-25.8.5.1-150500.20.32.6 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libreoffice-base-drivers-postgresql-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-calc-25.8.5.1-150500.20.32.6 * libreoffice-draw-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-debugsource-25.8.5.1-150500.20.32.6 * libreoffice-pyuno-25.8.5.1-150500.20.32.6 * libreoffice-sdk-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-writer-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-qt5-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-25.8.5.1-150500.20.32.6 * libreoffice-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-calc-extensions-25.8.5.1-150500.20.32.6 * libreoffice-gnome-25.8.5.1-150500.20.32.6 * libreoffice-sdk-25.8.5.1-150500.20.32.6 * libreoffice-writer-25.8.5.1-150500.20.32.6 * libreoffice-math-25.8.5.1-150500.20.32.6 * libreoffice-math-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-calc-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-qt5-25.8.5.1-150500.20.32.6 * libreoffice-draw-25.8.5.1-150500.20.32.6 * libreoffice-base-drivers-postgresql-25.8.5.1-150500.20.32.6 * libreoffice-impress-25.8.5.1-150500.20.32.6 * libreoffice-officebean-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-impress-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-librelogo-25.8.5.1-150500.20.32.6 * libreoffice-gtk3-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-sdk-doc-25.8.5.1-150500.20.32.6 * libreoffice-base-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-mailmerge-25.8.5.1-150500.20.32.6 * libreoffice-pyuno-debuginfo-25.8.5.1-150500.20.32.6 * libreofficekit-devel-25.8.5.1-150500.20.32.6 * libreoffice-writer-extensions-25.8.5.1-150500.20.32.6 * libreoffice-gnome-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-base-25.8.5.1-150500.20.32.6 * libreoffice-gtk3-25.8.5.1-150500.20.32.6 * libreofficekit-25.8.5.1-150500.20.32.6 * libreoffice-base-drivers-firebird-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-officebean-25.8.5.1-150500.20.32.6 * libreoffice-filters-optional-25.8.5.1-150500.20.32.6 * libreoffice-base-drivers-firebird-25.8.5.1-150500.20.32.6 * openSUSE Leap 15.5 (noarch) * libreoffice-l10n-ja-25.8.5.1-150500.20.32.6 * libreoffice-l10n-lo-25.8.5.1-150500.20.32.6 * libreoffice-l10n-bs-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ga-25.8.5.1-150500.20.32.6 * libreoffice-l10n-de-25.8.5.1-150500.20.32.6 * libreoffice-l10n-it-25.8.5.1-150500.20.32.6 * libreoffice-l10n-br-25.8.5.1-150500.20.32.6 * libreoffice-l10n-mk-25.8.5.1-150500.20.32.6 * libreoffice-l10n-dsb-25.8.5.1-150500.20.32.6 * libreoffice-l10n-om-25.8.5.1-150500.20.32.6 * libreoffice-l10n-da-25.8.5.1-150500.20.32.6 * libreoffice-l10n-vi-25.8.5.1-150500.20.32.6 * libreoffice-l10n-he-25.8.5.1-150500.20.32.6 * libreoffice-l10n-be-25.8.5.1-150500.20.32.6 * libreoffice-l10n-fr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-hy-25.8.5.1-150500.20.32.6 * libreoffice-l10n-lb-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-mn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sat-25.8.5.1-150500.20.32.6 * libreoffice-l10n-bo-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ta-25.8.5.1-150500.20.32.6 * libreoffice-l10n-eu-25.8.5.1-150500.20.32.6 * libreoffice-l10n-cs-25.8.5.1-150500.20.32.6 * libreoffice-l10n-pt_BR-25.8.5.1-150500.20.32.6 * libreoffice-l10n-es-25.8.5.1-150500.20.32.6 * libreoffice-l10n-tl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-brx-25.8.5.1-150500.20.32.6 * libreoffice-l10n-si-25.8.5.1-150500.20.32.6 * libreoffice-l10n-bg-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ca-25.8.5.1-150500.20.32.6 * libreoffice-l10n-cy-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ckb-25.8.5.1-150500.20.32.6 * libreoffice-l10n-bn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-kk-25.8.5.1-150500.20.32.6 * libreoffice-l10n-kmr_Latn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-vec-25.8.5.1-150500.20.32.6 * libreoffice-l10n-lt-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ko-25.8.5.1-150500.20.32.6 * libreoffice-l10n-my-25.8.5.1-150500.20.32.6 * libreoffice-l10n-pa-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ab-25.8.5.1-150500.20.32.6 * libreoffice-l10n-el-25.8.5.1-150500.20.32.6 * libreoffice-l10n-gug-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sd-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sq-25.8.5.1-150500.20.32.6 * libreoffice-l10n-gd-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ml-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nb-25.8.5.1-150500.20.32.6 * libreoffice-l10n-tg-25.8.5.1-150500.20.32.6 * libreoffice-l10n-pl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-fi-25.8.5.1-150500.20.32.6 * libreoffice-l10n-id-25.8.5.1-150500.20.32.6 * libreoffice-icon-themes-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sv-25.8.5.1-150500.20.32.6 * libreoffice-l10n-fy-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ne-25.8.5.1-150500.20.32.6 * libreoffice-l10n-en_ZA-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ts-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ka-25.8.5.1-150500.20.32.6 * libreoffice-l10n-kn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-te-25.8.5.1-150500.20.32.6 * libreoffice-l10n-tn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-szl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-hr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-mni-25.8.5.1-150500.20.32.6 * libreoffice-l10n-hu-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ca_valencia-25.8.5.1-150500.20.32.6 * libreoffice-l10n-th-25.8.5.1-150500.20.32.6 * libreoffice-l10n-tr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-en-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sid-25.8.5.1-150500.20.32.6 * libreoffice-l10n-dz-25.8.5.1-150500.20.32.6 * libreoffice-gdb-pretty-printers-25.8.5.1-150500.20.32.6 * libreoffice-l10n-gu-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nso-25.8.5.1-150500.20.32.6 * libreoffice-l10n-mr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-is-25.8.5.1-150500.20.32.6 * libreoffice-kdeintegration-25.8.5.1-150500.20.32.6 * libreoffice-l10n-rw-25.8.5.1-150500.20.32.6 * libreoffice-l10n-as-25.8.5.1-150500.20.32.6 * libreoffice-l10n-oc-25.8.5.1-150500.20.32.6 * libreoffice-l10n-tt-25.8.5.1-150500.20.32.6 * libreoffice-l10n-eo-25.8.5.1-150500.20.32.6 * libreoffice-l10n-kab-25.8.5.1-150500.20.32.6 * libreoffice-l10n-en_GB-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ks-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sat_Olck-25.8.5.1-150500.20.32.6 * libreoffice-l10n-hsb-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sa_IN-25.8.5.1-150500.20.32.6 * libreoffice-l10n-fur-25.8.5.1-150500.20.32.6 * libreoffice-l10n-zh_TW-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ug-25.8.5.1-150500.20.32.6 * libreoffice-l10n-km-25.8.5.1-150500.20.32.6 * libreoffice-l10n-pt_PT-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ro-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ve-25.8.5.1-150500.20.32.6 * libreoffice-l10n-uz-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-zh_CN-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sw_TZ-25.8.5.1-150500.20.32.6 * libreoffice-l10n-mai-25.8.5.1-150500.20.32.6 * libreoffice-l10n-zu-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ast-25.8.5.1-150500.20.32.6 * libreoffice-l10n-fa-25.8.5.1-150500.20.32.6 * libreoffice-l10n-dgo-25.8.5.1-150500.20.32.6 * libreoffice-branding-upstream-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ar-25.8.5.1-150500.20.32.6 * libreoffice-l10n-hi-25.8.5.1-150500.20.32.6 * libreoffice-l10n-st-25.8.5.1-150500.20.32.6 * libreoffice-l10n-uk-25.8.5.1-150500.20.32.6 * libreoffice-l10n-bn_IN-25.8.5.1-150500.20.32.6 * libreoffice-l10n-gl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-af-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ss-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-kok-25.8.5.1-150500.20.32.6 * libreoffice-l10n-or-25.8.5.1-150500.20.32.6 * libreoffice-l10n-et-25.8.5.1-150500.20.32.6 * libreoffice-l10n-am-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-xh-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ru-25.8.5.1-150500.20.32.6 * libreoffice-l10n-lv-25.8.5.1-150500.20.32.6 * libreoffice-glade-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sk-25.8.5.1-150500.20.32.6 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libreoffice-base-drivers-postgresql-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-calc-25.8.5.1-150500.20.32.6 * libreoffice-draw-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-debugsource-25.8.5.1-150500.20.32.6 * libreoffice-pyuno-25.8.5.1-150500.20.32.6 * libreoffice-sdk-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-writer-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-qt5-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-25.8.5.1-150500.20.32.6 * libreoffice-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-calc-extensions-25.8.5.1-150500.20.32.6 * libreoffice-gnome-25.8.5.1-150500.20.32.6 * libreoffice-sdk-25.8.5.1-150500.20.32.6 * libreoffice-writer-25.8.5.1-150500.20.32.6 * libreoffice-math-25.8.5.1-150500.20.32.6 * libreoffice-math-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-calc-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-qt5-25.8.5.1-150500.20.32.6 * libreoffice-draw-25.8.5.1-150500.20.32.6 * libreoffice-base-drivers-postgresql-25.8.5.1-150500.20.32.6 * libreoffice-impress-25.8.5.1-150500.20.32.6 * libreoffice-officebean-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-impress-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-librelogo-25.8.5.1-150500.20.32.6 * libreoffice-gtk3-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-sdk-doc-25.8.5.1-150500.20.32.6 * libreoffice-base-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-mailmerge-25.8.5.1-150500.20.32.6 * libreoffice-pyuno-debuginfo-25.8.5.1-150500.20.32.6 * libreofficekit-devel-25.8.5.1-150500.20.32.6 * libreoffice-writer-extensions-25.8.5.1-150500.20.32.6 * libreoffice-gnome-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-base-25.8.5.1-150500.20.32.6 * libreoffice-gtk3-25.8.5.1-150500.20.32.6 * libreofficekit-25.8.5.1-150500.20.32.6 * libreoffice-base-drivers-firebird-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-officebean-25.8.5.1-150500.20.32.6 * libreoffice-filters-optional-25.8.5.1-150500.20.32.6 * libreoffice-base-drivers-firebird-25.8.5.1-150500.20.32.6 * openSUSE Leap 15.6 (noarch) * libreoffice-l10n-ja-25.8.5.1-150500.20.32.6 * libreoffice-l10n-lo-25.8.5.1-150500.20.32.6 * libreoffice-l10n-bs-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ga-25.8.5.1-150500.20.32.6 * libreoffice-l10n-de-25.8.5.1-150500.20.32.6 * libreoffice-l10n-it-25.8.5.1-150500.20.32.6 * libreoffice-l10n-br-25.8.5.1-150500.20.32.6 * libreoffice-l10n-mk-25.8.5.1-150500.20.32.6 * libreoffice-l10n-dsb-25.8.5.1-150500.20.32.6 * libreoffice-l10n-om-25.8.5.1-150500.20.32.6 * libreoffice-l10n-da-25.8.5.1-150500.20.32.6 * libreoffice-l10n-vi-25.8.5.1-150500.20.32.6 * libreoffice-l10n-he-25.8.5.1-150500.20.32.6 * libreoffice-l10n-be-25.8.5.1-150500.20.32.6 * libreoffice-l10n-fr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-hy-25.8.5.1-150500.20.32.6 * libreoffice-l10n-lb-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-mn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sat-25.8.5.1-150500.20.32.6 * libreoffice-l10n-bo-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ta-25.8.5.1-150500.20.32.6 * libreoffice-l10n-eu-25.8.5.1-150500.20.32.6 * libreoffice-l10n-cs-25.8.5.1-150500.20.32.6 * libreoffice-l10n-pt_BR-25.8.5.1-150500.20.32.6 * libreoffice-l10n-es-25.8.5.1-150500.20.32.6 * libreoffice-l10n-brx-25.8.5.1-150500.20.32.6 * libreoffice-l10n-si-25.8.5.1-150500.20.32.6 * libreoffice-l10n-bg-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ca-25.8.5.1-150500.20.32.6 * libreoffice-l10n-cy-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ckb-25.8.5.1-150500.20.32.6 * libreoffice-l10n-bn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-kk-25.8.5.1-150500.20.32.6 * libreoffice-l10n-kmr_Latn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-vec-25.8.5.1-150500.20.32.6 * libreoffice-l10n-lt-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ko-25.8.5.1-150500.20.32.6 * libreoffice-l10n-pa-25.8.5.1-150500.20.32.6 * libreoffice-l10n-my-25.8.5.1-150500.20.32.6 * libreoffice-l10n-el-25.8.5.1-150500.20.32.6 * libreoffice-l10n-gug-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sd-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sq-25.8.5.1-150500.20.32.6 * libreoffice-l10n-gd-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ml-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nb-25.8.5.1-150500.20.32.6 * libreoffice-l10n-tg-25.8.5.1-150500.20.32.6 * libreoffice-l10n-pl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-fi-25.8.5.1-150500.20.32.6 * libreoffice-l10n-id-25.8.5.1-150500.20.32.6 * libreoffice-icon-themes-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sv-25.8.5.1-150500.20.32.6 * libreoffice-l10n-fy-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ne-25.8.5.1-150500.20.32.6 * libreoffice-l10n-en_ZA-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ts-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ka-25.8.5.1-150500.20.32.6 * libreoffice-l10n-kn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-te-25.8.5.1-150500.20.32.6 * libreoffice-l10n-tn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-szl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-hr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-mni-25.8.5.1-150500.20.32.6 * libreoffice-l10n-hu-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ca_valencia-25.8.5.1-150500.20.32.6 * libreoffice-l10n-th-25.8.5.1-150500.20.32.6 * libreoffice-l10n-tr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-en-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sid-25.8.5.1-150500.20.32.6 * libreoffice-l10n-dz-25.8.5.1-150500.20.32.6 * libreoffice-gdb-pretty-printers-25.8.5.1-150500.20.32.6 * libreoffice-l10n-gu-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nso-25.8.5.1-150500.20.32.6 * libreoffice-l10n-mr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-is-25.8.5.1-150500.20.32.6 * libreoffice-l10n-rw-25.8.5.1-150500.20.32.6 * libreoffice-l10n-as-25.8.5.1-150500.20.32.6 * libreoffice-l10n-oc-25.8.5.1-150500.20.32.6 * libreoffice-l10n-tt-25.8.5.1-150500.20.32.6 * libreoffice-l10n-eo-25.8.5.1-150500.20.32.6 * libreoffice-l10n-kab-25.8.5.1-150500.20.32.6 * libreoffice-l10n-en_GB-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ks-25.8.5.1-150500.20.32.6 * libreoffice-l10n-hsb-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sa_IN-25.8.5.1-150500.20.32.6 * libreoffice-l10n-fur-25.8.5.1-150500.20.32.6 * libreoffice-l10n-zh_TW-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ug-25.8.5.1-150500.20.32.6 * libreoffice-l10n-km-25.8.5.1-150500.20.32.6 * libreoffice-l10n-pt_PT-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ro-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ve-25.8.5.1-150500.20.32.6 * libreoffice-l10n-uz-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-zh_CN-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sw_TZ-25.8.5.1-150500.20.32.6 * libreoffice-l10n-mai-25.8.5.1-150500.20.32.6 * libreoffice-l10n-zu-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ast-25.8.5.1-150500.20.32.6 * libreoffice-l10n-fa-25.8.5.1-150500.20.32.6 * libreoffice-l10n-dgo-25.8.5.1-150500.20.32.6 * libreoffice-branding-upstream-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ar-25.8.5.1-150500.20.32.6 * libreoffice-l10n-hi-25.8.5.1-150500.20.32.6 * libreoffice-l10n-st-25.8.5.1-150500.20.32.6 * libreoffice-l10n-uk-25.8.5.1-150500.20.32.6 * libreoffice-l10n-bn_IN-25.8.5.1-150500.20.32.6 * libreoffice-l10n-gl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-af-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ss-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-kok-25.8.5.1-150500.20.32.6 * libreoffice-l10n-or-25.8.5.1-150500.20.32.6 * libreoffice-l10n-et-25.8.5.1-150500.20.32.6 * libreoffice-l10n-am-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-xh-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ru-25.8.5.1-150500.20.32.6 * libreoffice-l10n-lv-25.8.5.1-150500.20.32.6 * libreoffice-glade-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sk-25.8.5.1-150500.20.32.6 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le) * libreoffice-base-drivers-postgresql-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-calc-25.8.5.1-150500.20.32.6 * libreoffice-draw-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-debugsource-25.8.5.1-150500.20.32.6 * libreoffice-pyuno-25.8.5.1-150500.20.32.6 * libreoffice-sdk-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-writer-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-qt5-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-25.8.5.1-150500.20.32.6 * libreoffice-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-calc-extensions-25.8.5.1-150500.20.32.6 * libreoffice-gnome-25.8.5.1-150500.20.32.6 * libreoffice-sdk-25.8.5.1-150500.20.32.6 * libreoffice-writer-25.8.5.1-150500.20.32.6 * libreoffice-math-25.8.5.1-150500.20.32.6 * libreoffice-math-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-calc-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-qt5-25.8.5.1-150500.20.32.6 * libreoffice-draw-25.8.5.1-150500.20.32.6 * libreoffice-base-drivers-postgresql-25.8.5.1-150500.20.32.6 * libreoffice-impress-25.8.5.1-150500.20.32.6 * libreoffice-officebean-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-impress-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-librelogo-25.8.5.1-150500.20.32.6 * libreoffice-gtk3-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-sdk-doc-25.8.5.1-150500.20.32.6 * libreoffice-base-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-mailmerge-25.8.5.1-150500.20.32.6 * libreoffice-pyuno-debuginfo-25.8.5.1-150500.20.32.6 * libreofficekit-devel-25.8.5.1-150500.20.32.6 * libreoffice-writer-extensions-25.8.5.1-150500.20.32.6 * libreoffice-gnome-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-base-25.8.5.1-150500.20.32.6 * libreoffice-gtk3-25.8.5.1-150500.20.32.6 * libreofficekit-25.8.5.1-150500.20.32.6 * libreoffice-officebean-25.8.5.1-150500.20.32.6 * libreoffice-filters-optional-25.8.5.1-150500.20.32.6 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le x86_64) * libreoffice-base-drivers-firebird-debuginfo-25.8.5.1-150500.20.32.6 * libreoffice-base-drivers-firebird-25.8.5.1-150500.20.32.6 * SUSE Package Hub 15 15-SP7 (noarch) * libreoffice-l10n-ja-25.8.5.1-150500.20.32.6 * libreoffice-l10n-lo-25.8.5.1-150500.20.32.6 * libreoffice-l10n-bs-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ga-25.8.5.1-150500.20.32.6 * libreoffice-l10n-de-25.8.5.1-150500.20.32.6 * libreoffice-l10n-it-25.8.5.1-150500.20.32.6 * libreoffice-l10n-br-25.8.5.1-150500.20.32.6 * libreoffice-l10n-mk-25.8.5.1-150500.20.32.6 * libreoffice-l10n-dsb-25.8.5.1-150500.20.32.6 * libreoffice-l10n-om-25.8.5.1-150500.20.32.6 * libreoffice-l10n-da-25.8.5.1-150500.20.32.6 * libreoffice-l10n-vi-25.8.5.1-150500.20.32.6 * libreoffice-l10n-he-25.8.5.1-150500.20.32.6 * libreoffice-l10n-be-25.8.5.1-150500.20.32.6 * libreoffice-l10n-fr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-lb-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-mn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sat-25.8.5.1-150500.20.32.6 * libreoffice-l10n-bo-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ta-25.8.5.1-150500.20.32.6 * libreoffice-l10n-eu-25.8.5.1-150500.20.32.6 * libreoffice-l10n-cs-25.8.5.1-150500.20.32.6 * libreoffice-l10n-pt_BR-25.8.5.1-150500.20.32.6 * libreoffice-l10n-es-25.8.5.1-150500.20.32.6 * libreoffice-l10n-brx-25.8.5.1-150500.20.32.6 * libreoffice-l10n-si-25.8.5.1-150500.20.32.6 * libreoffice-l10n-bg-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ca-25.8.5.1-150500.20.32.6 * libreoffice-l10n-cy-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ckb-25.8.5.1-150500.20.32.6 * libreoffice-l10n-bn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-kk-25.8.5.1-150500.20.32.6 * libreoffice-l10n-kmr_Latn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-vec-25.8.5.1-150500.20.32.6 * libreoffice-l10n-lt-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ko-25.8.5.1-150500.20.32.6 * libreoffice-l10n-pa-25.8.5.1-150500.20.32.6 * libreoffice-l10n-my-25.8.5.1-150500.20.32.6 * libreoffice-l10n-el-25.8.5.1-150500.20.32.6 * libreoffice-l10n-gug-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sd-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sq-25.8.5.1-150500.20.32.6 * libreoffice-l10n-gd-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ml-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nb-25.8.5.1-150500.20.32.6 * libreoffice-l10n-tg-25.8.5.1-150500.20.32.6 * libreoffice-l10n-pl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-fi-25.8.5.1-150500.20.32.6 * libreoffice-l10n-id-25.8.5.1-150500.20.32.6 * libreoffice-icon-themes-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sv-25.8.5.1-150500.20.32.6 * libreoffice-l10n-fy-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ne-25.8.5.1-150500.20.32.6 * libreoffice-l10n-en_ZA-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ts-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ka-25.8.5.1-150500.20.32.6 * libreoffice-l10n-kn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-te-25.8.5.1-150500.20.32.6 * libreoffice-l10n-tn-25.8.5.1-150500.20.32.6 * libreoffice-l10n-szl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-hr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-mni-25.8.5.1-150500.20.32.6 * libreoffice-l10n-hu-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ca_valencia-25.8.5.1-150500.20.32.6 * libreoffice-l10n-th-25.8.5.1-150500.20.32.6 * libreoffice-l10n-tr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-en-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sid-25.8.5.1-150500.20.32.6 * libreoffice-l10n-dz-25.8.5.1-150500.20.32.6 * libreoffice-gdb-pretty-printers-25.8.5.1-150500.20.32.6 * libreoffice-l10n-gu-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nso-25.8.5.1-150500.20.32.6 * libreoffice-l10n-mr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-is-25.8.5.1-150500.20.32.6 * libreoffice-l10n-rw-25.8.5.1-150500.20.32.6 * libreoffice-l10n-as-25.8.5.1-150500.20.32.6 * libreoffice-l10n-oc-25.8.5.1-150500.20.32.6 * libreoffice-l10n-tt-25.8.5.1-150500.20.32.6 * libreoffice-l10n-eo-25.8.5.1-150500.20.32.6 * libreoffice-l10n-kab-25.8.5.1-150500.20.32.6 * libreoffice-l10n-en_GB-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ks-25.8.5.1-150500.20.32.6 * libreoffice-l10n-hsb-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sa_IN-25.8.5.1-150500.20.32.6 * libreoffice-l10n-fur-25.8.5.1-150500.20.32.6 * libreoffice-l10n-zh_TW-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ug-25.8.5.1-150500.20.32.6 * libreoffice-l10n-km-25.8.5.1-150500.20.32.6 * libreoffice-l10n-pt_PT-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ro-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ve-25.8.5.1-150500.20.32.6 * libreoffice-l10n-uz-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-zh_CN-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sw_TZ-25.8.5.1-150500.20.32.6 * libreoffice-l10n-mai-25.8.5.1-150500.20.32.6 * libreoffice-l10n-zu-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ast-25.8.5.1-150500.20.32.6 * libreoffice-l10n-fa-25.8.5.1-150500.20.32.6 * libreoffice-l10n-dgo-25.8.5.1-150500.20.32.6 * libreoffice-branding-upstream-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ar-25.8.5.1-150500.20.32.6 * libreoffice-l10n-hi-25.8.5.1-150500.20.32.6 * libreoffice-l10n-st-25.8.5.1-150500.20.32.6 * libreoffice-l10n-uk-25.8.5.1-150500.20.32.6 * libreoffice-l10n-bn_IN-25.8.5.1-150500.20.32.6 * libreoffice-l10n-gl-25.8.5.1-150500.20.32.6 * libreoffice-l10n-af-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ss-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-kok-25.8.5.1-150500.20.32.6 * libreoffice-l10n-or-25.8.5.1-150500.20.32.6 * libreoffice-l10n-et-25.8.5.1-150500.20.32.6 * libreoffice-l10n-am-25.8.5.1-150500.20.32.6 * libreoffice-l10n-nr-25.8.5.1-150500.20.32.6 * libreoffice-l10n-xh-25.8.5.1-150500.20.32.6 * libreoffice-l10n-ru-25.8.5.1-150500.20.32.6 * libreoffice-l10n-lv-25.8.5.1-150500.20.32.6 * libreoffice-glade-25.8.5.1-150500.20.32.6 * libreoffice-l10n-sk-25.8.5.1-150500.20.32.6 ## References: * https://jira.suse.com/browse/PED-15587 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 6 16:30:06 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 06 Apr 2026 16:30:06 -0000 Subject: SUSE-SU-2026:1191-1: moderate: Security update for avahi Message-ID: <177549300655.10646.9335150306051604817@f480087f4571> # Security update for avahi Announcement ID: SUSE-SU-2026:1191-1 Release Date: 2026-04-06T10:54:02Z Rating: moderate References: * bsc#1257235 Cross-References: * CVE-2026-24401 CVSS scores: * CVE-2026-24401 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for avahi fixes the following issue: * CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record (bsc#1257235). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1191=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1191=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libavahi-client3-debuginfo-0.7-150100.3.49.1 * libavahi-common3-debuginfo-0.7-150100.3.49.1 * libavahi-core7-debuginfo-0.7-150100.3.49.1 * libavahi-core7-0.7-150100.3.49.1 * avahi-debugsource-0.7-150100.3.49.1 * libavahi-common3-0.7-150100.3.49.1 * avahi-debuginfo-0.7-150100.3.49.1 * avahi-0.7-150100.3.49.1 * libavahi-client3-0.7-150100.3.49.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libavahi-client3-debuginfo-0.7-150100.3.49.1 * libavahi-common3-debuginfo-0.7-150100.3.49.1 * libavahi-core7-debuginfo-0.7-150100.3.49.1 * libavahi-core7-0.7-150100.3.49.1 * avahi-debugsource-0.7-150100.3.49.1 * libavahi-common3-0.7-150100.3.49.1 * avahi-debuginfo-0.7-150100.3.49.1 * avahi-0.7-150100.3.49.1 * libavahi-client3-0.7-150100.3.49.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24401.html * https://bugzilla.suse.com/show_bug.cgi?id=1257235 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 12:30:07 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 12:30:07 -0000 Subject: SUSE-SU-2026:20960-1: important: Security update for python-pyOpenSSL Message-ID: <177556500776.15499.2493489280717186392@7334c935c7bb> # Security update for python-pyOpenSSL Announcement ID: SUSE-SU-2026:20960-1 Release Date: 2026-04-01T10:05:29Z Rating: important References: * bsc#1259804 * bsc#1259808 Cross-References: * CVE-2026-27448 * CVE-2026-27459 CVSS scores: * CVE-2026-27448 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27448 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27448 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27448 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27459 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-27459 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-27459 ( NVD ): 7.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27459 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-pyOpenSSL fixes the following issues: * CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804). * CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-649=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * python311-pyOpenSSL-24.0.0-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27448.html * https://www.suse.com/security/cve/CVE-2026-27459.html * https://bugzilla.suse.com/show_bug.cgi?id=1259804 * https://bugzilla.suse.com/show_bug.cgi?id=1259808 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 12:30:14 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 12:30:14 -0000 Subject: SUSE-SU-2026:20959-1: important: Security update for tar Message-ID: <177556501444.15499.7161449583773344716@7334c935c7bb> # Security update for tar Announcement ID: SUSE-SU-2026:20959-1 Release Date: 2026-04-01T10:02:31Z Rating: important References: * bsc#1246399 Cross-References: * CVE-2025-45582 CVSS scores: * CVE-2025-45582 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-45582 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-45582 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for tar fixes the following issue: * CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-650=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * tar-debuginfo-1.35-3.1 * tar-debugsource-1.35-3.1 * tar-1.35-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-45582.html * https://bugzilla.suse.com/show_bug.cgi?id=1246399 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 12:30:19 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 12:30:19 -0000 Subject: SUSE-RU-2026:20958-1: moderate: Recommended update for nvidia-open-driver-G07-signed Message-ID: <177556501921.15499.6883887447445991665@7334c935c7bb> # Recommended update for nvidia-open-driver-G07-signed Announcement ID: SUSE-RU-2026:20958-1 Release Date: 2026-04-01T07:59:36Z Rating: moderate References: * bsc#1259719 * bsc#1260044 Affected Products: * SUSE Linux Micro 6.0 An update that has two fixes can now be installed. ## Description: This update for nvidia-open-driver-G07-signed fixes the following issues: * update CUDA variant to 595.58.03 * update non-CUDA version to 595.58.03 (bsc#1260044) * add 'Provides: open-driver-non-cuda-variant = %version' for non-CUDA variant to be able to distinguish between both variants; to be used by nvidia-open- driver-G07-signed-kmp-meta for TW ... ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-317=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 x86_64) * nvidia-open-driver-G07-signed-cuda-kmp-default-debuginfo-595.58.03_k6.4.0_40-1.1 * nvidia-open-driver-G07-signed-kmp-default-debuginfo-595.58.03_k6.4.0_40-1.1 * nvidia-open-driver-G07-signed-cuda-debugsource-595.58.03-1.1 * nvidia-open-driver-G07-signed-debugsource-595.58.03-1.1 * nvidia-open-driver-G07-signed-cuda-kmp-default-595.58.03_k6.4.0_40-1.1 * nvidia-open-driver-G07-signed-kmp-default-595.58.03_k6.4.0_40-1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1259719 * https://bugzilla.suse.com/show_bug.cgi?id=1260044 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 12:30:21 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 12:30:21 -0000 Subject: SUSE-RU-2026:20957-1: moderate: Recommended update for rust-keylime Message-ID: <177556502192.15499.11679675523192966614@7334c935c7bb> # Recommended update for rust-keylime Announcement ID: SUSE-RU-2026:20957-1 Release Date: 2026-03-31T09:56:00Z Rating: moderate References: * bsc#1259963 Affected Products: * SUSE Linux Micro 6.0 An update that has one fix can now be installed. ## Description: This update for rust-keylime fixes the following issues: * Suggests only the IMA policy package, and keep it as example (bsc#1259963) * Add a patch to re-generate TSS bindings * Update to version 0.2.9+8: * build(deps): * bump thiserror from 2.0.17 to 2.0.18 * bump docker/login-action from 3 to 4 * bump docker/metadata-action from 5 to 6 * bump docker/build-push-action from 6 to 7 * bump actions/upload-artifact from 6 to 7 * bump mockoon/cli-action from 2 to 3 * bump http from 1.3.1 to 1.4.0 * bump serde from 1.0.219 to 1.0.228 * bump clap from 4.5.45 to 4.5.54 * bump actix-web from 4.11.0 to 4.12.1 * Remove generate-bindings feature from tss-esapi * Use port constants instead of hardcoded values in tests * push-attestation: * use registrar TLS port when TLS is enabled * drop support for mTLS to registrar * drop mTLS support and require PoP authentication * drop self-signed mTLS certificate generation * dist: Make the services to conflict with each other * cargo: * bump tracing_subscriber to version 0.3.20 * bump time to version 0.3.47 * Update reqwest from 0.12 to 0.13 * auth: * load CA certificate in authentication client * reuse existing ContextInfo to avoid duplicate TPM objects * packit: add missing e2e tests * registrar: rename insecure option to disable_tls * config: * add missing config options to keylime-agent.conf * add support for "default" in registrar_api_versions option * add support for "default" in registrar_tls_ca_cert option * drop unused config options and constants * resilient_client: reauthenticate if a 403 error is received ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-648=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * rust-keylime-0.2.9+8-1.1 * rust-keylime-debuginfo-0.2.9+8-1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1259963 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 12:30:26 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 12:30:26 -0000 Subject: SUSE-SU-2026:20956-1: important: Security update for python311 Message-ID: <177556502659.15499.16480340250441603956@7334c935c7bb> # Security update for python311 Announcement ID: SUSE-SU-2026:20956-1 Release Date: 2026-03-31T09:41:48Z Rating: important References: * bsc#1257181 * bsc#1259240 Cross-References: * CVE-2026-1299 * CVE-2026-2297 CVSS scores: * CVE-2026-1299 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-1299 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-2297 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-2297 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for python311 fixes the following issues: * CVE-2026-1299: header injection when an email is serialized due to improper newline quoting (bsc#1257181). * CVE-2026-2297: validation bypass via incorrectly handled hook in FileLoader (bsc#1259240). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-647=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * python311-debugsource-3.11.15-2.1 * python311-base-3.11.15-2.1 * libpython3_11-1_0-3.11.15-2.1 * python311-3.11.15-2.1 * python311-base-debuginfo-3.11.15-2.1 * python311-curses-debuginfo-3.11.15-2.1 * libpython3_11-1_0-debuginfo-3.11.15-2.1 * python311-debuginfo-3.11.15-2.1 * python311-curses-3.11.15-2.1 * python311-core-debugsource-3.11.15-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1299.html * https://www.suse.com/security/cve/CVE-2026-2297.html * https://bugzilla.suse.com/show_bug.cgi?id=1257181 * https://bugzilla.suse.com/show_bug.cgi?id=1259240 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 12:30:30 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 12:30:30 -0000 Subject: SUSE-SU-2026:20955-1: important: Security update for tar Message-ID: <177556503016.15499.13064269835930733800@7334c935c7bb> # Security update for tar Announcement ID: SUSE-SU-2026:20955-1 Release Date: 2026-04-01T09:39:38Z Rating: important References: * bsc#1246399 Cross-References: * CVE-2025-45582 CVSS scores: * CVE-2025-45582 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-45582 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-45582 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for tar fixes the following issue: * CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-468=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * tar-1.35-slfo.1.1_3.1 * tar-debugsource-1.35-slfo.1.1_3.1 * tar-debuginfo-1.35-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-45582.html * https://bugzilla.suse.com/show_bug.cgi?id=1246399 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 12:30:35 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 12:30:35 -0000 Subject: SUSE-SU-2026:20954-1: important: Security update for python-pyOpenSSL Message-ID: <177556503520.15499.12456089208077933788@7334c935c7bb> # Security update for python-pyOpenSSL Announcement ID: SUSE-SU-2026:20954-1 Release Date: 2026-04-01T09:35:17Z Rating: important References: * bsc#1259804 * bsc#1259808 Cross-References: * CVE-2026-27448 * CVE-2026-27459 CVSS scores: * CVE-2026-27448 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27448 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27448 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27448 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27459 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-27459 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-27459 ( NVD ): 7.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27459 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-pyOpenSSL fixes the following issues: * CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804). * CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-467=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * python311-pyOpenSSL-24.0.0-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27448.html * https://www.suse.com/security/cve/CVE-2026-27459.html * https://bugzilla.suse.com/show_bug.cgi?id=1259804 * https://bugzilla.suse.com/show_bug.cgi?id=1259808 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 12:30:41 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 12:30:41 -0000 Subject: SUSE-RU-2026:20953-1: moderate: Recommended update for nvidia-open-driver-G07-signed Message-ID: <177556504119.15499.13423070909956502748@7334c935c7bb> # Recommended update for nvidia-open-driver-G07-signed Announcement ID: SUSE-RU-2026:20953-1 Release Date: 2026-04-01T08:07:47Z Rating: moderate References: * bsc#1259719 * bsc#1260044 Affected Products: * SUSE Linux Micro 6.1 An update that has two fixes can now be installed. ## Description: This update for nvidia-open-driver-G07-signed fixes the following issues: * update CUDA variant to 595.58.03 * update non-CUDA version to 595.58.03 (bsc#1260044) * add 'Provides: open-driver-non-cuda-variant = %version' for non-CUDA variant to be able to distinguish between both variants; to be used by nvidia-open- driver-G07-signed-kmp-meta for TW ... ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-317=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 x86_64) * nvidia-open-driver-G07-signed-cuda-kmp-default-debuginfo-595.58.03_k6.4.0_40-1.1 * nvidia-open-driver-G07-signed-kmp-default-debuginfo-595.58.03_k6.4.0_40-1.1 * nvidia-open-driver-G07-signed-cuda-debugsource-595.58.03-1.1 * nvidia-open-driver-G07-signed-debugsource-595.58.03-1.1 * nvidia-open-driver-G07-signed-cuda-kmp-default-595.58.03_k6.4.0_40-1.1 * nvidia-open-driver-G07-signed-kmp-default-595.58.03_k6.4.0_40-1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1259719 * https://bugzilla.suse.com/show_bug.cgi?id=1260044 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 12:30:43 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 12:30:43 -0000 Subject: SUSE-RU-2026:20952-1: moderate: Recommended update for rust-keylime Message-ID: <177556504385.15499.8159440972985251730@7334c935c7bb> # Recommended update for rust-keylime Announcement ID: SUSE-RU-2026:20952-1 Release Date: 2026-03-31T09:59:46Z Rating: moderate References: * bsc#1259963 Affected Products: * SUSE Linux Micro 6.1 An update that has one fix can now be installed. ## Description: This update for rust-keylime fixes the following issues: * Suggests only the IMA policy package, and keep it as example (bsc#1259963) * Add a patch to re-generate TSS bindings * Update to version 0.2.9+8: * build(deps): * bump thiserror from 2.0.17 to 2.0.18 * bump docker/login-action from 3 to 4 * bump docker/metadata-action from 5 to 6 * bump docker/build-push-action from 6 to 7 * bump actions/upload-artifact from 6 to 7 * bump mockoon/cli-action from 2 to 3 * bump http from 1.3.1 to 1.4.0 * bump serde from 1.0.219 to 1.0.228 * bump clap from 4.5.45 to 4.5.54 * bump actix-web from 4.11.0 to 4.12.1 * Remove generate-bindings feature from tss-esapi * Use port constants instead of hardcoded values in tests * push-attestation: * use registrar TLS port when TLS is enabled * drop support for mTLS to registrar * drop mTLS support and require PoP authentication * drop self-signed mTLS certificate generation * dist: Make the services to conflict with each other * cargo: * bump tracing_subscriber to version 0.3.20 * bump time to version 0.3.47 * Update reqwest from 0.12 to 0.13 * auth: * load CA certificate in authentication client * reuse existing ContextInfo to avoid duplicate TPM objects * packit: add missing e2e tests * registrar: rename insecure option to disable_tls * config: * add missing config options to keylime-agent.conf * add support for "default" in registrar_api_versions option * add support for "default" in registrar_tls_ca_cert option * drop unused config options and constants * resilient_client: reauthenticate if a 403 error is received ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-466=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * rust-keylime-0.2.9+8-slfo.1.1_1.1 * rust-keylime-debugsource-0.2.9+8-slfo.1.1_1.1 * rust-keylime-debuginfo-0.2.9+8-slfo.1.1_1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1259963 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 12:30:48 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 12:30:48 -0000 Subject: SUSE-SU-2026:20951-1: important: Security update for python311 Message-ID: <177556504806.15499.11594731817003952500@7334c935c7bb> # Security update for python311 Announcement ID: SUSE-SU-2026:20951-1 Release Date: 2026-03-31T09:07:06Z Rating: important References: * bsc#1257181 * bsc#1259240 Cross-References: * CVE-2026-1299 * CVE-2026-2297 CVSS scores: * CVE-2026-1299 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-1299 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-2297 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-2297 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for python311 fixes the following issues: * CVE-2026-1299: header injection when an email is serialized due to improper newline quoting (bsc#1257181). * CVE-2026-2297: validation bypass via incorrectly handled hook in FileLoader (bsc#1259240). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-465=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * python311-3.11.15-slfo.1.1_2.1 * python311-curses-3.11.15-slfo.1.1_2.1 * libpython3_11-1_0-3.11.15-slfo.1.1_2.1 * python311-base-3.11.15-slfo.1.1_2.1 * python311-debuginfo-3.11.15-slfo.1.1_2.1 * libpython3_11-1_0-debuginfo-3.11.15-slfo.1.1_2.1 * python311-base-debuginfo-3.11.15-slfo.1.1_2.1 * python311-curses-debuginfo-3.11.15-slfo.1.1_2.1 * python311-debugsource-3.11.15-slfo.1.1_2.1 * python311-core-debugsource-3.11.15-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1299.html * https://www.suse.com/security/cve/CVE-2026-2297.html * https://bugzilla.suse.com/show_bug.cgi?id=1257181 * https://bugzilla.suse.com/show_bug.cgi?id=1259240 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 12:30:52 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 12:30:52 -0000 Subject: SUSE-SU-2026:20950-1: important: Security update for cockpit Message-ID: <177556505250.15499.13707668257107327129@7334c935c7bb> # Security update for cockpit Announcement ID: SUSE-SU-2026:20950-1 Release Date: 2026-03-27T09:53:17Z Rating: important References: * bsc#1258641 * bsc#1259845 Cross-References: * CVE-2026-26996 * CVE-2026-27135 CVSS scores: * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27135 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27135 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27135 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Security update for cockpit ### Description: This update for cockpit fixes the following issue: * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). ## Security update for nghttp2 ### Description: This update for nghttp2 fixes the following issue: * CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-464=1 * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-645=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libnghttp2-14-1.52.0-slfo.1.1_2.1 * libnghttp2-14-debuginfo-1.52.0-slfo.1.1_2.1 * nghttp2-debugsource-1.52.0-slfo.1.1_2.1 * SUSE Linux Micro 6.0 (aarch64 x86_64) * cockpit-debuginfo-309-9.1 * cockpit-ws-309-9.1 * cockpit-bridge-debuginfo-309-9.1 * cockpit-bridge-309-9.1 * cockpit-ws-debuginfo-309-9.1 * cockpit-309-9.1 * cockpit-debugsource-309-9.1 * SUSE Linux Micro 6.0 (noarch) * cockpit-storaged-309-9.1 * cockpit-selinux-309-9.2 * cockpit-networkmanager-309-9.2 * cockpit-system-309-9.1 * cockpit-networkmanager-309-9.1 * cockpit-storaged-309-9.2 * cockpit-system-309-9.2 * cockpit-selinux-309-9.1 * SUSE Linux Micro 6.0 (s390x) * cockpit-bridge-309-9.2 * cockpit-ws-debuginfo-309-9.2 * cockpit-bridge-debuginfo-309-9.2 * cockpit-debugsource-309-9.2 * cockpit-debuginfo-309-9.2 * cockpit-ws-309-9.2 * cockpit-309-9.2 ## References: * https://www.suse.com/security/cve/CVE-2026-26996.html * https://www.suse.com/security/cve/CVE-2026-27135.html * https://bugzilla.suse.com/show_bug.cgi?id=1258641 * https://bugzilla.suse.com/show_bug.cgi?id=1259845 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 16:30:05 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 16:30:05 -0000 Subject: SUSE-SU-2026:1200-1: important: Security update for ignition Message-ID: <177557940567.13565.18053867597481652647@c2c2e0ac4d9f> # Security update for ignition Announcement ID: SUSE-SU-2026:1200-1 Release Date: 2026-04-07T11:50:20Z Rating: important References: * bsc#1260251 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves one vulnerability can now be installed. ## Description: This update for ignition fixes the following issue: * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260251) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1200=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * ignition-debuginfo-2.17.0-150500.3.15.1 * ignition-2.17.0-150500.3.15.1 * ignition-dracut-grub2-2.17.0-150500.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 16:30:10 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 16:30:10 -0000 Subject: SUSE-SU-2026:1199-1: important: Security update for python-PyJWT Message-ID: <177557941014.13565.7955828754206586158@c2c2e0ac4d9f> # Security update for python-PyJWT Announcement ID: SUSE-SU-2026:1199-1 Release Date: 2026-04-07T10:25:37Z Rating: important References: * bsc#1259616 Cross-References: * CVE-2026-32597 CVSS scores: * CVE-2026-32597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-32597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-32597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-PyJWT fixes the following issues: * CVE-2026-32597: Fixed unknown `crit` header extensions accepts (bsc#1259616). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2026-1199=1 ## Package List: * Public Cloud Module 12 (noarch) * python3-PyJWT-1.5.3-3.19.1 * python-PyJWT-1.5.3-3.19.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32597.html * https://bugzilla.suse.com/show_bug.cgi?id=1259616 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 16:30:13 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 16:30:13 -0000 Subject: SUSE-SU-2026:1198-1: important: Security update for ignition Message-ID: <177557941323.13565.693006438383555098@c2c2e0ac4d9f> # Security update for ignition Announcement ID: SUSE-SU-2026:1198-1 Release Date: 2026-04-07T10:25:22Z Rating: important References: * bsc#1260251 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for ignition fixes the following issue: * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260251) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1198=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1198=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * ignition-2.14.0-150300.6.19.1 * ignition-dracut-grub2-2.14.0-150300.6.19.1 * ignition-debuginfo-2.14.0-150300.6.19.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * ignition-2.14.0-150300.6.19.1 * ignition-dracut-grub2-2.14.0-150300.6.19.1 * ignition-debuginfo-2.14.0-150300.6.19.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 16:30:17 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 16:30:17 -0000 Subject: SUSE-SU-2026:1197-1: important: Security update for ignition Message-ID: <177557941738.13565.10507878582661587917@c2c2e0ac4d9f> # Security update for ignition Announcement ID: SUSE-SU-2026:1197-1 Release Date: 2026-04-07T10:25:02Z Rating: important References: * bsc#1260251 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 An update that solves one vulnerability can now be installed. ## Description: This update for ignition fixes the following issue: * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260251) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1197=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1197=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * ignition-debuginfo-2.14.0-150400.4.15.1 * ignition-dracut-grub2-2.14.0-150400.4.15.1 * ignition-2.14.0-150400.4.15.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * ignition-debuginfo-2.14.0-150400.4.15.1 * ignition-dracut-grub2-2.14.0-150400.4.15.1 * ignition-2.14.0-150400.4.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 16:30:22 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 16:30:22 -0000 Subject: SUSE-SU-2026:1195-1: important: Security update for google-cloud-sap-agent Message-ID: <177557942210.13565.12704549144165940610@c2c2e0ac4d9f> # Security update for google-cloud-sap-agent Announcement ID: SUSE-SU-2026:1195-1 Release Date: 2026-04-07T09:25:22Z Rating: important References: * bsc#1259816 * bsc#1260265 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 (bsc#1259816): * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260265). Changelog: * Collect WLM metric `saphanasr_angi_installed` for all OS types. * Failure handling: Remove attached disks from CG * OTE Status checks for Parameter Manager (SAP Agent) * Log command-line arguments in configureinstance. * Minor multiple reliability checks and fixes * Support custom names for restored disks in hanadiskrestore * Add newAttachedDisks to Restorer and detach them on restore failure. * Improve unit test coverage for hanadiskbackup and hanadiskrestore * Add support for refresh point tests. * Refactor HANA disk backup user validation and physical path parsing. * Auto updated compiled protocol buffers * Parameter Manager integration to SAP Agent * Modify collection logic for SAP HANA configuration files. * Update workloadagentplatform version and hash. * Update WLM Validation metrics to support SAPHanaSR-angi setups. * Increment agent version to 3.12. * SAP HANA Pacemaker failover settings can come from `SAPHanaController`. * Update collection for WLM metric `ha_sr_hook_configured`. * Refactor CheckTopology to accept instance number. * Use constant backoff with max retries for snapshot group operations. * Update workloadagentplatform dependency ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2026-1195=1 ## Package List: * Public Cloud Module 12 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-3.12-6.60.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1259816 * https://bugzilla.suse.com/show_bug.cgi?id=1260265 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 16:30:26 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 16:30:26 -0000 Subject: SUSE-SU-2026:1194-1: important: Security update for google-cloud-sap-agent Message-ID: <177557942656.13565.10224066842348205872@c2c2e0ac4d9f> # Security update for google-cloud-sap-agent Announcement ID: SUSE-SU-2026:1194-1 Release Date: 2026-04-07T09:25:15Z Rating: important References: * bsc#1259816 * bsc#1260265 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * Public Cloud Module 15-SP6 * Public Cloud Module 15-SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 (bsc#1259816): * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260265). Changelog: * Collect WLM metric `saphanasr_angi_installed` for all OS types. * Failure handling: Remove attached disks from CG * OTE Status checks for Parameter Manager (SAP Agent) * Log command-line arguments in configureinstance. * Minor multiple reliability checks and fixes * Support custom names for restored disks in hanadiskrestore * Add newAttachedDisks to Restorer and detach them on restore failure. * Improve unit test coverage for hanadiskbackup and hanadiskrestore * Add support for refresh point tests. * Refactor HANA disk backup user validation and physical path parsing. * Auto updated compiled protocol buffers * Parameter Manager integration to SAP Agent * Modify collection logic for SAP HANA configuration files. * Update workloadagentplatform version and hash. * Update WLM Validation metrics to support SAPHanaSR-angi setups. * Increment agent version to 3.12. * SAP HANA Pacemaker failover settings can come from `SAPHanaController`. * Update collection for WLM metric `ha_sr_hook_configured`. * Refactor CheckTopology to accept instance number. * Use constant backoff with max retries for snapshot group operations. * Update workloadagentplatform dependency ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1194=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1194=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2026-1194=1 * Public Cloud Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2026-1194=1 * Public Cloud Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2026-1194=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-3.12-150100.3.63.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-3.12-150100.3.63.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-3.12-150100.3.63.1 * Public Cloud Module 15-SP6 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-3.12-150100.3.63.1 * Public Cloud Module 15-SP7 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-3.12-150100.3.63.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1259816 * https://bugzilla.suse.com/show_bug.cgi?id=1260265 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 16:30:32 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 16:30:32 -0000 Subject: SUSE-SU-2026:1193-1: important: Security update for gimp Message-ID: <177557943299.13565.12322590742591781002@c2c2e0ac4d9f> # Security update for gimp Announcement ID: SUSE-SU-2026:1193-1 Release Date: 2026-04-07T08:40:22Z Rating: important References: * bsc#1259979 * bsc#1259984 * bsc#1259986 Cross-References: * CVE-2026-4150 * CVE-2026-4153 * CVE-2026-4154 CVSS scores: * CVE-2026-4150 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4150 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4153 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4153 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4154 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4154 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for gimp fixes the following issues: * CVE-2026-4150: PSD File Parsing Integer Overflow Remote Code Execution Vulnerability (bsc#1259979). * CVE-2026-4153: PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability (bsc#1259984). * CVE-2026-4154: XPM File Parsing Integer Overflow Remote Code Execution Vulnerability (bsc#1259986). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1193=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1193=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1193=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1193=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64) * gimp-devel-debuginfo-2.10.30-150400.3.50.1 * gimp-2.10.30-150400.3.50.1 * gimp-devel-2.10.30-150400.3.50.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.50.1 * gimp-plugin-aa-2.10.30-150400.3.50.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.50.1 * gimp-debuginfo-2.10.30-150400.3.50.1 * libgimp-2_0-0-2.10.30-150400.3.50.1 * gimp-debugsource-2.10.30-150400.3.50.1 * libgimpui-2_0-0-2.10.30-150400.3.50.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.50.1 * SUSE Package Hub 15 15-SP7 (noarch) * gimp-lang-2.10.30-150400.3.50.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * gimp-devel-debuginfo-2.10.30-150400.3.50.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.50.1 * gimp-2.10.30-150400.3.50.1 * gimp-devel-2.10.30-150400.3.50.1 * gimp-debuginfo-2.10.30-150400.3.50.1 * libgimp-2_0-0-2.10.30-150400.3.50.1 * gimp-debugsource-2.10.30-150400.3.50.1 * libgimpui-2_0-0-2.10.30-150400.3.50.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.50.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * gimp-lang-2.10.30-150400.3.50.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gimp-devel-debuginfo-2.10.30-150400.3.50.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.50.1 * gimp-2.10.30-150400.3.50.1 * gimp-devel-2.10.30-150400.3.50.1 * gimp-debuginfo-2.10.30-150400.3.50.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.50.1 * libgimp-2_0-0-2.10.30-150400.3.50.1 * gimp-debugsource-2.10.30-150400.3.50.1 * libgimpui-2_0-0-2.10.30-150400.3.50.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.50.1 * gimp-plugin-aa-2.10.30-150400.3.50.1 * openSUSE Leap 15.4 (noarch) * gimp-lang-2.10.30-150400.3.50.1 * openSUSE Leap 15.4 (x86_64) * libgimpui-2_0-0-32bit-2.10.30-150400.3.50.1 * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.50.1 * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.50.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.50.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libgimp-2_0-0-64bit-2.10.30-150400.3.50.1 * libgimpui-2_0-0-64bit-2.10.30-150400.3.50.1 * libgimp-2_0-0-64bit-debuginfo-2.10.30-150400.3.50.1 * libgimpui-2_0-0-64bit-debuginfo-2.10.30-150400.3.50.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * gimp-devel-debuginfo-2.10.30-150400.3.50.1 * libgimpui-2_0-0-debuginfo-2.10.30-150400.3.50.1 * gimp-2.10.30-150400.3.50.1 * gimp-devel-2.10.30-150400.3.50.1 * gimp-debuginfo-2.10.30-150400.3.50.1 * gimp-plugin-aa-debuginfo-2.10.30-150400.3.50.1 * libgimp-2_0-0-2.10.30-150400.3.50.1 * gimp-debugsource-2.10.30-150400.3.50.1 * libgimpui-2_0-0-2.10.30-150400.3.50.1 * libgimp-2_0-0-debuginfo-2.10.30-150400.3.50.1 * gimp-plugin-aa-2.10.30-150400.3.50.1 * openSUSE Leap 15.6 (noarch) * gimp-lang-2.10.30-150400.3.50.1 * openSUSE Leap 15.6 (x86_64) * libgimpui-2_0-0-32bit-2.10.30-150400.3.50.1 * libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.50.1 * libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.50.1 * libgimp-2_0-0-32bit-2.10.30-150400.3.50.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4150.html * https://www.suse.com/security/cve/CVE-2026-4153.html * https://www.suse.com/security/cve/CVE-2026-4154.html * https://bugzilla.suse.com/show_bug.cgi?id=1259979 * https://bugzilla.suse.com/show_bug.cgi?id=1259984 * https://bugzilla.suse.com/show_bug.cgi?id=1259986 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 16:30:38 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 16:30:38 -0000 Subject: SUSE-SU-2026:1192-1: important: Security update for python-pyOpenSSL Message-ID: <177557943849.13565.12839799993896430380@c2c2e0ac4d9f> # Security update for python-pyOpenSSL Announcement ID: SUSE-SU-2026:1192-1 Release Date: 2026-04-07T08:40:00Z Rating: important References: * bsc#1259804 * bsc#1259808 Cross-References: * CVE-2026-27448 * CVE-2026-27459 CVSS scores: * CVE-2026-27448 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27448 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27448 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27448 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27459 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-27459 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-27459 ( NVD ): 7.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27459 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-pyOpenSSL fixes the following issues: * CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804). * CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1192=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1192=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1192=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1192=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1192=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1192=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1192=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1192=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1192=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1192=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1192=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1192=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1192=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1192=1 ## Package List: * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * openSUSE Leap 15.4 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * openSUSE Leap 15.6 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * Public Cloud Module 15-SP4 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * Python 3 Module 15-SP7 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * python311-pyOpenSSL-23.2.0-150400.3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27448.html * https://www.suse.com/security/cve/CVE-2026-27459.html * https://bugzilla.suse.com/show_bug.cgi?id=1259804 * https://bugzilla.suse.com/show_bug.cgi?id=1259808 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 20:30:13 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 20:30:13 -0000 Subject: SUSE-SU-2026:1206-1: important: Security update for python Message-ID: <177559381382.13998.541554831459009412@c2c2e0ac4d9f> # Security update for python Announcement ID: SUSE-SU-2026:1206-1 Release Date: 2026-04-07T14:19:01Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves four vulnerabilities can now be installed. ## Description: This update for python fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). * CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). * CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). * CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1206=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1206=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python-base-debugsource-2.7.18-150000.111.1 * python-curses-2.7.18-150000.111.1 * python-tk-2.7.18-150000.111.1 * python-debugsource-2.7.18-150000.111.1 * python-devel-2.7.18-150000.111.1 * python-tk-debuginfo-2.7.18-150000.111.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.111.1 * python-debuginfo-2.7.18-150000.111.1 * python-gdbm-debuginfo-2.7.18-150000.111.1 * python-xml-debuginfo-2.7.18-150000.111.1 * python-base-debuginfo-2.7.18-150000.111.1 * python-base-2.7.18-150000.111.1 * python-curses-debuginfo-2.7.18-150000.111.1 * python-2.7.18-150000.111.1 * python-demo-2.7.18-150000.111.1 * libpython2_7-1_0-2.7.18-150000.111.1 * python-gdbm-2.7.18-150000.111.1 * python-idle-2.7.18-150000.111.1 * python-xml-2.7.18-150000.111.1 * openSUSE Leap 15.6 (x86_64) * python-32bit-debuginfo-2.7.18-150000.111.1 * python-32bit-2.7.18-150000.111.1 * libpython2_7-1_0-32bit-2.7.18-150000.111.1 * python-base-32bit-2.7.18-150000.111.1 * python-base-32bit-debuginfo-2.7.18-150000.111.1 * libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.111.1 * openSUSE Leap 15.6 (noarch) * python-doc-pdf-2.7.18-150000.111.1 * python-doc-2.7.18-150000.111.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * python-base-debugsource-2.7.18-150000.111.1 * python-curses-2.7.18-150000.111.1 * python-debugsource-2.7.18-150000.111.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.111.1 * python-debuginfo-2.7.18-150000.111.1 * python-gdbm-debuginfo-2.7.18-150000.111.1 * python-xml-debuginfo-2.7.18-150000.111.1 * python-base-debuginfo-2.7.18-150000.111.1 * python-base-2.7.18-150000.111.1 * python-curses-debuginfo-2.7.18-150000.111.1 * python-2.7.18-150000.111.1 * python-gdbm-2.7.18-150000.111.1 * libpython2_7-1_0-2.7.18-150000.111.1 * python-xml-2.7.18-150000.111.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 20:30:15 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 20:30:15 -0000 Subject: SUSE-SU-2026:1205-1: important: Security update for govulncheck-vulndb Message-ID: <177559381570.13998.6305202301434397095@c2c2e0ac4d9f> # Security update for govulncheck-vulndb Announcement ID: SUSE-SU-2026:1205-1 Release Date: 2026-04-07T14:18:21Z Rating: important References: * jsc#PED-11136 Cross-References: * CVE-2026-26060 * CVE-2026-26061 * CVE-2026-26233 * CVE-2026-27018 * CVE-2026-29180 * CVE-2026-32241 * CVE-2026-32286 * CVE-2026-32695 * CVE-2026-33026 * CVE-2026-33027 * CVE-2026-33028 * CVE-2026-33029 * CVE-2026-33030 * CVE-2026-33032 * CVE-2026-33186 * CVE-2026-33433 * CVE-2026-33487 * CVE-2026-33634 * CVE-2026-33747 * CVE-2026-33748 * CVE-2026-33903 * CVE-2026-33904 * CVE-2026-33906 * CVE-2026-33907 * CVE-2026-33990 * CVE-2026-33997 * CVE-2026-34040 * CVE-2026-34041 * CVE-2026-34042 * CVE-2026-34204 * CVE-2026-34385 * CVE-2026-34386 * CVE-2026-34388 * CVE-2026-34389 CVSS scores: * CVE-2026-26060 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26060 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-26061 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26061 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26233 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-26233 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27018 ( NVD ): 7.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-29180 ( NVD ): 4.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-29180 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32241 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32286 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32286 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32286 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32695 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-32695 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2026-33026 ( NVD ): 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33026 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-33027 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33027 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33028 ( NVD ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33028 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33029 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33029 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33029 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33030 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-33030 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-33032 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33433 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N * CVE-2026-33433 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N * CVE-2026-33433 ( NVD ): 5.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33433 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-33634 ( SUSE ): 9.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-33634 ( SUSE ): 9.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-33634 ( NVD ): 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33634 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33747 ( SUSE ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33747 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33747 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33747 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33748 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-33748 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-33748 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33903 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33904 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33906 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33907 ( NVD ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33990 ( NVD ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33990 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33997 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-33997 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-34040 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34040 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-34041 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34041 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34042 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N * CVE-2026-34204 ( NVD ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34204 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-34385 ( NVD ): 6.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34386 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34386 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34388 ( NVD ): 6.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-34389 ( NVD ): 4.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34389 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.6 An update that solves 34 vulnerabilities and contains one feature can now be installed. ## Description: This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20260402T184258 2026-04-02T18:42:58Z (jsc#PED-11136). Go CVE Numbering Authority IDs added or updated with aliases: * GO-2026-4518 CVE-2026-32286 GHSA-jqcq-xjh3-6g23 * GO-2026-4753 CVE-2026-33487 GHSA-479m-364c-43vc * GO-2026-4760 GHSA-hwqm-qvj9-4jr2 * GO-2026-4762 CVE-2026-33186 GHSA-p77j-4mvh-x3m3 * GO-2026-4764 GHSA-pcgw-qcv5-h8ch * GO-2026-4858 CVE-2026-33747 GHSA-4c29-8rgm-jvjj * GO-2026-4859 CVE-2026-33748 GHSA-4vrq-3vrq-g6gg * GO-2026-4863 GHSA-g9ww-x58f-9g6m * GO-2026-4872 CVE-2026-33907 GHSA-55q8-2gwx-29pc * GO-2026-4873 CVE-2026-33906 GHSA-87j9-m7x6-hvw2 * GO-2026-4874 CVE-2026-33904 GHSA-9h59-p45g-445h * GO-2026-4875 CVE-2026-33903 GHSA-f2f3-9cx3-wcmf * GO-2026-4876 GHSA-prh4-vhfh-24mj * GO-2026-4880 CVE-2026-32695 GHSA-67jx-r9pv-98rj * GO-2026-4883 CVE-2026-33997 GHSA-pxq6-2prw-chj9 * GO-2026-4887 CVE-2026-34040 GHSA-x744-4wpc-v9h2 * GO-2026-4888 CVE-2026-26060 GHSA-3458-r943-hmx4 * GO-2026-4889 CVE-2026-26061 GHSA-99hj-44vg-hfcp * GO-2026-4890 CVE-2026-34042 GHSA-x34h-54cw-9825 * GO-2026-4891 CVE-2026-34041 GHSA-xmgr-9pqc-h5vw * GO-2026-4892 CVE-2026-29180 GHSA-m2h6-4xpq-qw3m * GO-2026-4893 CVE-2026-33433 GHSA-qr99-7898-vr7c * GO-2026-4894 CVE-2026-32241 GHSA-vchx-5pr6-ffx2 * GO-2026-4896 CVE-2026-34204 GHSA-3rh2-v3gr-35p9 * GO-2026-4897 GHSA-46wh-3698-f2cx * GO-2026-4899 GHSA-c279-989m-238f * GO-2026-4901 CVE-2026-33030 GHSA-5hf2-vhj6-gj9m * GO-2026-4902 CVE-2026-33029 GHSA-cp8r-8jvw-v3qg * GO-2026-4903 CVE-2026-33026 GHSA-fhh2-gg7w-gwpq * GO-2026-4904 CVE-2026-33032 GHSA-h6c2-x2m2-mwhf * GO-2026-4905 CVE-2026-27018 GHSA-jjwv-57xh-xr6r * GO-2026-4906 CVE-2026-33028 GHSA-m468-xcm6-fxg4 * GO-2026-4907 CVE-2026-33027 GHSA-m8p8-53vf-8357 * GO-2026-4911 CVE-2026-33990 GHSA-x2f5-332j-9xwq * GO-2026-4912 CVE-2026-34389 GHSA-4f9r-x588-pp2h * GO-2026-4913 CVE-2026-34386 GHSA-9p23-p2m4-2r4m * GO-2026-4914 CVE-2026-34385 GHSA-v895-833r-8c45 * GO-2026-4915 CVE-2026-34388 GHSA-w254-4hp5-7cvv * GO-2026-4916 CVE-2026-26233 GHSA-247x-7qw8-fp98 * GO-2026-4919 CVE-2026-33634 GHSA-69fq-xp46-6x23 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1205=1 ## Package List: * openSUSE Leap 15.6 (noarch) * govulncheck-vulndb-0.0.20260402T184258-150000.1.158.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26060.html * https://www.suse.com/security/cve/CVE-2026-26061.html * https://www.suse.com/security/cve/CVE-2026-26233.html * https://www.suse.com/security/cve/CVE-2026-27018.html * https://www.suse.com/security/cve/CVE-2026-29180.html * https://www.suse.com/security/cve/CVE-2026-32241.html * https://www.suse.com/security/cve/CVE-2026-32286.html * https://www.suse.com/security/cve/CVE-2026-32695.html * https://www.suse.com/security/cve/CVE-2026-33026.html * https://www.suse.com/security/cve/CVE-2026-33027.html * https://www.suse.com/security/cve/CVE-2026-33028.html * https://www.suse.com/security/cve/CVE-2026-33029.html * https://www.suse.com/security/cve/CVE-2026-33030.html * https://www.suse.com/security/cve/CVE-2026-33032.html * https://www.suse.com/security/cve/CVE-2026-33186.html * https://www.suse.com/security/cve/CVE-2026-33433.html * https://www.suse.com/security/cve/CVE-2026-33487.html * https://www.suse.com/security/cve/CVE-2026-33634.html * https://www.suse.com/security/cve/CVE-2026-33747.html * https://www.suse.com/security/cve/CVE-2026-33748.html * https://www.suse.com/security/cve/CVE-2026-33903.html * https://www.suse.com/security/cve/CVE-2026-33904.html * https://www.suse.com/security/cve/CVE-2026-33906.html * https://www.suse.com/security/cve/CVE-2026-33907.html * https://www.suse.com/security/cve/CVE-2026-33990.html * https://www.suse.com/security/cve/CVE-2026-33997.html * https://www.suse.com/security/cve/CVE-2026-34040.html * https://www.suse.com/security/cve/CVE-2026-34041.html * https://www.suse.com/security/cve/CVE-2026-34042.html * https://www.suse.com/security/cve/CVE-2026-34204.html * https://www.suse.com/security/cve/CVE-2026-34385.html * https://www.suse.com/security/cve/CVE-2026-34386.html * https://www.suse.com/security/cve/CVE-2026-34388.html * https://www.suse.com/security/cve/CVE-2026-34389.html * https://jira.suse.com/browse/PED-11136 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 20:30:21 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 20:30:21 -0000 Subject: SUSE-RU-2026:1204-1: moderate: Recommended update for xvfb-run Message-ID: <177559382119.13998.7838435081118770357@c2c2e0ac4d9f> # Recommended update for xvfb-run Announcement ID: SUSE-RU-2026:1204-1 Release Date: 2026-04-07T12:49:04Z Rating: moderate References: * bsc#1178672 * bsc#1261252 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that has two fixes can now be installed. ## Description: This update for xvfb-run fixes the following issues: * let Xvfb no longer ignore authority file. * fix syntax to parse --error-file and --auth-file (bsc#1261252). * Use `%patch -P N` instead of deprecated `%patchN`. * actually gzip manpage to match the filename extension. * Add missing runtime dependencies to which and xauth (bsc#1178672). * Fixed broken URL for manpage. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1204=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1204=1 ## Package List: * openSUSE Leap 15.6 (noarch) * xvfb-run-1.5.2-150000.3.3.2 * SUSE Package Hub 15 15-SP7 (noarch) * xvfb-run-1.5.2-150000.3.3.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1178672 * https://bugzilla.suse.com/show_bug.cgi?id=1261252 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 20:30:52 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 20:30:52 -0000 Subject: SUSE-SU-2026:1203-1: important: Security update for ImageMagick Message-ID: <177559385213.13998.14475657764965195745@c2c2e0ac4d9f> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:1203-1 Release Date: 2026-04-07T12:25:00Z Rating: important References: * bsc#1259446 * bsc#1259447 * bsc#1259448 * bsc#1259450 * bsc#1259451 * bsc#1259452 * bsc#1259455 * bsc#1259456 * bsc#1259457 * bsc#1259463 * bsc#1259464 * bsc#1259466 * bsc#1259467 * bsc#1259468 * bsc#1259497 * bsc#1259528 * bsc#1259612 * bsc#1259872 * bsc#1260874 * bsc#1260879 Cross-References: * CVE-2026-28493 * CVE-2026-28494 * CVE-2026-28686 * CVE-2026-28687 * CVE-2026-28688 * CVE-2026-28689 * CVE-2026-28690 * CVE-2026-28691 * CVE-2026-28692 * CVE-2026-28693 * CVE-2026-30883 * CVE-2026-30929 * CVE-2026-30935 * CVE-2026-30936 * CVE-2026-30937 * CVE-2026-31853 * CVE-2026-32259 * CVE-2026-32636 * CVE-2026-33535 * CVE-2026-33536 CVSS scores: * CVE-2026-28493 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28493 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28493 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28494 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28494 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28494 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-28686 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28686 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28686 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28687 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28687 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28687 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28688 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28688 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28689 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-28689 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28689 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28690 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28690 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28690 ( NVD ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H * CVE-2026-28690 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H * CVE-2026-28691 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28691 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28691 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28692 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28692 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-28692 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-28693 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28693 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28693 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30883 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30883 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30883 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30883 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30929 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30929 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30929 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-30929 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30935 ( SUSE ): 4.8 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-30935 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-30935 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-30936 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-30936 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-30936 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-30937 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30937 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31853 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-31853 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-32259 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-32259 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32259 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32636 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-32636 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32636 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32636 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33536 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33536 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33536 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 20 vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write (bsc#1259446). * CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow (bsc#1259447). * CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow (bsc#1259448). * CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450). * CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451). * CVE-2026-28689: `domain="path"` authorization is checked before final file open/use and allows for read/write bypass via symlink swaps (bsc#1259452). * CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456). * CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference (bsc#1259455). * CVE-2026-28692: 32-bit integer overflow in MAT decoder can lead to a heap buffer over-read (bsc#1259457). * CVE-2026-28693: integer overflow in the DIB coder can lead to an out-of- bounds read or write (bsc#1259466). * CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467). * CVE-2026-30929: improper use of fixed-size stack buffer in `MagnifyImage`can lead to a stack buffer overflow (bsc#1259468). * CVE-2026-30935: heap-based buffer over-read in BilateralBlurImage (bsc#1259497). * CVE-2026-30936: Heap Buffer Overflow in WaveletDenoiseImage (bsc#1259464). * CVE-2026-30937: Heap buffer overflow in XWD encoder due to CARD32 arithmetic overflow (bsc#1259463). * CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit systems when processing extremely large images (bsc#1259528). * CVE-2026-32259: memory allocation fails can lead to out of bound write (bsc#1259612). * CVE-2026-32636: Denial of Service via out-of-bounds write in NewXMLTree method (bsc#1259872). * CVE-2026-33535: Out-of-Bounds write of a zero byte in X11 display interaction (bsc#1260874). * CVE-2026-33536: Denial of Service via out-of-bounds write (bsc#1260879). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1203=1 openSUSE-SLE-15.6-2026-1203=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1203=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1203=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * perl-PerlMagick-debuginfo-7.1.1.21-150600.3.50.1 * perl-PerlMagick-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.50.1 * ImageMagick-devel-7.1.1.21-150600.3.50.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-extra-7.1.1.21-150600.3.50.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.50.1 * libMagick++-devel-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.50.1 * ImageMagick-extra-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-SUSE-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.50.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-debugsource-7.1.1.21-150600.3.50.1 * ImageMagick-7.1.1.21-150600.3.50.1 * libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.50.1 * libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.50.1 * openSUSE Leap 15.6 (x86_64) * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-devel-32bit-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.1.21-150600.3.50.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.1.21-150600.3.50.1 * libMagick++-devel-32bit-7.1.1.21-150600.3.50.1 * libMagick++-7_Q16HDRI5-32bit-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.1.21-150600.3.50.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.1.21-150600.3.50.1 * openSUSE Leap 15.6 (noarch) * ImageMagick-doc-7.1.1.21-150600.3.50.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libMagick++-7_Q16HDRI5-64bit-7.1.1.21-150600.3.50.1 * libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.50.1 * libMagick++-devel-64bit-7.1.1.21-150600.3.50.1 * libMagickWand-7_Q16HDRI10-64bit-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-64bit-7.1.1.21-150600.3.50.1 * libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-devel-64bit-7.1.1.21-150600.3.50.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * perl-PerlMagick-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.50.1 * ImageMagick-devel-7.1.1.21-150600.3.50.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.50.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.50.1 * perl-PerlMagick-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.50.1 * libMagick++-devel-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-SUSE-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.50.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.50.1 * ImageMagick-debugsource-7.1.1.21-150600.3.50.1 * ImageMagick-7.1.1.21-150600.3.50.1 * libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.50.1 * libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * perl-PerlMagick-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-websafe-7.1.1.21-150600.3.50.1 * ImageMagick-devel-7.1.1.21-150600.3.50.1 * ImageMagick-debuginfo-7.1.1.21-150600.3.50.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.50.1 * perl-PerlMagick-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-secure-7.1.1.21-150600.3.50.1 * libMagick++-devel-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-open-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-SUSE-7.1.1.21-150600.3.50.1 * ImageMagick-config-7-upstream-limited-7.1.1.21-150600.3.50.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.21-150600.3.50.1 * libMagickCore-7_Q16HDRI10-7.1.1.21-150600.3.50.1 * ImageMagick-debugsource-7.1.1.21-150600.3.50.1 * ImageMagick-7.1.1.21-150600.3.50.1 * libMagick++-7_Q16HDRI5-7.1.1.21-150600.3.50.1 * libMagickWand-7_Q16HDRI10-7.1.1.21-150600.3.50.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28493.html * https://www.suse.com/security/cve/CVE-2026-28494.html * https://www.suse.com/security/cve/CVE-2026-28686.html * https://www.suse.com/security/cve/CVE-2026-28687.html * https://www.suse.com/security/cve/CVE-2026-28688.html * https://www.suse.com/security/cve/CVE-2026-28689.html * https://www.suse.com/security/cve/CVE-2026-28690.html * https://www.suse.com/security/cve/CVE-2026-28691.html * https://www.suse.com/security/cve/CVE-2026-28692.html * https://www.suse.com/security/cve/CVE-2026-28693.html * https://www.suse.com/security/cve/CVE-2026-30883.html * https://www.suse.com/security/cve/CVE-2026-30929.html * https://www.suse.com/security/cve/CVE-2026-30935.html * https://www.suse.com/security/cve/CVE-2026-30936.html * https://www.suse.com/security/cve/CVE-2026-30937.html * https://www.suse.com/security/cve/CVE-2026-31853.html * https://www.suse.com/security/cve/CVE-2026-32259.html * https://www.suse.com/security/cve/CVE-2026-32636.html * https://www.suse.com/security/cve/CVE-2026-33535.html * https://www.suse.com/security/cve/CVE-2026-33536.html * https://bugzilla.suse.com/show_bug.cgi?id=1259446 * https://bugzilla.suse.com/show_bug.cgi?id=1259447 * https://bugzilla.suse.com/show_bug.cgi?id=1259448 * https://bugzilla.suse.com/show_bug.cgi?id=1259450 * https://bugzilla.suse.com/show_bug.cgi?id=1259451 * https://bugzilla.suse.com/show_bug.cgi?id=1259452 * https://bugzilla.suse.com/show_bug.cgi?id=1259455 * https://bugzilla.suse.com/show_bug.cgi?id=1259456 * https://bugzilla.suse.com/show_bug.cgi?id=1259457 * https://bugzilla.suse.com/show_bug.cgi?id=1259463 * https://bugzilla.suse.com/show_bug.cgi?id=1259464 * https://bugzilla.suse.com/show_bug.cgi?id=1259466 * https://bugzilla.suse.com/show_bug.cgi?id=1259467 * https://bugzilla.suse.com/show_bug.cgi?id=1259468 * https://bugzilla.suse.com/show_bug.cgi?id=1259497 * https://bugzilla.suse.com/show_bug.cgi?id=1259528 * https://bugzilla.suse.com/show_bug.cgi?id=1259612 * https://bugzilla.suse.com/show_bug.cgi?id=1259872 * https://bugzilla.suse.com/show_bug.cgi?id=1260874 * https://bugzilla.suse.com/show_bug.cgi?id=1260879 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 20:31:25 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 20:31:25 -0000 Subject: SUSE-SU-2026:1202-1: important: Security update for ImageMagick Message-ID: <177559388590.13998.5272727904713425367@c2c2e0ac4d9f> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:1202-1 Release Date: 2026-04-07T12:24:46Z Rating: important References: * bsc#1258790 * bsc#1259446 * bsc#1259447 * bsc#1259448 * bsc#1259450 * bsc#1259451 * bsc#1259452 * bsc#1259455 * bsc#1259456 * bsc#1259457 * bsc#1259463 * bsc#1259464 * bsc#1259466 * bsc#1259467 * bsc#1259468 * bsc#1259469 * bsc#1259497 * bsc#1259528 * bsc#1259612 * bsc#1259872 * bsc#1260874 * bsc#1260879 Cross-References: * CVE-2026-24484 * CVE-2026-25971 * CVE-2026-28493 * CVE-2026-28494 * CVE-2026-28686 * CVE-2026-28687 * CVE-2026-28688 * CVE-2026-28689 * CVE-2026-28690 * CVE-2026-28691 * CVE-2026-28692 * CVE-2026-28693 * CVE-2026-30883 * CVE-2026-30929 * CVE-2026-30931 * CVE-2026-30935 * CVE-2026-30936 * CVE-2026-30937 * CVE-2026-31853 * CVE-2026-32259 * CVE-2026-32636 * CVE-2026-33535 * CVE-2026-33536 CVSS scores: * CVE-2026-24484 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-25971 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-25971 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25971 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25971 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-28493 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28493 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28493 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28494 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28494 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28494 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-28686 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28686 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28686 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28687 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28687 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28687 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28688 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28688 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28689 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-28689 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28689 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28690 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28690 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28690 ( NVD ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H * CVE-2026-28690 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H * CVE-2026-28691 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28691 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28691 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28692 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28692 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-28692 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-28693 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28693 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28693 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30883 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30883 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30883 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30883 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30929 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30929 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30929 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30929 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-30931 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30931 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30931 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30931 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30935 ( SUSE ): 4.8 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-30935 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-30935 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-30936 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-30936 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-30936 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-30937 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30937 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31853 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-31853 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-32259 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-32259 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32259 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32636 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-32636 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32636 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32636 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33536 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33536 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33536 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP7 * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 23 vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790). * CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write (bsc#1259446). * CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow (bsc#1259447). * CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow (bsc#1259448). * CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450). * CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451). * CVE-2026-28689: `domain="path"` authorization is checked before final file open/use and allows for read/write bypass via symlink swaps (bsc#1259452). * CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456). * CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference (bsc#1259455). * CVE-2026-28692: 32-bit integer overflow in MAT decoder can lead to a heap buffer over-read (bsc#1259457). * CVE-2026-28693: integer overflow in the DIB coder can lead to an out-of- bounds read or write (bsc#1259466). * CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467). * CVE-2026-30929: improper use of fixed-size stack buffer in `MagnifyImage`can lead to a stack buffer overflow (bsc#1259468). * CVE-2026-30931: value truncation in the UHDR encoder can lead to a heap buffer overflow (bsc#1259469). * CVE-2026-30935: heap-based buffer over-read in BilateralBlurImage (bsc#1259497). * CVE-2026-30936: Heap Buffer Overflow in WaveletDenoiseImage (bsc#1259464). * CVE-2026-30937: Heap buffer overflow in XWD encoder due to CARD32 arithmetic overflow (bsc#1259463). * CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit systems when processing extremely large images (bsc#1259528). * CVE-2026-32259: memory allocation fails can lead to out of bound write (bsc#1259612). * CVE-2026-32636: Denial of Service via out-of-bounds write in NewXMLTree method (bsc#1259872). * CVE-2026-33535: Out-of-Bounds write of a zero byte in X11 display interaction (bsc#1260874). * CVE-2026-33536: Denial of Service via out-of-bounds write (bsc#1260879). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1202=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1202=1 ## Package List: * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ImageMagick-config-7-upstream-open-7.1.1.43-150700.3.42.1 * ImageMagick-config-7-upstream-websafe-7.1.1.43-150700.3.42.1 * libMagick++-devel-7.1.1.43-150700.3.42.1 * ImageMagick-config-7-upstream-secure-7.1.1.43-150700.3.42.1 * libMagickCore-7_Q16HDRI10-7.1.1.43-150700.3.42.1 * ImageMagick-config-7-upstream-limited-7.1.1.43-150700.3.42.1 * ImageMagick-devel-7.1.1.43-150700.3.42.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.1.43-150700.3.42.1 * ImageMagick-config-7-SUSE-7.1.1.43-150700.3.42.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.1.43-150700.3.42.1 * ImageMagick-debuginfo-7.1.1.43-150700.3.42.1 * libMagickWand-7_Q16HDRI10-7.1.1.43-150700.3.42.1 * libMagick++-7_Q16HDRI5-7.1.1.43-150700.3.42.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.1.43-150700.3.42.1 * ImageMagick-debugsource-7.1.1.43-150700.3.42.1 * ImageMagick-7.1.1.43-150700.3.42.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ImageMagick-debuginfo-7.1.1.43-150700.3.42.1 * ImageMagick-debugsource-7.1.1.43-150700.3.42.1 * perl-PerlMagick-debuginfo-7.1.1.43-150700.3.42.1 * perl-PerlMagick-7.1.1.43-150700.3.42.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24484.html * https://www.suse.com/security/cve/CVE-2026-25971.html * https://www.suse.com/security/cve/CVE-2026-28493.html * https://www.suse.com/security/cve/CVE-2026-28494.html * https://www.suse.com/security/cve/CVE-2026-28686.html * https://www.suse.com/security/cve/CVE-2026-28687.html * https://www.suse.com/security/cve/CVE-2026-28688.html * https://www.suse.com/security/cve/CVE-2026-28689.html * https://www.suse.com/security/cve/CVE-2026-28690.html * https://www.suse.com/security/cve/CVE-2026-28691.html * https://www.suse.com/security/cve/CVE-2026-28692.html * https://www.suse.com/security/cve/CVE-2026-28693.html * https://www.suse.com/security/cve/CVE-2026-30883.html * https://www.suse.com/security/cve/CVE-2026-30929.html * https://www.suse.com/security/cve/CVE-2026-30931.html * https://www.suse.com/security/cve/CVE-2026-30935.html * https://www.suse.com/security/cve/CVE-2026-30936.html * https://www.suse.com/security/cve/CVE-2026-30937.html * https://www.suse.com/security/cve/CVE-2026-31853.html * https://www.suse.com/security/cve/CVE-2026-32259.html * https://www.suse.com/security/cve/CVE-2026-32636.html * https://www.suse.com/security/cve/CVE-2026-33535.html * https://www.suse.com/security/cve/CVE-2026-33536.html * https://bugzilla.suse.com/show_bug.cgi?id=1258790 * https://bugzilla.suse.com/show_bug.cgi?id=1259446 * https://bugzilla.suse.com/show_bug.cgi?id=1259447 * https://bugzilla.suse.com/show_bug.cgi?id=1259448 * https://bugzilla.suse.com/show_bug.cgi?id=1259450 * https://bugzilla.suse.com/show_bug.cgi?id=1259451 * https://bugzilla.suse.com/show_bug.cgi?id=1259452 * https://bugzilla.suse.com/show_bug.cgi?id=1259455 * https://bugzilla.suse.com/show_bug.cgi?id=1259456 * https://bugzilla.suse.com/show_bug.cgi?id=1259457 * https://bugzilla.suse.com/show_bug.cgi?id=1259463 * https://bugzilla.suse.com/show_bug.cgi?id=1259464 * https://bugzilla.suse.com/show_bug.cgi?id=1259466 * https://bugzilla.suse.com/show_bug.cgi?id=1259467 * https://bugzilla.suse.com/show_bug.cgi?id=1259468 * https://bugzilla.suse.com/show_bug.cgi?id=1259469 * https://bugzilla.suse.com/show_bug.cgi?id=1259497 * https://bugzilla.suse.com/show_bug.cgi?id=1259528 * https://bugzilla.suse.com/show_bug.cgi?id=1259612 * https://bugzilla.suse.com/show_bug.cgi?id=1259872 * https://bugzilla.suse.com/show_bug.cgi?id=1260874 * https://bugzilla.suse.com/show_bug.cgi?id=1260879 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 7 20:31:50 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 07 Apr 2026 20:31:50 -0000 Subject: SUSE-SU-2026:1201-1: important: Security update for ImageMagick Message-ID: <177559391089.13998.14572660927403991436@c2c2e0ac4d9f> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:1201-1 Release Date: 2026-04-07T12:24:27Z Rating: important References: * bsc#1258790 * bsc#1259447 * bsc#1259448 * bsc#1259450 * bsc#1259451 * bsc#1259452 * bsc#1259455 * bsc#1259456 * bsc#1259457 * bsc#1259463 * bsc#1259466 * bsc#1259467 * bsc#1259528 * bsc#1260874 * bsc#1260879 Cross-References: * CVE-2026-24484 * CVE-2026-28494 * CVE-2026-28686 * CVE-2026-28687 * CVE-2026-28688 * CVE-2026-28689 * CVE-2026-28690 * CVE-2026-28691 * CVE-2026-28692 * CVE-2026-28693 * CVE-2026-30883 * CVE-2026-30937 * CVE-2026-31853 * CVE-2026-33535 * CVE-2026-33536 CVSS scores: * CVE-2026-24484 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28494 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28494 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28494 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-28686 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28686 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28686 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28687 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28687 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28687 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28688 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28688 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28689 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-28689 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28689 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28690 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28690 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28690 ( NVD ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H * CVE-2026-28690 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H * CVE-2026-28691 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28691 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28691 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28692 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28692 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-28692 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-28693 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28693 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28693 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30883 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30883 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30883 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30883 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30937 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30937 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31853 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-31853 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33535 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33535 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33536 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33536 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33536 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 15 vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790). * CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow (bsc#1259447). * CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow (bsc#1259448). * CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450). * CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451). * CVE-2026-28689: `domain="path"` authorization is checked before final file open/use and allows for read/write bypass via symlink swaps (bsc#1259452). * CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456). * CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference (bsc#1259455). * CVE-2026-28692: 32-bit integer overflow in MAT decoder can lead to a heap buffer over-read (bsc#1259457). * CVE-2026-28693: integer overflow in the DIB coder can lead to an out-of- bounds read or write (bsc#1259466). * CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467). * CVE-2026-30937: Heap buffer overflow in XWD encoder due to CARD32 arithmetic overflow (bsc#1259463). * CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit systems when processing extremely large images (bsc#1259528). * CVE-2026-33535: Out-of-Bounds write of a zero byte in X11 display interaction (bsc#1260874). * CVE-2026-33536: Denial of Service via out-of-bounds write (bsc#1260879). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1201=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1201=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-6.8.8.1-71.236.1 * libMagick++-devel-6.8.8.1-71.236.1 * libMagickWand-6_Q16-1-6.8.8.1-71.236.1 * ImageMagick-devel-6.8.8.1-71.236.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.236.1 * ImageMagick-debuginfo-6.8.8.1-71.236.1 * libMagickCore-6_Q16-1-6.8.8.1-71.236.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.236.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.236.1 * ImageMagick-config-6-upstream-6.8.8.1-71.236.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * ImageMagick-debugsource-6.8.8.1-71.236.1 * libMagick++-devel-6.8.8.1-71.236.1 * libMagickWand-6_Q16-1-6.8.8.1-71.236.1 * ImageMagick-devel-6.8.8.1-71.236.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.236.1 * ImageMagick-debuginfo-6.8.8.1-71.236.1 * libMagickCore-6_Q16-1-6.8.8.1-71.236.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.236.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.236.1 * ImageMagick-config-6-upstream-6.8.8.1-71.236.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24484.html * https://www.suse.com/security/cve/CVE-2026-28494.html * https://www.suse.com/security/cve/CVE-2026-28686.html * https://www.suse.com/security/cve/CVE-2026-28687.html * https://www.suse.com/security/cve/CVE-2026-28688.html * https://www.suse.com/security/cve/CVE-2026-28689.html * https://www.suse.com/security/cve/CVE-2026-28690.html * https://www.suse.com/security/cve/CVE-2026-28691.html * https://www.suse.com/security/cve/CVE-2026-28692.html * https://www.suse.com/security/cve/CVE-2026-28693.html * https://www.suse.com/security/cve/CVE-2026-30883.html * https://www.suse.com/security/cve/CVE-2026-30937.html * https://www.suse.com/security/cve/CVE-2026-31853.html * https://www.suse.com/security/cve/CVE-2026-33535.html * https://www.suse.com/security/cve/CVE-2026-33536.html * https://bugzilla.suse.com/show_bug.cgi?id=1258790 * https://bugzilla.suse.com/show_bug.cgi?id=1259447 * https://bugzilla.suse.com/show_bug.cgi?id=1259448 * https://bugzilla.suse.com/show_bug.cgi?id=1259450 * https://bugzilla.suse.com/show_bug.cgi?id=1259451 * https://bugzilla.suse.com/show_bug.cgi?id=1259452 * https://bugzilla.suse.com/show_bug.cgi?id=1259455 * https://bugzilla.suse.com/show_bug.cgi?id=1259456 * https://bugzilla.suse.com/show_bug.cgi?id=1259457 * https://bugzilla.suse.com/show_bug.cgi?id=1259463 * https://bugzilla.suse.com/show_bug.cgi?id=1259466 * https://bugzilla.suse.com/show_bug.cgi?id=1259467 * https://bugzilla.suse.com/show_bug.cgi?id=1259528 * https://bugzilla.suse.com/show_bug.cgi?id=1260874 * https://bugzilla.suse.com/show_bug.cgi?id=1260879 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 08:30:05 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 08:30:05 -0000 Subject: SUSE-RU-2026:1207-1: important: Recommended update for crash Message-ID: <177563700565.15237.11341644337972179662@f480087f4571> # Recommended update for crash Announcement ID: SUSE-RU-2026:1207-1 Release Date: 2026-04-07T19:13:03Z Rating: important References: * bsc#1237501 Affected Products: * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has one fix can now be installed. ## Description: This update for crash fixes the following issues: * Enable ARM64 64K page support (bsc##1248074) * crash-arm64: fix 64K page and 52 bits VA support * crash-arm64: rewrite the arm64 get_vmcoreinfo_ul to arm64_g * crash-arm64: support HW Tag Based KASAN MTE mode * crash-arm64: add support for vmemmap symbol in vmcoreinfo * crash-arm64: fix the determination of vmemmap and struct_pa * crash-arm64: add gdb stack unwind support * crash-symbols: expand all kernel module symtable if not all * crash: add LoongArch64 framework code support * crash-LoongArch64: Fixed link errors when build on LOONGARC * crash-gdb: fix p command to print module variables correctl * crash-ppc64: add gdb stack unwind support * crash: preparing for gdb stack unwind support * crash-x86_64: add gdb stack unwind support * crash-gcore: update set_context with upstream counterpart * In some kernel modules such as libie.ko, the mem[MOD_TEXT].size may be zero, currently crash will only check its value to determine if the module is valid, otherwise it fails to load kernel module with the following warning and error: mod: cannot access vmalloc'd module memory * Lets count the module size to check if the module is valid, that will avoid the current failure. (bsc#1237501) * crash: fix for failing to load kernel module ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1207=1 ## Package List: * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * crash-devel-8.0.4-150700.8.3.1 * crash-debuginfo-8.0.4-150700.8.3.1 * crash-8.0.4-150700.8.3.1 * crash-debugsource-8.0.4-150700.8.3.1 * Development Tools Module 15-SP7 (aarch64) * crash-kmp-64kb-8.0.4_k6.4.0_150700.53.31-150700.8.3.1 * crash-kmp-64kb-debuginfo-8.0.4_k6.4.0_150700.53.31-150700.8.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1237501 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 12:30:09 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 12:30:09 -0000 Subject: SUSE-SU-2026:1209-1: important: Security update for bind Message-ID: <177565140927.15968.16663376668723376164@634a8d224e68> # Security update for bind Announcement ID: SUSE-SU-2026:1209-1 Release Date: 2026-04-08T07:12:48Z Rating: important References: * bsc#1260805 Cross-References: * CVE-2026-1519 CVSS scores: * CVE-2026-1519 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-1519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 An update that solves one vulnerability can now be installed. ## Description: This update for bind fixes the following issues: * CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-Micro-5-2026-1209=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2026-1209=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (aarch64 ppc64le s390x x86_64) * libirs1601-debuginfo-9.16.6-150000.12.88.1 * libisccfg1600-9.16.6-150000.12.88.1 * libisc1606-debuginfo-9.16.6-150000.12.88.1 * libisccfg1600-debuginfo-9.16.6-150000.12.88.1 * libns1604-9.16.6-150000.12.88.1 * bind-debuginfo-9.16.6-150000.12.88.1 * libbind9-1600-9.16.6-150000.12.88.1 * libisc1606-9.16.6-150000.12.88.1 * libns1604-debuginfo-9.16.6-150000.12.88.1 * bind-utils-debuginfo-9.16.6-150000.12.88.1 * libdns1605-debuginfo-9.16.6-150000.12.88.1 * libdns1605-9.16.6-150000.12.88.1 * libisccc1600-debuginfo-9.16.6-150000.12.88.1 * bind-utils-9.16.6-150000.12.88.1 * libbind9-1600-debuginfo-9.16.6-150000.12.88.1 * libirs1601-9.16.6-150000.12.88.1 * libisccc1600-9.16.6-150000.12.88.1 * bind-debugsource-9.16.6-150000.12.88.1 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (noarch) * python3-bind-9.16.6-150000.12.88.1 * SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64) * libisccfg1600-9.16.6-150000.12.88.1 * libns1604-9.16.6-150000.12.88.1 * libbind9-1600-9.16.6-150000.12.88.1 * libisc1606-9.16.6-150000.12.88.1 * libns1604-debuginfo-9.16.6-150000.12.88.1 * libdns1605-9.16.6-150000.12.88.1 * bind-utils-9.16.6-150000.12.88.1 * libirs1601-9.16.6-150000.12.88.1 * libisccc1600-9.16.6-150000.12.88.1 * SUSE Manager Client Tools for SLE Micro 5 (aarch64_ilp32) * libisc1606-64bit-9.16.6-150000.12.88.1 * libisccfg1600-64bit-9.16.6-150000.12.88.1 * libbind9-1600-64bit-9.16.6-150000.12.88.1 * libdns1605-64bit-9.16.6-150000.12.88.1 * libisccc1600-64bit-9.16.6-150000.12.88.1 * libirs1601-64bit-9.16.6-150000.12.88.1 * SUSE Manager Client Tools for SLE Micro 5 (noarch) * python3-bind-9.16.6-150000.12.88.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1519.html * https://bugzilla.suse.com/show_bug.cgi?id=1260805 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 12:30:12 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 12:30:12 -0000 Subject: SUSE-SU-2026:1208-1: important: Security update for ignition Message-ID: <177565141267.15968.8941243618155540314@634a8d224e68> # Security update for ignition Announcement ID: SUSE-SU-2026:1208-1 Release Date: 2026-04-08T07:12:24Z Rating: important References: * bsc#1260251 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for ignition fixes the following issue: * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260251) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1208=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1208=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * ignition-debuginfo-2.15.0-150400.4.14.1 * ignition-dracut-grub2-2.15.0-150400.4.14.1 * ignition-2.15.0-150400.4.14.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * ignition-debuginfo-2.15.0-150400.4.14.1 * ignition-dracut-grub2-2.15.0-150400.4.14.1 * ignition-2.15.0-150400.4.14.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:30:01 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 16:30:01 -0000 Subject: SUSE-RU-2026:20975-1: important: Recommended update for cloud-init Message-ID: <177566580159.16473.9901478369740419461@ea440c8e37cc> # Recommended update for cloud-init Announcement ID: SUSE-RU-2026:20975-1 Release Date: 2026-04-07T13:20:09Z Rating: important References: Affected Products: * SUSE Linux Micro 6.0 An update that can now be installed. ## Description: This update for cloud-init contains the following fixes: * Fix dependency replace -serial with -pyserial * Drop unneeded test dependency on httpretty, fixed long ago ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-653=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * cloud-init-config-suse-25.1.3-2.1 * cloud-init-25.1.3-2.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:30:08 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 16:30:08 -0000 Subject: SUSE-RU-2026:20968-1: important: Recommended update for crypto-policies Message-ID: <177566580861.16473.9363293244412653164@ea440c8e37cc> # Recommended update for crypto-policies Announcement ID: SUSE-RU-2026:20968-1 Release Date: 2026-04-02T13:12:02Z Rating: important References: * bsc#1258311 * bsc#1259825 Affected Products: * SUSE Linux Micro 6.0 An update that has two fixes can now be installed. ## Description: This update for crypto-policies fixes the following issues: * Add PQC support for OpenSSH (bsc#1258311, bsc#1259825) * Enable and prioritize sntrup761x25519-sha512 for OpenSSH by default ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-651=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * crypto-policies-scripts-20230920.570ea89-2.1 * crypto-policies-20230920.570ea89-2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1258311 * https://bugzilla.suse.com/show_bug.cgi?id=1259825 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:30:11 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 16:30:11 -0000 Subject: SUSE-SU-2026:20973-1: important: Security update for cockpit-repos Message-ID: <177566581184.16473.798332135917988803@ea440c8e37cc> # Security update for cockpit-repos Announcement ID: SUSE-SU-2026:20973-1 Release Date: 2026-04-05T02:50:21Z Rating: important References: * bsc#1258637 Cross-References: * CVE-2026-26996 CVSS scores: * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for cockpit-repos fixes the following issue: * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258637). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-478=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * cockpit-repos-4.7-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1258637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:30:14 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 16:30:14 -0000 Subject: SUSE-RU-2026:20972-1: moderate: Recommended update for bash-completion Message-ID: <177566581473.16473.10913928925747437442@ea440c8e37cc> # Recommended update for bash-completion Announcement ID: SUSE-RU-2026:20972-1 Release Date: 2026-04-02T09:16:22Z Rating: moderate References: * bsc#1246923 Affected Products: * SUSE Linux Micro 6.2 An update that has one fix can now be installed. ## Description: This update for bash-completion fixes the following issues: * Skip colon from device names for ethtool (bsc#1246923) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-476=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * bash-completion-2.12.0-160000.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1246923 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:30:22 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 16:30:22 -0000 Subject: SUSE-RU-2026:20971-1: important: Recommended update for selinux-policy Message-ID: <177566582255.16473.14857239802022566262@ea440c8e37cc> # Recommended update for selinux-policy Announcement ID: SUSE-RU-2026:20971-1 Release Date: 2026-04-01T14:55:13Z Rating: important References: * bsc#1237375 * bsc#1255024 * bsc#1255725 * bsc#1259438 * bsc#1259704 Affected Products: * SUSE Linux Micro 6.2 An update that has five fixes can now be installed. ## Description: This update for selinux-policy fixes the following issues: Changes in selinux-policy: Update to version 20250627+git355.5249ba7d5: * Revert "Define file equivalency for /var/opt" (bsc#1259704) * Make stalld stalld_var_run_t labeling rules more generic (bsc#1259438) Update to version 20250627+git351.529352149: * Allow syslog_t access ISC dhcpd /dev/log socket (bsc#1255725) * privoxy: account for openSUSE chroot configuration (bsc#1237375) Update to version 20250627+git347.b8926451e: * Add support for 'mariadb at .service' (bsc#1255024). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-472=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * selinux-policy-targeted-20250627+git355.5249ba7d5-160000.1.1 * selinux-policy-devel-20250627+git355.5249ba7d5-160000.1.1 * selinux-policy-minimum-20250627+git355.5249ba7d5-160000.1.1 * selinux-policy-20250627+git355.5249ba7d5-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1237375 * https://bugzilla.suse.com/show_bug.cgi?id=1255024 * https://bugzilla.suse.com/show_bug.cgi?id=1255725 * https://bugzilla.suse.com/show_bug.cgi?id=1259438 * https://bugzilla.suse.com/show_bug.cgi?id=1259704 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:30:23 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 16:30:23 -0000 Subject: SUSE-RU-2026:20970-1: moderate: Recommended update for kernel-firmware-amdgpu Message-ID: <177566582378.16473.10689816955579426654@ea440c8e37cc> # Recommended update for kernel-firmware-amdgpu Announcement ID: SUSE-RU-2026:20970-1 Release Date: 2026-03-31T09:04:08Z Rating: moderate References: Affected Products: * SUSE Linux Micro 6.2 An update that can now be installed. ## Description: This update for kernel-firmware-amdgpu fixes the following issues: Update to version 20251203 (git commit a0f0e52138e5): * Revert "amdgpu: update GC 11.5.0 firmware" Update to version 20251201 (git commit 934bfe7e1e27): * Reapply "amdgpu: update SMU 14.0.3 firmware" * Revert "amdgpu: update SMU 14.0.3 firmware" * Revert "amdgpu: update GC 10.3.6 firmware" * Revert "amdgpu: update GC 11.5.1 firmware" Update to version 20251125 (git commit 23568a4b9420): * Revert "amdgpu: update GC 11.0.1 firmware" Update to version 20251121 (git commit ff6418d18552): * amdgpu: DMCUB updates for various ASICs Update to version 20251119 (git commit fe13aa9b9830): * amdgpu: update vega20 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update vangogh firmware * amdgpu: update renoir firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update GC 10.3.6 firmware * amdgpu: update VCN 5.0.0 firmware * amdgpu: update SMU 14.0.3 firmware * amdgpu: update PSP 14.0.3 firmware * amdgpu: update GC 12.0.1 firmware * amdgpu: update SMU 14.0.2 firmware * amdgpu: update PSP 14.0.2 firmware * amdgpu: update GC 12.0.0 firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update smu 13.0.7 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update SDMA 6.0.3 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update smu 13.0.0 kicker firmware * amdgpu: update PSP 13.0.0 kicker firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update SMU 13.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update navy flounder firmware * amdgpu: update sienna cichlid firmware * amdgpu: update navi14 firmware * amdgpu: update navi12 firmware * amdgpu: update navi10 firmware * amdgpu: update VCN 5.0.1 firmware * amdgpu: update PSP 13.0.12 firmware * amdgpu: update GC 9.5.0 firmware * amdgpu: update PSP 13.0.14 firmware * amdgpu: update GC 9.4.4 firmware * amdgpu: update PSP 14.0.5 firmware * amdgpu: update GC 11.5.3 firmware * amdgpu: update PSP 14.0.4 firmware * amdgpu: update GC 11.5.2 firmware * amdgpu: update green sardine firmware * amdgpu: update VCN 4.0.3 firmware * amdgpu: update SDMA 4.4.2 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update beige goby firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update aldebaran firmware * amdgpu: add vce1 firmware Update to version 20251107 (git commit b918d0b3cb97): * amdgpu: DMCUB updates for various ASICs Update to version 20251031 (git commit 04b323bb64f9): * amdgpu: DMCUB updates for various ASICs Update to version 20251024 (git commit 9b899c779b8a): * amdgpu: DMCUB updates for various ASICs * amdgpu: DMCUB updates for various ASICs Update to version 20251004 (git commit 757854f42d83): * amdgpu: DMCUB updates for various ASICs * Update VCN for Navi1x, Green Sardine and Renoir Update to version 20250926 (git commit fad361e997ee): * amdgpu: DMCUB updates for various ASICs * Revert "amdgpu: update gc 10.3.6 firmware" Update to version 20250919 (git commit 493de17dee99): * amdgpu: DMCUB updates for various ASICs Update to version 20250916 (git commit add225168d0d): * amdgpu: update PSP 14.0.3 kicker firmware * amdgpu: update vega20 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update vangogh firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update VPE 6.1.0 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update renoir firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update GC 10.3.6 firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update VCN 5.0.0 firmware * amdgpu: update PSP 14.0.3 firmware * amdgpu: update GC 12.0.1 firmware * amdgpu: update SMU 14.0.2 firmware * amdgpu: update PSP 14.0.2 firmware * amdgpu: update GC 12.0.0 firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update SMU 13.0.0 kicker firmware * amdgpu: update PSP 13.0.0 kicker firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update SDMA 6.0.0 firmware * amdgpu: update SMU 13.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update beige goby firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update navy flounder firmware * amdgpu: update sienna cichlid firmware * amdgpu: update navi14 firmware * amdgpu: update navi12 firmware * amdgpu: update navi10 firmware * amdgpu: update VCN 5.0.1 firmware * amdgpu: update PSP 13.0.12 firmware * amdgpu: update GC 9.5.0 firmware * amdgpu: update PSP 13.0.14 firmware * amdgpu: update GC 9.4.4 firmware * amdgpu: update SDMA 6.1.3 firmware * amdgpu: update PSP 14.0.5 firmware * amdgpu: update GC 11.5.3 firmware * amdgpu: update VPE 6.1.3 firmware * amdgpu: update PSP 14.0.4 firmware * amdgpu: update GC 11.5.2 firmware * amdgpu: update green sardine firmware * amdgpu: update VCN 4.0.3 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware Update to version 20250912 (git commit 46730bc6b999): * amdgpu: DMCUB updates for various ASICs Update to version 20250825 (git commit f044bc789f8e): * amdgpu: Update ISP FW for isp v4.1.1 * amdgpu: DMCUB updates for various ASICs Update to version 20250815 (git commit 07ed893df57c): * amdgpu: DMCUB updates for various ASICs Update to version 20250811 (git commit 08ee93ff8ffa): * amdgpu: DMCUB updates for various ASICs Update to version 20250808 (git commit 8f1ce114de6c): * amdgpu: update renoir firmware * amdgpu: add SMU 14.0.3 kicker firmware * amdgpu: add PSP 14.0.3 firmware * amdgpu: add GC 12.0.1 kicker firmware * amdgpu: update navy flounder firmware * amdgpu: update SDMA 6.1.2 firmware * amdgpu: update PSP 14.0.4 firmware * amdgpu: update GC 11.5.2 firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 5.0.0 firmware * amdgpu: update SDMA 7.0.1 firmware * amdgpu: update PSP 14.0.3 firmware * amdgpu: update GC 12.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update vega20 firmware * amdgpu: update SDMA 7.0.0 firmware * amdgpu: update PSP 14.0.2 firmware * amdgpu: update GC 12.0.0 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update GC 10.3.6 firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update SDMA 6.0.2 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update navi14 firmware * amdgpu: update SDMA 6.0.3 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update navi12 firmware * amdgpu: update vangogh firmware * amdgpu: update navi10 firmware * amdgpu: update PSP 13.0.0 kicker firmware * amdgpu: update VCN 5.0.1 firmware * amdgpu: update PSP 13.0.12 firmware * amdgpu: update GC 9.5.0 firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update SDMA 6.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update PSP 13.0.14 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update vpe 6.1.1 firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update SDMA 6.1.1 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update beige goby firmware * amdgpu: update PSP 13.0.8 firmware * amdgpu: update GC 10.3.7 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update SDMA 6.0.1 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update dimgrey_cavefish firmware * amdgpu: update aldebaran firmware Update to version 20250805 (git commit b6b0b15278c7): * amdgpu: Update GCN 4.0.5 microcode * amdgpu: Update SDMA 6.1.0 microcode * amdgpu: Update GC 11.5.0 microcode Update to version 20250725 (git commit 4bb152fb4405): * amdgpu: update dmcub fw for dcn314 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-468=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * kernel-firmware-amdgpu-20251203-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:30:30 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 16:30:30 -0000 Subject: SUSE-SU-2026:20969-1: moderate: Security update for polkit Message-ID: <177566583037.16473.14559485658707421430@ea440c8e37cc> # Security update for polkit Announcement ID: SUSE-SU-2026:20969-1 Release Date: 2026-04-07T11:49:24Z Rating: moderate References: * bsc#1259711 * bsc#1259726 * bsc#1259729 * bsc#1260859 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 * CVE-2026-4897 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-4897 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4897 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4897 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro 6.2 An update that solves four vulnerabilities can now be installed. ## Security update for polkit ### Description: This update for polkit fixes the following issue: * CVE-2026-4897: Fixed possible OOM condition via specially crafted input to `polkit-agent-helper-1` (bsc#1260859). ## Security update for expat ### Description: This update for expat fixes the following issues: * CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). * CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). * CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-466=1 * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-652=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-160000.5.1 * libexpat1-2.7.1-160000.5.1 * expat-debuginfo-2.7.1-160000.5.1 * libexpat1-debuginfo-2.7.1-160000.5.1 * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libpolkit-gobject-1-0-debuginfo-121-4.1 * polkit-121-4.1 * polkit-debuginfo-121-4.1 * libpolkit-agent-1-0-debuginfo-121-4.1 * polkit-debugsource-121-4.1 * libpolkit-gobject-1-0-121-4.1 * libpolkit-agent-1-0-121-4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://www.suse.com/security/cve/CVE-2026-4897.html * https://bugzilla.suse.com/show_bug.cgi?id=1259711 * https://bugzilla.suse.com/show_bug.cgi?id=1259726 * https://bugzilla.suse.com/show_bug.cgi?id=1259729 * https://bugzilla.suse.com/show_bug.cgi?id=1260859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:30:38 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 16:30:38 -0000 Subject: SUSE-SU-2026:20968-1: moderate: Security update for gnutls Message-ID: <177566583863.16473.2874730763816147461@ea440c8e37cc> # Security update for gnutls Announcement ID: SUSE-SU-2026:20968-1 Release Date: 2026-03-30T14:33:01Z Rating: moderate References: * bsc#1254132 * bsc#1257960 * bsc#1258083 * jsc#PED-15752 * jsc#PED-15753 Cross-References: * CVE-2025-14831 * CVE-2025-9820 CVSS scores: * CVE-2025-14831 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-14831 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-14831 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-9820 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-9820 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities, contains two features and has one fix can now be installed. ## Description: This update for gnutls fixes the following issues: * CVE-2025-14831: Fixed DoS via excessive resource consumption during certificate verification. (bsc#1257960) * CVE-2025-9820: Fixed a buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) * Add the functionality to allow to specify the hash algorithm for the PSK. This fixes a bug in the current implementation where the binder is always calculated with SHA256. (bsc#1258083, jsc#PED-15752, jsc#PED-15753) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-464=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libgnutls30-3.8.10-160000.2.1 * gnutls-debuginfo-3.8.10-160000.2.1 * libgnutls30-debuginfo-3.8.10-160000.2.1 * gnutls-debugsource-3.8.10-160000.2.1 * gnutls-3.8.10-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14831.html * https://www.suse.com/security/cve/CVE-2025-9820.html * https://bugzilla.suse.com/show_bug.cgi?id=1254132 * https://bugzilla.suse.com/show_bug.cgi?id=1257960 * https://bugzilla.suse.com/show_bug.cgi?id=1258083 * https://jira.suse.com/browse/PED-15752 * https://jira.suse.com/browse/PED-15753 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:30:41 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 16:30:41 -0000 Subject: SUSE-SU-2026:20967-1: important: Security update for cockpit-repos Message-ID: <177566584140.16473.7962305950184549813@ea440c8e37cc> # Security update for cockpit-repos Announcement ID: SUSE-SU-2026:20967-1 Release Date: 2026-04-05T02:50:21Z Rating: important References: * bsc#1258637 Cross-References: * CVE-2026-26996 CVSS scores: * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for cockpit-repos fixes the following issue: * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258637). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-478=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * cockpit-repos-4.7-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1258637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:30:44 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 16:30:44 -0000 Subject: SUSE-RU-2026:20966-1: moderate: Recommended update for bash-completion Message-ID: <177566584402.16473.16684528448415084722@ea440c8e37cc> # Recommended update for bash-completion Announcement ID: SUSE-RU-2026:20966-1 Release Date: 2026-04-02T09:16:22Z Rating: moderate References: * bsc#1246923 Affected Products: * SUSE Linux Micro 6.2 An update that has one fix can now be installed. ## Description: This update for bash-completion fixes the following issues: * Skip colon from device names for ethtool (bsc#1246923) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-476=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * bash-completion-2.12.0-160000.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1246923 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:30:51 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 16:30:51 -0000 Subject: SUSE-RU-2026:20965-1: important: Recommended update for selinux-policy Message-ID: <177566585179.16473.13327512718018508679@ea440c8e37cc> # Recommended update for selinux-policy Announcement ID: SUSE-RU-2026:20965-1 Release Date: 2026-04-01T14:55:13Z Rating: important References: * bsc#1237375 * bsc#1255024 * bsc#1255725 * bsc#1259438 * bsc#1259704 Affected Products: * SUSE Linux Micro 6.2 An update that has five fixes can now be installed. ## Description: This update for selinux-policy fixes the following issues: Changes in selinux-policy: Update to version 20250627+git355.5249ba7d5: * Revert "Define file equivalency for /var/opt" (bsc#1259704) * Make stalld stalld_var_run_t labeling rules more generic (bsc#1259438) Update to version 20250627+git351.529352149: * Allow syslog_t access ISC dhcpd /dev/log socket (bsc#1255725) * privoxy: account for openSUSE chroot configuration (bsc#1237375) Update to version 20250627+git347.b8926451e: * Add support for 'mariadb at .service' (bsc#1255024). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-472=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * selinux-policy-targeted-20250627+git355.5249ba7d5-160000.1.1 * selinux-policy-devel-20250627+git355.5249ba7d5-160000.1.1 * selinux-policy-minimum-20250627+git355.5249ba7d5-160000.1.1 * selinux-policy-20250627+git355.5249ba7d5-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1237375 * https://bugzilla.suse.com/show_bug.cgi?id=1255024 * https://bugzilla.suse.com/show_bug.cgi?id=1255725 * https://bugzilla.suse.com/show_bug.cgi?id=1259438 * https://bugzilla.suse.com/show_bug.cgi?id=1259704 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:30:53 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 16:30:53 -0000 Subject: SUSE-RU-2026:20964-1: moderate: Recommended update for kernel-firmware-amdgpu Message-ID: <177566585327.16473.1937844300214277826@ea440c8e37cc> # Recommended update for kernel-firmware-amdgpu Announcement ID: SUSE-RU-2026:20964-1 Release Date: 2026-03-31T09:04:08Z Rating: moderate References: Affected Products: * SUSE Linux Micro 6.2 An update that can now be installed. ## Description: This update for kernel-firmware-amdgpu fixes the following issues: Update to version 20251203 (git commit a0f0e52138e5): * Revert "amdgpu: update GC 11.5.0 firmware" Update to version 20251201 (git commit 934bfe7e1e27): * Reapply "amdgpu: update SMU 14.0.3 firmware" * Revert "amdgpu: update SMU 14.0.3 firmware" * Revert "amdgpu: update GC 10.3.6 firmware" * Revert "amdgpu: update GC 11.5.1 firmware" Update to version 20251125 (git commit 23568a4b9420): * Revert "amdgpu: update GC 11.0.1 firmware" Update to version 20251121 (git commit ff6418d18552): * amdgpu: DMCUB updates for various ASICs Update to version 20251119 (git commit fe13aa9b9830): * amdgpu: update vega20 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update vangogh firmware * amdgpu: update renoir firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update GC 10.3.6 firmware * amdgpu: update VCN 5.0.0 firmware * amdgpu: update SMU 14.0.3 firmware * amdgpu: update PSP 14.0.3 firmware * amdgpu: update GC 12.0.1 firmware * amdgpu: update SMU 14.0.2 firmware * amdgpu: update PSP 14.0.2 firmware * amdgpu: update GC 12.0.0 firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update smu 13.0.7 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update SDMA 6.0.3 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update smu 13.0.0 kicker firmware * amdgpu: update PSP 13.0.0 kicker firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update SMU 13.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update navy flounder firmware * amdgpu: update sienna cichlid firmware * amdgpu: update navi14 firmware * amdgpu: update navi12 firmware * amdgpu: update navi10 firmware * amdgpu: update VCN 5.0.1 firmware * amdgpu: update PSP 13.0.12 firmware * amdgpu: update GC 9.5.0 firmware * amdgpu: update PSP 13.0.14 firmware * amdgpu: update GC 9.4.4 firmware * amdgpu: update PSP 14.0.5 firmware * amdgpu: update GC 11.5.3 firmware * amdgpu: update PSP 14.0.4 firmware * amdgpu: update GC 11.5.2 firmware * amdgpu: update green sardine firmware * amdgpu: update VCN 4.0.3 firmware * amdgpu: update SDMA 4.4.2 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update beige goby firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update aldebaran firmware * amdgpu: add vce1 firmware Update to version 20251107 (git commit b918d0b3cb97): * amdgpu: DMCUB updates for various ASICs Update to version 20251031 (git commit 04b323bb64f9): * amdgpu: DMCUB updates for various ASICs Update to version 20251024 (git commit 9b899c779b8a): * amdgpu: DMCUB updates for various ASICs * amdgpu: DMCUB updates for various ASICs Update to version 20251004 (git commit 757854f42d83): * amdgpu: DMCUB updates for various ASICs * Update VCN for Navi1x, Green Sardine and Renoir Update to version 20250926 (git commit fad361e997ee): * amdgpu: DMCUB updates for various ASICs * Revert "amdgpu: update gc 10.3.6 firmware" Update to version 20250919 (git commit 493de17dee99): * amdgpu: DMCUB updates for various ASICs Update to version 20250916 (git commit add225168d0d): * amdgpu: update PSP 14.0.3 kicker firmware * amdgpu: update vega20 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update vangogh firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update VPE 6.1.0 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update renoir firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update GC 10.3.6 firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update VCN 5.0.0 firmware * amdgpu: update PSP 14.0.3 firmware * amdgpu: update GC 12.0.1 firmware * amdgpu: update SMU 14.0.2 firmware * amdgpu: update PSP 14.0.2 firmware * amdgpu: update GC 12.0.0 firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update SMU 13.0.0 kicker firmware * amdgpu: update PSP 13.0.0 kicker firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update SDMA 6.0.0 firmware * amdgpu: update SMU 13.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update beige goby firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update navy flounder firmware * amdgpu: update sienna cichlid firmware * amdgpu: update navi14 firmware * amdgpu: update navi12 firmware * amdgpu: update navi10 firmware * amdgpu: update VCN 5.0.1 firmware * amdgpu: update PSP 13.0.12 firmware * amdgpu: update GC 9.5.0 firmware * amdgpu: update PSP 13.0.14 firmware * amdgpu: update GC 9.4.4 firmware * amdgpu: update SDMA 6.1.3 firmware * amdgpu: update PSP 14.0.5 firmware * amdgpu: update GC 11.5.3 firmware * amdgpu: update VPE 6.1.3 firmware * amdgpu: update PSP 14.0.4 firmware * amdgpu: update GC 11.5.2 firmware * amdgpu: update green sardine firmware * amdgpu: update VCN 4.0.3 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware Update to version 20250912 (git commit 46730bc6b999): * amdgpu: DMCUB updates for various ASICs Update to version 20250825 (git commit f044bc789f8e): * amdgpu: Update ISP FW for isp v4.1.1 * amdgpu: DMCUB updates for various ASICs Update to version 20250815 (git commit 07ed893df57c): * amdgpu: DMCUB updates for various ASICs Update to version 20250811 (git commit 08ee93ff8ffa): * amdgpu: DMCUB updates for various ASICs Update to version 20250808 (git commit 8f1ce114de6c): * amdgpu: update renoir firmware * amdgpu: add SMU 14.0.3 kicker firmware * amdgpu: add PSP 14.0.3 firmware * amdgpu: add GC 12.0.1 kicker firmware * amdgpu: update navy flounder firmware * amdgpu: update SDMA 6.1.2 firmware * amdgpu: update PSP 14.0.4 firmware * amdgpu: update GC 11.5.2 firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 5.0.0 firmware * amdgpu: update SDMA 7.0.1 firmware * amdgpu: update PSP 14.0.3 firmware * amdgpu: update GC 12.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update vega20 firmware * amdgpu: update SDMA 7.0.0 firmware * amdgpu: update PSP 14.0.2 firmware * amdgpu: update GC 12.0.0 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update GC 10.3.6 firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update SDMA 6.0.2 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update navi14 firmware * amdgpu: update SDMA 6.0.3 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update navi12 firmware * amdgpu: update vangogh firmware * amdgpu: update navi10 firmware * amdgpu: update PSP 13.0.0 kicker firmware * amdgpu: update VCN 5.0.1 firmware * amdgpu: update PSP 13.0.12 firmware * amdgpu: update GC 9.5.0 firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update SDMA 6.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update PSP 13.0.14 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update vpe 6.1.1 firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update SDMA 6.1.1 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update beige goby firmware * amdgpu: update PSP 13.0.8 firmware * amdgpu: update GC 10.3.7 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update SDMA 6.0.1 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update dimgrey_cavefish firmware * amdgpu: update aldebaran firmware Update to version 20250805 (git commit b6b0b15278c7): * amdgpu: Update GCN 4.0.5 microcode * amdgpu: Update SDMA 6.1.0 microcode * amdgpu: Update GC 11.5.0 microcode Update to version 20250725 (git commit 4bb152fb4405): * amdgpu: update dmcub fw for dcn314 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-468=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * kernel-firmware-amdgpu-20251203-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:30:58 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 16:30:58 -0000 Subject: SUSE-SU-2026:20963-1: important: Security update for expat Message-ID: <177566585803.16473.17038584042602513615@ea440c8e37cc> # Security update for expat Announcement ID: SUSE-SU-2026:20963-1 Release Date: 2026-03-30T14:58:50Z Rating: important References: * bsc#1259711 * bsc#1259726 * bsc#1259729 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). * CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). * CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-466=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-160000.5.1 * libexpat1-2.7.1-160000.5.1 * expat-debuginfo-2.7.1-160000.5.1 * libexpat1-debuginfo-2.7.1-160000.5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259711 * https://bugzilla.suse.com/show_bug.cgi?id=1259726 * https://bugzilla.suse.com/show_bug.cgi?id=1259729 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:31:03 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 16:31:03 -0000 Subject: SUSE-SU-2026:20962-1: moderate: Security update for gnutls Message-ID: <177566586374.16473.441958553707443469@ea440c8e37cc> # Security update for gnutls Announcement ID: SUSE-SU-2026:20962-1 Release Date: 2026-03-30T14:33:01Z Rating: moderate References: * bsc#1254132 * bsc#1257960 * bsc#1258083 * jsc#PED-15752 * jsc#PED-15753 Cross-References: * CVE-2025-14831 * CVE-2025-9820 CVSS scores: * CVE-2025-14831 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-14831 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-14831 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-9820 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-9820 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities, contains two features and has one fix can now be installed. ## Description: This update for gnutls fixes the following issues: * CVE-2025-14831: Fixed DoS via excessive resource consumption during certificate verification. (bsc#1257960) * CVE-2025-9820: Fixed a buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) * Add the functionality to allow to specify the hash algorithm for the PSK. This fixes a bug in the current implementation where the binder is always calculated with SHA256. (bsc#1258083, jsc#PED-15752, jsc#PED-15753) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-464=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libgnutls30-3.8.10-160000.2.1 * gnutls-debuginfo-3.8.10-160000.2.1 * libgnutls30-debuginfo-3.8.10-160000.2.1 * gnutls-debugsource-3.8.10-160000.2.1 * gnutls-3.8.10-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14831.html * https://www.suse.com/security/cve/CVE-2025-9820.html * https://bugzilla.suse.com/show_bug.cgi?id=1254132 * https://bugzilla.suse.com/show_bug.cgi?id=1257960 * https://bugzilla.suse.com/show_bug.cgi?id=1258083 * https://jira.suse.com/browse/PED-15752 * https://jira.suse.com/browse/PED-15753 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:31:05 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 16:31:05 -0000 Subject: SUSE-RU-2026:20961-1: moderate: Recommended update for nm-configurator Message-ID: <177566586510.16473.16844694052574482006@ea440c8e37cc> # Recommended update for nm-configurator Announcement ID: SUSE-RU-2026:20961-1 Release Date: 2026-03-30T12:30:25Z Rating: moderate References: Affected Products: * SUSE Linux Micro 6.2 An update that can now be installed. ## Recommended update for nm-configurator ### Description: This update for nm-configurator fixes the following issues: Changes in nm-configurator: Update to version 0.3.4: * Bump crate version (#189) * Ensure runtime connection dir exists before recreation (#188) * Bump clap from 4.5.46 to 4.5.47 (#186) * Bump log from 0.4.27 to 0.4.28 (#187) * Bump nmstate from 2.2.49 to 2.2.50 (#184) * Bump clap from 4.5.45 to 4.5.46 (#185) * Bump clap from 4.5.43 to 4.5.45 (#183) * Bump anyhow from 1.0.98 to 1.0.99 (#182) * Bump actions/checkout from 4 to 5 (#181) * Bump network-interface from 2.0.2 to 2.0.3 (#179) ## Recommended update for nm-configurator ### Description: This update for nm-configurator fixes the following issues: Changes in nm-configurator: Update to version 0.3.4: * Bump crate version (#189) * Ensure runtime connection dir exists before recreation (#188) * Bump clap from 4.5.46 to 4.5.47 (#186) * Bump log from 0.4.27 to 0.4.28 (#187) * Bump nmstate from 2.2.49 to 2.2.50 (#184) * Bump clap from 4.5.45 to 4.5.46 (#185) * Bump clap from 4.5.43 to 4.5.45 (#183) * Bump anyhow from 1.0.98 to 1.0.99 (#182) * Bump actions/checkout from 4 to 5 (#181) * Bump network-interface from 2.0.2 to 2.0.3 (#179) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-463=1 SUSE-SL-Micro-6.2-463=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * nm-configurator-0.3.4-160000.1.1 * nm-configurator-debugsource-0.3.4-160000.1.1 * nm-configurator-debuginfo-0.3.4-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 16:31:14 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 16:31:14 -0000 Subject: SUSE-SU-2026:1212-1: important: Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5) Message-ID: <177566587426.16473.17836445957732452332@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1212-1 Release Date: 2026-04-08T10:04:55Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.121 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1211=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1212=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1212=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1211=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-9-150500.2.1 * kernel-livepatch-5_14_21-150500_55_121-default-9-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_30-debugsource-9-150500.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_44-debugsource-10-150400.2.1 * kernel-livepatch-5_14_21-150400_24_176-default-10-150400.2.1 * kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-10-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_44-debugsource-10-150400.2.1 * kernel-livepatch-5_14_21-150400_24_176-default-10-150400.2.1 * kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-10-150400.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-9-150500.2.1 * kernel-livepatch-5_14_21-150500_55_121-default-9-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_30-debugsource-9-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 20:30:06 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 20:30:06 -0000 Subject: SUSE-RU-2026:1219-1: important: Recommended update for libteam Message-ID: <177568020625.16953.6460685054015151526@ea440c8e37cc> # Recommended update for libteam Announcement ID: SUSE-RU-2026:1219-1 Release Date: 2026-04-08T15:55:43Z Rating: important References: * bsc#1258224 Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has one fix can now be installed. ## Description: This update for libteam fixes the following issues: * Fix: teamd incorrect Slave MAC (dev_addr) in LACP on SLES15SP7 (bsc#1258224): * teamd: * add port_hwaddr_changed for ab runner * add port_hwaddr_changed for lacp runner * add port_hwaddr_changed for lb runner ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1219=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1219=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1219=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libteam-tools-debuginfo-1.27-150000.4.18.1 * libteam-debuginfo-1.27-150000.4.18.1 * python-libteam-debuginfo-1.27-150000.4.18.1 * python-libteam-1.27-150000.4.18.1 * libteamdctl0-1.27-150000.4.18.1 * libteam5-debuginfo-1.27-150000.4.18.1 * libteamdctl0-debuginfo-1.27-150000.4.18.1 * libteam-debugsource-1.27-150000.4.18.1 * libteam-tools-1.27-150000.4.18.1 * libteam5-1.27-150000.4.18.1 * libteam-devel-1.27-150000.4.18.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libteam-debuginfo-1.27-150000.4.18.1 * libteamdctl0-1.27-150000.4.18.1 * libteam5-debuginfo-1.27-150000.4.18.1 * libteamdctl0-debuginfo-1.27-150000.4.18.1 * libteam-debugsource-1.27-150000.4.18.1 * libteam5-1.27-150000.4.18.1 * libteam-devel-1.27-150000.4.18.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libteam-tools-1.27-150000.4.18.1 * libteam-tools-debuginfo-1.27-150000.4.18.1 * libteam-debugsource-1.27-150000.4.18.1 * libteam-debuginfo-1.27-150000.4.18.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1258224 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 20:30:13 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 20:30:13 -0000 Subject: SUSE-SU-2026:1218-1: moderate: Security update for python-requests Message-ID: <177568021365.16953.6417901656722323371@ea440c8e37cc> # Security update for python-requests Announcement ID: SUSE-SU-2026:1218-1 Release Date: 2026-04-08T14:39:50Z Rating: moderate References: * bsc#1260589 Cross-References: * CVE-2026-25645 CVSS scores: * CVE-2026-25645 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-25645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-25645 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N * CVE-2026-25645 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-requests fixes the following issues: * CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2026-1218=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1218=1 ## Package List: * Public Cloud Module 12 (noarch) * python3-requests-2.24.0-8.26.1 * python-requests-2.24.0-8.26.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * python-requests-2.24.0-8.26.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25645.html * https://bugzilla.suse.com/show_bug.cgi?id=1260589 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 20:30:16 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 20:30:16 -0000 Subject: SUSE-SU-2026:1217-1: important: Security update for freerdp Message-ID: <177568021655.16953.7793112255924682002@ea440c8e37cc> # Security update for freerdp Announcement ID: SUSE-SU-2026:1217-1 Release Date: 2026-04-08T12:28:39Z Rating: important References: * bsc#1257991 Cross-References: * CVE-2026-24684 CVSS scores: * CVE-2026-24684 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-24684 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24684 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-24684 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for freerdp fixes the following issue: * CVE-2026-24684: Heap-use-after-free in play_thread (bsc#1257991). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1217=1 openSUSE-SLE-15.6-2026-1217=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1217=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * freerdp-server-2.11.2-150600.4.21.1 * libwinpr2-2-debuginfo-2.11.2-150600.4.21.1 * uwac0-0-devel-2.11.2-150600.4.21.1 * freerdp-proxy-2.11.2-150600.4.21.1 * libfreerdp2-2-2.11.2-150600.4.21.1 * freerdp-debuginfo-2.11.2-150600.4.21.1 * freerdp-devel-2.11.2-150600.4.21.1 * freerdp-debugsource-2.11.2-150600.4.21.1 * freerdp-proxy-debuginfo-2.11.2-150600.4.21.1 * freerdp-2.11.2-150600.4.21.1 * freerdp-wayland-2.11.2-150600.4.21.1 * freerdp-wayland-debuginfo-2.11.2-150600.4.21.1 * libuwac0-0-debuginfo-2.11.2-150600.4.21.1 * libwinpr2-2-2.11.2-150600.4.21.1 * winpr-devel-2.11.2-150600.4.21.1 * libfreerdp2-2-debuginfo-2.11.2-150600.4.21.1 * freerdp-server-debuginfo-2.11.2-150600.4.21.1 * libuwac0-0-2.11.2-150600.4.21.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * freerdp-debuginfo-2.11.2-150600.4.21.1 * freerdp-debugsource-2.11.2-150600.4.21.1 * uwac0-0-devel-2.11.2-150600.4.21.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24684.html * https://bugzilla.suse.com/show_bug.cgi?id=1257991 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 20:30:25 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 20:30:25 -0000 Subject: SUSE-SU-2026:1216-1: important: Security update for openssl-1_1 Message-ID: <177568022565.16953.10786369691915768979@ea440c8e37cc> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2026:1216-1 Release Date: 2026-04-08T12:28:22Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1216=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1216=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libopenssl1_1-debuginfo-1.1.1d-150200.11.109.1 * libopenssl1_1-hmac-1.1.1d-150200.11.109.1 * libopenssl-1_1-devel-1.1.1d-150200.11.109.1 * openssl-1_1-1.1.1d-150200.11.109.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.109.1 * libopenssl1_1-1.1.1d-150200.11.109.1 * openssl-1_1-debugsource-1.1.1d-150200.11.109.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libopenssl1_1-debuginfo-1.1.1d-150200.11.109.1 * libopenssl1_1-hmac-1.1.1d-150200.11.109.1 * libopenssl-1_1-devel-1.1.1d-150200.11.109.1 * openssl-1_1-1.1.1d-150200.11.109.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.109.1 * libopenssl1_1-1.1.1d-150200.11.109.1 * openssl-1_1-debugsource-1.1.1d-150200.11.109.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 20:30:35 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 20:30:35 -0000 Subject: SUSE-SU-2026:1215-1: important: Security update for openssl-3 Message-ID: <177568023528.16953.947027796965071434@ea440c8e37cc> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:1215-1 Release Date: 2026-04-08T12:28:03Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1215=1 openSUSE-SLE-15.6-2026-1215=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1215=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1215=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libopenssl3-debuginfo-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.45.1 * libopenssl3-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-3.1.4-150600.5.45.1 * libopenssl-3-devel-3.1.4-150600.5.45.1 * openssl-3-debuginfo-3.1.4-150600.5.45.1 * openssl-3-3.1.4-150600.5.45.1 * openssl-3-debugsource-3.1.4-150600.5.45.1 * openSUSE Leap 15.6 (x86_64) * libopenssl3-32bit-debuginfo-3.1.4-150600.5.45.1 * libopenssl3-32bit-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.45.1 * libopenssl-3-devel-32bit-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-32bit-3.1.4-150600.5.45.1 * openSUSE Leap 15.6 (noarch) * openssl-3-doc-3.1.4-150600.5.45.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libopenssl-3-devel-64bit-3.1.4-150600.5.45.1 * libopenssl3-64bit-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-64bit-debuginfo-3.1.4-150600.5.45.1 * libopenssl3-64bit-debuginfo-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-64bit-3.1.4-150600.5.45.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl3-debuginfo-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.45.1 * libopenssl3-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-3.1.4-150600.5.45.1 * libopenssl-3-devel-3.1.4-150600.5.45.1 * openssl-3-debuginfo-3.1.4-150600.5.45.1 * openssl-3-3.1.4-150600.5.45.1 * openssl-3-debugsource-3.1.4-150600.5.45.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libopenssl3-32bit-debuginfo-3.1.4-150600.5.45.1 * libopenssl3-32bit-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-32bit-3.1.4-150600.5.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libopenssl3-debuginfo-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-debuginfo-3.1.4-150600.5.45.1 * libopenssl3-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-3.1.4-150600.5.45.1 * libopenssl-3-devel-3.1.4-150600.5.45.1 * openssl-3-debuginfo-3.1.4-150600.5.45.1 * openssl-3-3.1.4-150600.5.45.1 * openssl-3-debugsource-3.1.4-150600.5.45.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libopenssl3-32bit-debuginfo-3.1.4-150600.5.45.1 * libopenssl3-32bit-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-32bit-debuginfo-3.1.4-150600.5.45.1 * libopenssl-3-fips-provider-32bit-3.1.4-150600.5.45.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 20:30:43 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 20:30:43 -0000 Subject: SUSE-SU-2026:1214-1: important: Security update for openssl-3 Message-ID: <177568024370.16953.14986277234433488429@ea440c8e37cc> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:1214-1 Release Date: 2026-04-08T12:27:50Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1214=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1214=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1214=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1214=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1214=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1214=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1214=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1214=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1214=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * openssl-3-3.0.8-150400.4.81.1 * openssl-3-debugsource-3.0.8-150400.4.81.1 * libopenssl3-3.0.8-150400.4.81.1 * openssl-3-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-debuginfo-3.0.8-150400.4.81.1 * libopenssl-3-devel-3.0.8-150400.4.81.1 * openSUSE Leap 15.4 (x86_64) * libopenssl3-32bit-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-32bit-3.0.8-150400.4.81.1 * libopenssl-3-devel-32bit-3.0.8-150400.4.81.1 * openSUSE Leap 15.4 (noarch) * openssl-3-doc-3.0.8-150400.4.81.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libopenssl3-64bit-3.0.8-150400.4.81.1 * libopenssl-3-devel-64bit-3.0.8-150400.4.81.1 * libopenssl3-64bit-debuginfo-3.0.8-150400.4.81.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * openssl-3-debugsource-3.0.8-150400.4.81.1 * libopenssl3-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-3.0.8-150400.4.81.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * openssl-3-debugsource-3.0.8-150400.4.81.1 * libopenssl3-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-3.0.8-150400.4.81.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * openssl-3-debugsource-3.0.8-150400.4.81.1 * libopenssl3-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-3.0.8-150400.4.81.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * openssl-3-debugsource-3.0.8-150400.4.81.1 * libopenssl3-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-3.0.8-150400.4.81.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * openssl-3-3.0.8-150400.4.81.1 * openssl-3-debugsource-3.0.8-150400.4.81.1 * libopenssl3-3.0.8-150400.4.81.1 * openssl-3-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-debuginfo-3.0.8-150400.4.81.1 * libopenssl-3-devel-3.0.8-150400.4.81.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * openssl-3-3.0.8-150400.4.81.1 * openssl-3-debugsource-3.0.8-150400.4.81.1 * libopenssl3-3.0.8-150400.4.81.1 * openssl-3-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-debuginfo-3.0.8-150400.4.81.1 * libopenssl-3-devel-3.0.8-150400.4.81.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * openssl-3-3.0.8-150400.4.81.1 * openssl-3-debugsource-3.0.8-150400.4.81.1 * libopenssl3-3.0.8-150400.4.81.1 * openssl-3-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-debuginfo-3.0.8-150400.4.81.1 * libopenssl-3-devel-3.0.8-150400.4.81.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * openssl-3-3.0.8-150400.4.81.1 * openssl-3-debugsource-3.0.8-150400.4.81.1 * libopenssl3-3.0.8-150400.4.81.1 * openssl-3-debuginfo-3.0.8-150400.4.81.1 * libopenssl3-debuginfo-3.0.8-150400.4.81.1 * libopenssl-3-devel-3.0.8-150400.4.81.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 20:30:52 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 08 Apr 2026 20:30:52 -0000 Subject: SUSE-SU-2026:1213-1: important: Security update for openssl-3 Message-ID: <177568025212.16953.13197115556339857998@ea440c8e37cc> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:1213-1 Release Date: 2026-04-08T12:27:11Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1213=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1213=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1213=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1213=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1213=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl-3-devel-3.0.8-150500.5.60.1 * libopenssl3-debuginfo-3.0.8-150500.5.60.1 * openssl-3-debuginfo-3.0.8-150500.5.60.1 * libopenssl3-3.0.8-150500.5.60.1 * openssl-3-debugsource-3.0.8-150500.5.60.1 * openssl-3-3.0.8-150500.5.60.1 * openSUSE Leap 15.5 (x86_64) * libopenssl3-32bit-3.0.8-150500.5.60.1 * libopenssl-3-devel-32bit-3.0.8-150500.5.60.1 * libopenssl3-32bit-debuginfo-3.0.8-150500.5.60.1 * openSUSE Leap 15.5 (noarch) * openssl-3-doc-3.0.8-150500.5.60.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl3-64bit-debuginfo-3.0.8-150500.5.60.1 * libopenssl3-64bit-3.0.8-150500.5.60.1 * libopenssl-3-devel-64bit-3.0.8-150500.5.60.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libopenssl-3-devel-3.0.8-150500.5.60.1 * libopenssl3-debuginfo-3.0.8-150500.5.60.1 * openssl-3-debuginfo-3.0.8-150500.5.60.1 * libopenssl3-3.0.8-150500.5.60.1 * openssl-3-debugsource-3.0.8-150500.5.60.1 * openssl-3-3.0.8-150500.5.60.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libopenssl-3-devel-3.0.8-150500.5.60.1 * libopenssl3-debuginfo-3.0.8-150500.5.60.1 * openssl-3-debuginfo-3.0.8-150500.5.60.1 * libopenssl3-3.0.8-150500.5.60.1 * openssl-3-debugsource-3.0.8-150500.5.60.1 * openssl-3-3.0.8-150500.5.60.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl-3-devel-3.0.8-150500.5.60.1 * libopenssl3-debuginfo-3.0.8-150500.5.60.1 * openssl-3-debuginfo-3.0.8-150500.5.60.1 * libopenssl3-3.0.8-150500.5.60.1 * openssl-3-debugsource-3.0.8-150500.5.60.1 * openssl-3-3.0.8-150500.5.60.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libopenssl-3-devel-3.0.8-150500.5.60.1 * libopenssl3-debuginfo-3.0.8-150500.5.60.1 * openssl-3-debuginfo-3.0.8-150500.5.60.1 * libopenssl3-3.0.8-150500.5.60.1 * openssl-3-debugsource-3.0.8-150500.5.60.1 * openssl-3-3.0.8-150500.5.60.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 08:30:17 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 08:30:17 -0000 Subject: SUSE-SU-2026:1221-1: important: Security update for the Linux Kernel (Live Patch 67 for SUSE Linux Enterprise 12 SP5) Message-ID: <177572341707.18282.16004061530794837605@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 67 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1221-1 Release Date: 2026-04-08T16:04:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1255235 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.255 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1221=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_255-default-15-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 08:30:20 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 08:30:20 -0000 Subject: SUSE-SU-2026:1220-1: moderate: Security update for python-poetry Message-ID: <177572342072.18282.3665669184337058049@ea440c8e37cc> # Security update for python-poetry Announcement ID: SUSE-SU-2026:1220-1 Release Date: 2026-04-08T16:03:10Z Rating: moderate References: * bsc#1261383 Cross-References: * CVE-2026-34591 CVSS scores: * CVE-2026-34591 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34591 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-34591 ( NVD ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for python-poetry fixes the following issue: * CVE-2026-34591: From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write (bsc#1261383). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1220=1 ## Package List: * openSUSE Leap 15.6 (noarch) * python311-poetry-1.7.1-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34591.html * https://bugzilla.suse.com/show_bug.cgi?id=1261383 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 12:30:21 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 12:30:21 -0000 Subject: SUSE-SU-2026:1225-1: important: Security update for the Linux Kernel (Live Patch 15 for SUSE Linux Enterprise 15 SP6) Message-ID: <177573782113.18853.11387753194210804971@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 15 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1225-1 Release Date: 2026-04-09T01:53:44Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.70 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1225=1 SUSE-2026-1224=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1225=1 SUSE-SLE- Module-Live-Patching-15-SP6-2026-1224=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_73-default-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-8-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-8-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_15-debugsource-8-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_16-debugsource-5-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_73-default-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-5-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-8-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-8-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_15-debugsource-8-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_16-debugsource-5-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 12:30:32 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 12:30:32 -0000 Subject: SUSE-SU-2026:1222-1: important: Security update for the Linux Kernel (Live Patch 40 for SUSE Linux Enterprise 15 SP4) Message-ID: <177573783286.18853.10903690656516104648@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 40 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1222-1 Release Date: 2026-04-09T02:36:32Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.164 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1222=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1222=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1226=1 SUSE-2026-1223=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1226=1 SUSE-SLE- Module-Live-Patching-15-SP4-2026-1223=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-7-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_31-debugsource-7-150500.2.1 * kernel-livepatch-5_14_21-150500_55_124-default-7-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-7-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_31-debugsource-7-150500.2.1 * kernel-livepatch-5_14_21-150500_55_124-default-7-150500.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_40-debugsource-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-11-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_43-debugsource-11-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_173-default-11-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_40-debugsource-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-11-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_43-debugsource-11-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_164-default-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_173-default-11-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:05 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:30:05 -0000 Subject: SUSE-SU-2026:20997-1: important: Security update for cockpit-repos Message-ID: <177575220572.22761.16051508916223492422@7334c935c7bb> # Security update for cockpit-repos Announcement ID: SUSE-SU-2026:20997-1 Release Date: 2026-04-05T02:55:36Z Rating: important References: * bsc#1258637 Cross-References: * CVE-2026-26996 CVSS scores: * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for cockpit-repos fixes the following issue: * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258637). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-478=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * cockpit-repos-4.7-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1258637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:07 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:30:07 -0000 Subject: SUSE-RU-2026:20996-1: moderate: Recommended update for rust1.94 Message-ID: <177575220707.22761.16237647894888832465@7334c935c7bb> # Recommended update for rust1.94 Announcement ID: SUSE-RU-2026:20996-1 Release Date: 2026-04-02T15:36:23Z Rating: moderate References: * jsc#PED-11412 Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that contains one feature can now be installed. ## Description: This update for rust1.94 fixes the following issues: This update adds rust1.94. Release notes can be found externally: https://github.com/rust- lang/rust/releases/tag/1.94.0 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-477=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * cargo1.94-1.94.0-160000.1.1 * cargo1.94-debuginfo-1.94.0-160000.1.1 * rust1.94-debuginfo-1.94.0-160000.1.1 * cargo-1.94.0-160000.1.1 * rust-1.94.0-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.94-1.94.0-160000.1.1 ## References: * https://jira.suse.com/browse/PED-11412 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:12 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:30:12 -0000 Subject: SUSE-SU-2026:20995-1: low: Security update for dnsdist Message-ID: <177575221253.22761.5471570077280157426@7334c935c7bb> # Security update for dnsdist Announcement ID: SUSE-SU-2026:20995-1 Release Date: 2026-04-02T09:11:51Z Rating: low References: * bsc#1250054 * bsc#1253852 Cross-References: * CVE-2025-30187 * CVE-2025-8671 CVSS scores: * CVE-2025-30187 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-30187 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-30187 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-8671 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-8671 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-8671 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for dnsdist fixes the following issues: Update to dnsdist 1.9.11: * CVE-2025-8671: add mitigations for the HTTP/2 MadeYouReset attack (bsc#1253852). * CVE-2025-30187: denial of service via crafted DoH exchange (bsc#1250054). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-475=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 s390x x86_64) * dnsdist-debugsource-1.9.11-160000.1.1 * dnsdist-1.9.11-160000.1.1 * dnsdist-debuginfo-1.9.11-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-30187.html * https://www.suse.com/security/cve/CVE-2025-8671.html * https://bugzilla.suse.com/show_bug.cgi?id=1250054 * https://bugzilla.suse.com/show_bug.cgi?id=1253852 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:16 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:30:16 -0000 Subject: SUSE-RU-2026:20994-1: moderate: Recommended update for bash-completion Message-ID: <177575221642.22761.6856519696678182157@7334c935c7bb> # Recommended update for bash-completion Announcement ID: SUSE-RU-2026:20994-1 Release Date: 2026-04-02T09:10:37Z Rating: moderate References: * bsc#1246923 Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that has one fix can now be installed. ## Description: This update for bash-completion fixes the following issues: * Skip colon from device names for ethtool (bsc#1246923) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-476=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * bash-completion-devel-2.12.0-160000.3.1 * bash-completion-doc-2.12.0-160000.3.1 * bash-completion-2.12.0-160000.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1246923 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:20 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:30:20 -0000 Subject: SUSE-SU-2026:20993-1: important: Security update for perl-XML-Parser Message-ID: <177575222040.22761.8830298257529436440@7334c935c7bb> # Security update for perl-XML-Parser Announcement ID: SUSE-SU-2026:20993-1 Release Date: 2026-04-01T16:23:38Z Rating: important References: * bsc#1259901 * bsc#1259902 Cross-References: * CVE-2006-10002 * CVE-2006-10003 CVSS scores: * CVE-2006-10002 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2006-10002 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2006-10002 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2006-10002 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2006-10003 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2006-10003 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2006-10003 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2006-10003 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for perl-XML-Parser fixes the following issues: * CVE-2006-10002: heap buffer overflow in `parse_stream` when processing UTF-8 input streams (bsc#1259901). * CVE-2006-10003: off-by-one heap buffer overflow in `st_serial_stack` (bsc#1259902). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-474=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * perl-XML-Parser-2.470.0-160000.3.1 * perl-XML-Parser-debugsource-2.470.0-160000.3.1 * perl-XML-Parser-debuginfo-2.470.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2006-10002.html * https://www.suse.com/security/cve/CVE-2006-10003.html * https://bugzilla.suse.com/show_bug.cgi?id=1259901 * https://bugzilla.suse.com/show_bug.cgi?id=1259902 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:23 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:30:23 -0000 Subject: SUSE-SU-2026:20992-1: important: Security update for python-Pillow Message-ID: <177575222314.22761.601739955470722763@7334c935c7bb> # Security update for python-Pillow Announcement ID: SUSE-SU-2026:20992-1 Release Date: 2026-04-01T14:57:29Z Rating: important References: * bsc#1258125 Cross-References: * CVE-2026-25990 CVSS scores: * CVE-2026-25990 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25990 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25990 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25990 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-Pillow fixes the following issues: * CVE-2026-25990: Fixed an out-of-bounds write when opening a specially crafted PSD image. (bsc#1258125) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-473=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * python313-Pillow-tk-11.3.0-160000.3.1 * python313-Pillow-tk-debuginfo-11.3.0-160000.3.1 * python-Pillow-debugsource-11.3.0-160000.3.1 * python313-Pillow-11.3.0-160000.3.1 * python313-Pillow-debuginfo-11.3.0-160000.3.1 * python-Pillow-debuginfo-11.3.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25990.html * https://bugzilla.suse.com/show_bug.cgi?id=1258125 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:30 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:30:30 -0000 Subject: SUSE-RU-2026:20991-1: important: Recommended update for selinux-policy Message-ID: <177575223074.22761.12127383805512172797@7334c935c7bb> # Recommended update for selinux-policy Announcement ID: SUSE-RU-2026:20991-1 Release Date: 2026-04-01T14:56:43Z Rating: important References: * bsc#1237375 * bsc#1255024 * bsc#1255725 * bsc#1259438 * bsc#1259704 Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that has five fixes can now be installed. ## Description: This update for selinux-policy fixes the following issues: Changes in selinux-policy: Update to version 20250627+git355.5249ba7d5: * Revert "Define file equivalency for /var/opt" (bsc#1259704) * Make stalld stalld_var_run_t labeling rules more generic (bsc#1259438) Update to version 20250627+git351.529352149: * Allow syslog_t access ISC dhcpd /dev/log socket (bsc#1255725) * privoxy: account for openSUSE chroot configuration (bsc#1237375) Update to version 20250627+git347.b8926451e: * Add support for 'mariadb at .service' (bsc#1255024). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-472=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * selinux-policy-20250627+git355.5249ba7d5-160000.1.1 * selinux-policy-doc-20250627+git355.5249ba7d5-160000.1.1 * selinux-policy-devel-20250627+git355.5249ba7d5-160000.1.1 * selinux-policy-sandbox-20250627+git355.5249ba7d5-160000.1.1 * selinux-policy-minimum-20250627+git355.5249ba7d5-160000.1.1 * selinux-policy-targeted-20250627+git355.5249ba7d5-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1237375 * https://bugzilla.suse.com/show_bug.cgi?id=1255024 * https://bugzilla.suse.com/show_bug.cgi?id=1255725 * https://bugzilla.suse.com/show_bug.cgi?id=1259438 * https://bugzilla.suse.com/show_bug.cgi?id=1259704 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:39 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:30:39 -0000 Subject: SUSE-FU-2026:20990-1: important: Feature update for himmelblau Message-ID: <177575223916.22761.16730823685166384797@7334c935c7bb> # Feature update for himmelblau Announcement ID: SUSE-FU-2026:20990-1 Release Date: 2026-04-01T09:26:05Z Rating: important References: * bsc#1247735 * bsc#1249013 * bsc#1257904 * bsc#1258236 * bsc#1259548 * jsc#PED-14511 Cross-References: * CVE-2025-54882 * CVE-2025-58160 * CVE-2026-25727 * CVE-2026-31979 CVSS scores: * CVE-2025-54882 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-54882 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-54882 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-58160 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-58160 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2025-58160 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25727 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-31979 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-31979 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves four vulnerabilities, contains one feature and has one fix can now be installed. ## Description: This update for himmelblau fixes the following issues: Update to himmelblau 2.3.8 (jsc#PED-14511): Security issues: * CVE-2025-54882: world readable cloud TGT token (bsc#1247735). * CVE-2025-58160: tracing-subscriber: Tracing log pollution (bsc#1249013). * CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257904). * CVE-2026-31979: race condition when accessiung /tmp/krb5cc_ (bsc#1259548). Non security issues: * Fix SELinux module packaging to use standard policy macros (bsc#1258236). Changelog: Version 2.3.8: * Add PrivateTmp back to Tasks Daemon * Drop dead code * Drop krb5 ccache dir code * Add a TODO comment * Drop non working packaged krb5 snippet file * Write kerberos config snippet * Extend resolver interface to return kerberos config together with TGTs * Backport SELinux fixes from main * Use libkrimes to store TGTs Version 2.3.7: * cargo vet * Fix AWS-LC has PKCS7_verify Certificate Chain Validation Bypass * Revert dependency change which broke the nightly build * gen_dockerfiles: only himmelblaud has tpm feature, fix all others * fix(build): gen_dockerfiles.py mutates shared features list mid-loop Version 2.3.5: * Better handle Intune API version * Update make vet from main branch * pam_himmelblau: call split_username once in chauthtok * pam_himmelblau: return PAM_IGNORE in chauthtok for local users * Don't attempt a DAG when Hello fails with SSPR demand Version 2.3.4: * deps(rust): bump the all-cargo-updates group across 1 directory with 8 updates * Revert sketching update (which breaks SLE16 build) Version 2.3.3: * /var/cache/private/himmelblaud should not be created tmpfiles * Updatee python vers for dataclasses dep * deps(rust): bump the all-cargo-updates group across 1 directory with 3 updates * Generate pin init service file systemd < 250 * Checkin missing himmelblaud.if file for SELinux * Resolve typos in selinux package commands Version 2.3.2: * Compile SELinux policy at install time for cross-distro compatibility * Improve PAM configuration on openSUSE/SLE * Fix SELinux policy * Add a git hook to ensure selinux policy is tested * Ignore generated himmelblau-hsm-pin-init service file * Refactor SELinux policy for cross-distro compatibility * Fix NSS lookup for mapped local users * Skip OS version compliance checks when min/max values are empty Version 2.3.1: * Remove references to qrcodegen (these are 3.x features) * QR Greeter compatibility for old GNOME * Enable QR greeter automatically * ci: Use latest cargo-vet from git to fix CI * Fix HSM pin migration failure on Debian/Ubuntu upgrades from v1.4.x Version 2.3.0: * Autostart the daemons on fresh install or upgrade * Restart sshd when installing the ssh config * Allow tasks daemon to write krb ccache * Do not enumerate mapped users in NSS * Update libhimmelblau to latest version * Fix Tumbleweed build Version 2.2.0: * Update libhimmelblau to 0.8.x series * deps(rust): bump the all-cargo-updates group with 17 updates * Only use OpenSSH bug workaround for ssh service * Fix debug noise from removing user from sudo group * systemd: install files to /usr/lib/, not /etc/ Version 2.1.0: * Fix nightly authselect build failure * Generate the authselect profiles for each distro * Improve pam config handling in aad-tool * Make `aad-tool configure-pam` detect location of pam files Version 2.0.5: * /var/lib/private/himmelblaud should be owned by root * Use tmpfiles.d to create himmelblaud private data directory * deps(rust): bump the all-cargo-updates group with 13 updates Version 2.0.4: * Update kanidm_build_profiles mask version * Utilize cargo vet from main * Add policies cache patch via systemd-tmpfiles * Fix man page comments about change idmap_range * Stub picky-krb for osc build * Stub a kanidm_build_profiles which builds in osc * Ensure nss cache is created on Ubuntu/Debian * Request a user token if NSS hasn't been called Version 2.0.3: * Add nss cache patch via systemd-tmpfiles Version 2.0.2: * Recommend `patch` with the pam package * Fix passwordless FIDO authentication not being used when available * Git workflow updates for stable-2.x * Only warn on Intune failure Version 2.0.1: * Force o365 desktop files to always rebuild * Always rebuild the o365 apps * Add restart on-failure to systemd services * Clarify `domain` SHOULD match login domain * Remove warning about `domain` himmelblau.conf opt * Pseudo eliminate multi-tenant and domains section * Revert "Fix Hello PIN lookup when an alias domain" * Comment out `KbdInteractiveAuthentication on` in sshd conf * Check the nxset sooner, to avoid unwanted errors * Recommend oddjob_mkhomedir with authselect * Pin libhimmelblau to 0.7.x * Deprecate Fedora 41 * deps(rust): bump the all-cargo-updates group with 11 updates * Bump github/codeql-action from 4.30.8 to 4.31.2 * Bump cachix/install-nix-action from 31.8.1 to 31.8.2 * Bump actions/upload-artifact from 4.6.2 to 5.0.0 * cargo clippy and rebase fix * fixup! add extra debug output to NotFound error code * force error output to show up in CI logs * wrap repeated sources of IdpError::NotFound in helper functions * add extra debug output to NotFound error code * use direnv for loading the nix devshell * We should still encourage mapping by name * Add support for Fedora 43 * Provide a offline 'breakglass' mode * cargo clippy * Add warning about incorrect nsswitch configuration * Distinguish between online and offline token fail * Ensure user token uses original name * Fix alias domain in auth result causing failure * Resolve cargo clippy warnings * Only map on cn name for the primary domain * Install systemd in build scripts for gen service * Fix systemd version parsing * Update libhimmelblau to 0.7.19 * Resolve SELinux build failures in nightly (part 2) * Rocky container image updates were failing * Warn instead of error when no idmap_range specified * deps(rust): bump the all-cargo-updates group across 1 directory with 7 updates * Trim whitespace from local group names * Fix borrowing error * Fix reference to local_sudo_group in condition * Only run sudo_groups if local_groups does not contain local_sudo_group * Leave SELinux in permissive mode for Himmelblau * Resolve SELinux build failures in nightly * nix: add join_type option to nixos-module settings * Build host configuration changes * Ensure that hsm_pin isn't present decrypted * Document Soft HSM changes to TPM bound * Disable SELinux by default on NixOS * sh doesn't have `source` * Encrypt hsm-pin using systemd-creds * Recommend uuid id mapping * Improve himmelblau.conf man page formatting * Implement Local User Mapping * Add o365 dependency for jq * Add selinux rules for gdm login * Narrow the scope of selinux policy with audit2allow * Generate the systemd service files * Fix selinux build for SLE16 * Resolve SLE16 build dependency failure * Fix the rawhide build * Mask the sshkey-attest package * Bump cachix/install-nix-action from 31.7.0 to 31.8.1 * cargo vet dependency updates * deps(rust): bump the all-cargo-updates group across 1 directory with 13 updates * Bump actions/dependency-review-action from 4.8.0 to 4.8.1 * Bump cachix/install-nix-action from 31.7.0 to 31.8.0 * Bump github/codeql-action from 3.30.5 to 4.30.8 * Bump ossf/scorecard-action from 2.4.2 to 2.4.3 * SELinux improvements * Fix a typo in package gen scripts * cargo fmt * Permit NSS response for mapped primary fake group * Fix Nix Error With Fuzz * Decrease CI fuzzer setup time * Document join types * Support for Entra registered devices * Run `cargo test` in a container * Bump cachix/install-nix-action from 31.6.2 to 31.7.0 * deps(rust): bump the all-cargo-updates group across 1 directory with 2 updates * Bump github/codeql-action from 3.30.4 to 3.30.5 * Use pastey crate instead of unmaintained paste * Pin unmaintained serde_cbor dep to serde_cbor_2 * Resolve tower-http `cargo audit` warning * Replace unmaintained fxhash with own version * Resolve warning about workflow top level write permissions * Remove dependabot automerge * Resolve division by 0 in idmap code * [StepSecurity] ci: Harden GitHub Actions * Only idmap against initialized domains * Resolve invalid init of idmap with same domain * Add fuzzing of idmap code * Add basic fuzzing of the config options * Resolve error found by fuzzing * cargo vet prune * deps(rust): bump regex in the all-cargo-updates group * Bump actions/dependency-review-action from 4.7.3 to 4.8.0 * Bump actions/checkout from 3.6.0 to 5.0.0 * Bump cachix/cachix-action from 14 to 16 * Bump ossf/scorecard-action from 2.4.0 to 2.4.2 * Bump cachix/install-nix-action from 25 to 31 * Add the OpenSSF Best Practices badge * Add scorecard badge * [StepSecurity] Apply security best practices * Fix group static mapping * Move aad-tool idmap cache clear to the idmap cmd * Resolve errant "Hello key missing." messages * Update flake.nix * Slow the dependabot update frequency * Audit dependabot updates * deps(rust): bump the all-cargo-updates group across 1 directory with 11 updates * feat: Add support for aarch64 on Debian-based distributions * Resolve possible invalid pointer dereferences * Avoid revealing account ids in debug log * Cause doc links to open in the correct apps * Permit opening multiple instances of Word/Excel * Modify systray and app close behavior * Don't use questionably licensed icons for o365 * Resolve NixOS CI failure * Fix building w/out deprecated interactive feature * Update himmelblau.conf.5 sudo_groups example * Entra group based sudo access * Audited the cargo updates * deps(rust): bump the all-cargo-updates group with 6 updates * Vet libhimmelblau * Add `make vet` command * Update deny.toml * Remove incompatible licenses from deps * Fix RHEL8 package signing * Add SBOM generation * Add an IRP checklist for security incidents * Run the nixos build/release on the correct version * Add crate dependency auditing on MR * Add some exceptions * Initialize cargo vet * Remove in-tree kanidm dependencies * Fix Hello PIN lookup when an alias domain * Raise maximum group lookup from 100 to 999 * Always work with lowercase account names * Modify FUNDING.yml for funding sources * Remove glib dependency * deps(rust): bump the all-cargo-updates group with 10 updates * Add CI check for licenses * Update dependabot.yml to target all stable branches * Add authselect module for Rocky/Fedora * Recommend packages, instead of require * Add a Contributing document * Add a Code of Conduct * add withSelinux flag to nix build, brings SELinux binaries into the build environment. * deps(rust): bump tracing-subscriber in the cargo group * Don't overwrite the himmelblau.conf on rpm upgrade * Add help output to the Makefile * Fix building packages with docker in root mode * Update to latest libhimmelblau and identity_dbus_broker * Make PRT SSO cookie via broker work as well for Edge * Make broker work for Edge * Generate Office 365 desktop apps * Update README * Add `make uninstall` command * Remove the deprecated tests suite * Himmelblau no longer has git submodules * Make install using packages * Add Debian 13 packages * Generate Dockerfiles automatically * Add SELinux configuration * Himmelblau daemon requires system tss user * Add cron dependency for Intune scripts * Do not mangle /usr/etc configuration files * deps(rust): bump the all-cargo-updates group with 7 updates * Add SLE16 (beta) build target * Automatically append to nsswitch.conf in postinst * Correct the RPM postinst script syntax * Fix Kerberos credential cache permissions * Set file owner and group before writing its content * Create SECURITY.md * Rev the dev version to 2.0.0 * Ensure alias domains match when checking Intune device id * Debian 12 doesn't support ConditionPathExists and notify-reload * Write scripts policy to a readable directory * Apply Intune policies right after enrollment * Add more debug instrumentation * Provide device_id to Intune enrollment if not cached * Ensure nss cache directory is created during install * Remove /var/cache/himmelblaud access from tasks daemon * Resolve daemon startup absolute path warnings * Delay Intune enrollment on Device Auth fail * Do not leak the Intune IW service token in the logs Version 1.4.2: * Revert libhimmelblau unstable update Version 1.4.1: * Update Intune to use app version 1.2511.7 Version 1.4.0: * Resolve build failures * deps(rust): bump the all-cargo-updates group across 1 directory with 6 updates Version 1.3.0: * Revert the self-hosted runner name * deps(rust): bump the all-cargo-updates group with 23 updates * Include latest branch in CI * Self hosted runners Version 1.1.0: * Fix policy application * Add remaining Linux password compliance policies * Add custom compliance enforcement * deps(rust): bump the all-cargo-updates group with 3 updates * deps(rust): bump the all-cargo-updates group with 5 updates * Add SLE15SP7 build target * Add RHEL 10 build target * Fix Intermittent auth issue AADSTSError 16000 * Remove old utf8proc dependency * Add `fedora42` build target * Handle PRT expiration and tie to offline auth * Correctly delete the Hello keys on bad pin count * Add ability to disable Hello PIN per-service * Update NixOS support to 25.05 * Handle disabled device by attempting re-enrollment * Always attempt confidential client creds for aad-tool * Include HSM option defs in himmelblau.conf man page * Improve the aad-tool cache-clear command * Add `mfaSshWorkaroundFlag` configuration option to Nix Flake. * Add the ability to remove confidential client creds * If bad PIN count is exceeded, delete the Hello key * deps(rust): bump the all-cargo-updates group with 4 updates * Add instructions for creating developer builds * Fix GDM3 first time login password prompt * Default HsmType should be soft * Add himmelblaud to tss group for TPM startup * Enforce strict order for the systemd units * Update libhimmelblau and compact_jwt * Fix builds w/tpm * aad-tool Authentication flow improvements * Filter out irrelevant debug in aad-tool * Create a unified login experience for aad-tool * Utilize confidential creds for aad-tool enumerate * himmelblau should get posix attributes w/out delegate user access * Always use the Object Id for mapping Group to GID * Update enhancement-request.md for SPI donations * Update bug_report.md with SPI donation * Update build requires in README.md * Update FUNDING.yml with SPI Paypal donation button * Don't break from tasks loop when policies fail * Enroll in Intune as soon as it is enabled * Implement `decoupled hello` behavior * Cache encrypted PRT to disk for offline login SSO * Update to latest hsm-crypto * Enable tpm functionality * Allow altering the password and PIN prompt messages * Ensure Hello PIN lockout happens when online * Cache the build target output to improve build times * Easier build selection w/ Makefile * Revert mistaken removal from Makefile * Make the user wait longer with each incorrect PIN * Make the bad PIN count configurable * Improve aad-tool manpage * aad-tool fails if the user has FIDO2 enabled * Offline auth permits authentication with invalid Hello PIN * PIN complexity to match Windows * Update to latest SSSD idmap code * Add aad-tool options for setting posix attrs * Add scopes and redirect uris aad-tool application create * Add aad-tool commands for managaging extension attrs * Utilize the sidtoname call for object id mapping * Add commands for listing/creating App registrations * Potential fix for code scanning alert no. 2: Workflow does not contain permissions * Potential fix for code scanning alert no. 4: Workflow does not contain permissions * Potential fix for code scanning alert: Workflow does not contain permissions * Never write the app_id to the server config * Disable passwordless Fido by default * Stop using deprecated `users` crate * When group membership lookup fails, use cached groups * aad-tool command for enumerating users and groups * Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security Bypass * Add the configure-pam option to aad-tool man page * Add static idmap cache for on-prem to cloud migration * Update bug_report.md with request for himmelblau.conf * deps(rust): bump the all-cargo-updates group with 2 updates * Update crates in a group * Update crate bumps * Utilize new Intune compliance enforcement via libhimmelblau * Correct the README regarding Intune policy compliance * Disable Chromium policy * Re-enable Intune policy and add scripts and compliance policies * himmelblau.conf alias `domain` as `domains` * Support Fido auth in pam passwd * Add TAP support to himmelblaud and pam passwd * Mixed case names should properly identify Hello Key * Update linux-entra-sso to latest version * Fix group lookup for Entra Id group name * Fix mixed case name lookup from PRT cache * Crate updates * Fix tasks daemon debug output * Remove write locks where unecessary * Fix deadlock in nss * systemd notify fixes * Console * Address Feedback * Order services before gdb/nss-user-target * deps(rust): bump rpassword from 7.3.1 to 7.4.0 * deps(rust): bump tokio from 1.44.2 to 1.45.0 * deps(rust): bump sha2 from 0.10.8 to 0.10.9 * deps(rust): bump systemd-journal-logger from 2.2.0 to 2.2.2 * deps(rust): bump clap from 4.5.31 to 4.5.38 * Update notify-debouncer-full * Update opentelemetry * Update dependencies * deps(rust): bump time from 0.3.39 to 0.3.41 * Replace source filter that blacklists files with filter that whitelists files. * Mark himmelblau.conf as config in rpm * Update README.md * Ensure only the base URL is printed to log * If unix_user_get fails, wait, and try again * Supplying a PRT cookie to SSO doesn't require network * Don't send a password prompt if the network is down * Auth via MFA if Hello PIN fails 3 times * Improve Hello PIN failed auth error * Fix rocky9 build * deps(rust): bump anyhow from 1.0.96 to 1.0.98 * deps(rust): bump libc from 0.2.170 to 0.2.172 * deps(rust): bump cc from 1.2.16 to 1.2.19 * deps(rust): bump tokio from 1.43.0 to 1.44.2 * deps(rust): bump openssl from 0.10.71 to 0.10.72 in the cargo group * deps(rust): bump reqwest from 0.12.12 to 0.12.15 * Update libhimmelblau in Cargo.lock * Fix nss and offline checks for domain aliases * Report error when MS Authenticator denies authorization * Bail out of invalid offline auth * Handle AADSTS errors from BeginAuth response * Never dump failed reqwests to the log * Update sccache-action version to use new cache service * Permit daemon to start when network is down * Add an nss cache for when daemon is down * Additional pam info cues * Proceed with Hello auth even with net down * Indicate to the user what the password and PIN are * Ensure pam messages are seen * Display the minimum PIN length during Hello setup * PAM should loop, not die on error * Ensure prompt msg remains for confirmation * Update bug_report.md * Ignore demands for setting up MS Authenticator * Login fails if Entra is configured to recommend MS authenticator * Add pam configure command to aad-tool * Update README.md with pam passwd instructions * aad-tool authtest needs to map names * Update demo video in README.md * Sign RPM packages * Ensure the pam module is installed correctly for SLE * Improve pam error handling and messaging * Only push cachix builds for stable releases * Terminate linux-entra-sso when browser terminates * On deb, push pam config after install * Increase priority of deb PAM passwd for Himmelblau * Improve offline state handling * Specify request for Entra Id password in PAM * QR Greeter also supports gnome-shell 47 * Fix profile photo loading * Clarify pam_allow_groups in himmelblau.conf man page * Don't hide debug for pam_allow_groups miss * Handle failures in passwordless auth * build all root packages * split config options that can be defined per-domain from those which are global only * configure cachix signing and upload in ci * deps(rust): bump serde_json from 1.0.138 to 1.0.140 * deps(rust): bump serde from 1.0.218 to 1.0.219 * deps(rust): bump time from 0.3.37 to 0.3.39 * deps(rust): bump bytes from 1.10.0 to 1.10.1 * deps(rust): bump pkg-config from 0.3.31 to 0.3.32 * Entra Id is case insensitive, cache lookup must match * deps(rust): bump ring from 0.17.9 to 0.17.13 in the cargo group * Support CompanionAppsNotification mfa method * QR code for gnome-shell greeter * Allow tasks to start if AccountsService dir missing * Remove invalid python dependency from sso package * Fixes https://github.com/himmelblau-idm/himmelblau/issues/397 * Clear server config when clearing cache * Update version in the Cargo.lock * deps(rust): bump async-trait from 0.1.86 to 0.1.87 * deps(rust): bump chrono from 0.4.39 to 0.4.40 * Fix himmelblau.conf man page cn_name_mapping entry * deps(rust): bump pem from 3.0.4 to 3.0.5 * deps(rust): bump serde from 1.0.217 to 1.0.218 Version 1.0.0: * deps(rust): bump cc from 1.2.15 to 1.2.16 * Update workflow versions ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-471=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 x86_64) * libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1 * himmelblau-debuginfo-2.3.8+git0.dec3693-160000.1.1 * pam-himmelblau-2.3.8+git0.dec3693-160000.1.1 * himmelblau-2.3.8+git0.dec3693-160000.1.1 * himmelblau-sso-2.3.8+git0.dec3693-160000.1.1 * himmelblau-sso-debuginfo-2.3.8+git0.dec3693-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1 * himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-54882.html * https://www.suse.com/security/cve/CVE-2025-58160.html * https://www.suse.com/security/cve/CVE-2026-25727.html * https://www.suse.com/security/cve/CVE-2026-31979.html * https://bugzilla.suse.com/show_bug.cgi?id=1247735 * https://bugzilla.suse.com/show_bug.cgi?id=1249013 * https://bugzilla.suse.com/show_bug.cgi?id=1257904 * https://bugzilla.suse.com/show_bug.cgi?id=1258236 * https://bugzilla.suse.com/show_bug.cgi?id=1259548 * https://jira.suse.com/browse/PED-14511 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:42 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:30:42 -0000 Subject: SUSE-SU-2026:20989-1: important: Security update for kea Message-ID: <177575224298.22761.6651877061846179511@7334c935c7bb> # Security update for kea Announcement ID: SUSE-SU-2026:20989-1 Release Date: 2026-04-01T09:24:21Z Rating: important References: * bsc#1252863 * bsc#1260380 Cross-References: * CVE-2025-11232 * CVE-2026-3608 CVSS scores: * CVE-2025-11232 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-11232 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-11232 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3608 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-3608 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3608 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for kea fixes the following issues: Update to 3.0.3: * CVE-2025-11232: invalid characters cause assert (bsc#1252863). * CVE-2026-3608: stack overflow via maliciously crafted message (bsc#1260380). Changelog: * A large number of bracket pairs in a JSON payload directed to any endpoint would result in a stack overflow, due to recursive calls when parsing the JSON. This has been fixed. (CVE-2026-3608) [bsc#1260380] * When a hostname or FQDN received from a client is reduced to an empty string by hostname sanitizing, kea-dhcp4 and kea-dhcp6 will now drop the option. (CVE-2025-11232) [bsc#1252863] * A null dereference is now no longer possible when configuring the Control Agent with a socket that lacks the mandatory socket-name entry. * UNIX sockets are now created as group-writable. * Removed logging an error in ping check hook library if using lease cache treshold. * Fixed deadlock in ping-check hooks library. * Fixed a data race in ping-check hooks library. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-470=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * libkea-log75-3.0.3-160000.1.1 * libkea-dns71-3.0.3-160000.1.1 * kea-hooks-3.0.3-160000.1.1 * libkea-hooks121-3.0.3-160000.1.1 * libkea-stats53-debuginfo-3.0.3-160000.1.1 * libkea-log-interprocess3-3.0.3-160000.1.1 * libkea-log75-debuginfo-3.0.3-160000.1.1 * libkea-dhcp109-debuginfo-3.0.3-160000.1.1 * kea-debugsource-3.0.3-160000.1.1 * libkea-dhcpsrv131-debuginfo-3.0.3-160000.1.1 * libkea-exceptions45-3.0.3-160000.1.1 * libkea-config84-3.0.3-160000.1.1 * libkea-dhcp_ddns68-3.0.3-160000.1.1 * libkea-process91-debuginfo-3.0.3-160000.1.1 * libkea-database76-3.0.3-160000.1.1 * libkea-eval84-debuginfo-3.0.3-160000.1.1 * libkea-config84-debuginfo-3.0.3-160000.1.1 * libkea-stats53-3.0.3-160000.1.1 * libkea-dhcpsrv131-3.0.3-160000.1.1 * libkea-cc83-debuginfo-3.0.3-160000.1.1 * libkea-d2srv63-3.0.3-160000.1.1 * libkea-database76-debuginfo-3.0.3-160000.1.1 * libkea-cfgrpt3-3.0.3-160000.1.1 * kea-devel-debuginfo-3.0.3-160000.1.1 * libkea-util-io12-3.0.3-160000.1.1 * libkea-tcp33-3.0.3-160000.1.1 * libkea-d2srv63-debuginfo-3.0.3-160000.1.1 * libkea-asiolink88-3.0.3-160000.1.1 * libkea-asiolink88-debuginfo-3.0.3-160000.1.1 * libkea-dns71-debuginfo-3.0.3-160000.1.1 * libkea-hooks121-debuginfo-3.0.3-160000.1.1 * libkea-eval84-3.0.3-160000.1.1 * libkea-pgsql88-3.0.3-160000.1.1 * libkea-asiodns62-3.0.3-160000.1.1 * kea-3.0.3-160000.1.1 * libkea-cryptolink64-debuginfo-3.0.3-160000.1.1 * libkea-http87-3.0.3-160000.1.1 * libkea-cfgrpt3-debuginfo-3.0.3-160000.1.1 * libkea-cc83-3.0.3-160000.1.1 * libkea-dhcp_ddns68-debuginfo-3.0.3-160000.1.1 * libkea-mysql88-3.0.3-160000.1.1 * libkea-pgsql88-debuginfo-3.0.3-160000.1.1 * libkea-log-interprocess3-debuginfo-3.0.3-160000.1.1 * python3-kea-3.0.3-160000.1.1 * libkea-util102-3.0.3-160000.1.1 * libkea-asiodns62-debuginfo-3.0.3-160000.1.1 * libkea-tcp33-debuginfo-3.0.3-160000.1.1 * libkea-http87-debuginfo-3.0.3-160000.1.1 * libkea-exceptions45-debuginfo-3.0.3-160000.1.1 * libkea-process91-3.0.3-160000.1.1 * libkea-util102-debuginfo-3.0.3-160000.1.1 * libkea-dhcp109-3.0.3-160000.1.1 * libkea-cryptolink64-3.0.3-160000.1.1 * kea-hooks-debuginfo-3.0.3-160000.1.1 * kea-debuginfo-3.0.3-160000.1.1 * kea-devel-3.0.3-160000.1.1 * libkea-util-io12-debuginfo-3.0.3-160000.1.1 * libkea-mysql88-debuginfo-3.0.3-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * kea-doc-3.0.3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11232.html * https://www.suse.com/security/cve/CVE-2026-3608.html * https://bugzilla.suse.com/show_bug.cgi?id=1252863 * https://bugzilla.suse.com/show_bug.cgi?id=1260380 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:47 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:30:47 -0000 Subject: SUSE-SU-2026:20988-1: important: Security update for gnome-online-accounts, gvfs Message-ID: <177575224763.22761.2558292078806447152@7334c935c7bb> # Security update for gnome-online-accounts, gvfs Announcement ID: SUSE-SU-2026:20988-1 Release Date: 2026-03-31T09:11:58Z Rating: important References: * bsc#1258953 * bsc#1258954 Cross-References: * CVE-2026-28295 * CVE-2026-28296 CVSS scores: * CVE-2026-28295 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-28295 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28295 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28296 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-28296 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-28296 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for gnome-online-accounts, gvfs fixes the following issues: Changes for gvfs: Update gvfs to 1.59.90: * CVE-2026-28295: information disclosure when processing untrusted PASV responses from FTP servers (bsc#1258953). * CVE-2026-28296: arbitrary FTP command injection due to unsanitized CRLF sequences in user supplied file paths (bsc#1258954). Changelog: Update to version 1.59.90: * client: Fix use-after-free when creating async proxy failed * udisks2: Emit changed signals from update_all() * daemon: Fix race on subscribers list when on thread * ftp: Validate fe_size when parsing symlink target * ftp: Check localtime() return value before use * gphoto2: Use g_try_realloc() instead of g_realloc() * cdda: Reject path traversal in mount URI host * client: Fail when URI has invalid UTF-8 chars * udisks2: Fix memory corruption with duplicate mount paths * build: Update GOA dependency to > 3.57.0 * Some other fixes * ftp: Use control connection address for PASV data. * ftp: Reject paths containing CR/LF characters Update to version 1.59.1: * mtp: replace Android extension checks with capability checks * dav: Add X-OC-Mtime header on push to preserve last modified time * udisks2: Use hash tables in the volume monitor to improve performance * onedrive: Check for identity instead of presentation identity * build: Disable google option and mark as deprecated Update to version 1.58.2: * ftp: Use control connection address for PASV data * ftp: Reject paths containing CR/LF characters Update to version 1.58.1: * cdda: Fix duration of last track for some media * build: Fix build when google option is disabled * Fix various memory leaks * Updated translations. Update to version 1.58.0: * mtp: Allow cancelling ongoing folder enumerations * wsdd: Use socket-activated service if available * onedrive: Set emblem for remote data * fix: Add file rename support in MTP backend move operation * mtp: Fix -Wmaybe-uninitialized warning in pad_file * fuse: use fuse_(un)set_feature_flag for libfuse 3.17+ * smbbrowse: Purge server cache for next auth try * metatree: Open files with O_CLOEXEC * cdda: Fix incorrect track duration for 99-track CDs * metadata: Fix journal file permissions inconsistency * dav: recognize 308 Permanent Redirect Changes for gnome-online-accounts: Update to version 3.58.0: * SMTP server without password cannot be configured * Remove unneeded SMTP password escaping * build: Disable google provider Files feature * MS365: Fix mail address and name * Google: Set mail name to presentation identity * Updated translations. Update to version 3.57.1: * Default Microsoft 365 client is unverified * Microsoft 365: Make use of email for id * goadaemon: Allow manage system notifications * goamsgraphprovider: bump credentials generation * goaprovider: Allow to disable, instead of enable, selected providers Changes from version 3.57.0: * Support for saving a Kerberos password to the keychain after the first login * changing expired kerberos password is not supported. * Provided Files URI does not override undiscovered endpoint * DAV client rejects 204 status in OPTIONS request handler * Include emblem-default-symbolic.svg * Connecting a Runbox CardDAV/CalDAV account hangs/freezes after sign in * i81n: fix translatable string * goaimapsmptprovider: fix accounts without SMTP or authentication-less SMTP * build: only install icons for the goabackend build * build: don't require goabackend to build documentation * ci: test the build without gtk4 * DAV-client: Added short path for SOGo Update to version 3.56.4: * Bugs fixed: * Unclear which part of "IMAP+SMTP" account test failed * Adding nextcloud account which has a subfolder does not work * goadaemon: Handle broken account configs Update to version 3.56.3: * Add DAV detection and configuration for SOGo * DAV discovery fails when certain SRV lookups fail Update to version 3.56.1: * Support for saving a Kerberos password after the first login * Changing expired kerberos password is not supported * Provided Files URI does not override undiscovered endpoint * DAV client rejects 204 status in OPTIONS request handler Update to version 3.56.0: * Code style and logging cleanups * Updated translations Update to version 3.55.2: * goaoauth2provider: improve error handling for auth/token endpoints Update to version 3.55.1: * Support Webflow authentication for Nextcloud * Rename dconf key in gnome-online-accounts settings * "Account Name" GUI field is a bit ambiguous * Failed to generate a new POT file for the user interface of "gnome-online- accounts" (domain: "po") and some missing files from POTFILES.in Update to version 3.55.0: * Add progress spinner for OAuth2 dialogs * Remove Windows Live! option * Improve goa_oauth2_provider_ensure_credentials_sync * Authentication failure in goa IMAP accounts * Missing files from POTFILES.in * WebDAV not detected for mail.ru * goaoauth2provider: fix task chaining for subclasses * Always lowercase domains when looking up base * goadavclient: check Nextcloud fallback last * goabackend: add a composite widget for authflow links * goadavclient: fix the mailbox.org preconfig Update to version 3.54.5: * Adding GOA account fails with sonic.net IMAP service * Cannot add a ProtonMail bridge with IMAP + TLS * Nextcloud login does not work anymore due to OPTIONS /login request * Linked online accounts no longer work * Invalid URI when adding Google account * goamsgraphprovider: ensure a valid PresentationIdentity * goadaemon: complete GTasks to avoid a scary debug warning ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-469=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * gvfs-debuginfo-1.59.90-160000.1.1 * gvfs-fuse-debuginfo-1.59.90-160000.1.1 * gnome-online-accounts-debuginfo-3.58.0-160000.1.1 * gvfs-debugsource-1.59.90-160000.1.1 * typelib-1_0-Goa-1_0-3.58.0-160000.1.1 * gvfs-backends-1.59.90-160000.1.1 * gvfs-fuse-1.59.90-160000.1.1 * gnome-online-accounts-debugsource-3.58.0-160000.1.1 * libgoa-backend-1_0-2-3.58.0-160000.1.1 * libgoa-backend-1_0-2-debuginfo-3.58.0-160000.1.1 * gvfs-1.59.90-160000.1.1 * gvfs-backends-debuginfo-1.59.90-160000.1.1 * libgoa-1_0-0-3.58.0-160000.1.1 * libgoa-1_0-0-debuginfo-3.58.0-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * gvfs-lang-1.59.90-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28295.html * https://www.suse.com/security/cve/CVE-2026-28296.html * https://bugzilla.suse.com/show_bug.cgi?id=1258953 * https://bugzilla.suse.com/show_bug.cgi?id=1258954 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:49 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:30:49 -0000 Subject: SUSE-RU-2026:20987-1: moderate: Recommended update for kernel-firmware-amdgpu Message-ID: <177575224907.22761.7744810008641871288@7334c935c7bb> # Recommended update for kernel-firmware-amdgpu Announcement ID: SUSE-RU-2026:20987-1 Release Date: 2026-03-31T09:06:53Z Rating: moderate References: Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that can now be installed. ## Description: This update for kernel-firmware-amdgpu fixes the following issues: Update to version 20251203 (git commit a0f0e52138e5): * Revert "amdgpu: update GC 11.5.0 firmware" Update to version 20251201 (git commit 934bfe7e1e27): * Reapply "amdgpu: update SMU 14.0.3 firmware" * Revert "amdgpu: update SMU 14.0.3 firmware" * Revert "amdgpu: update GC 10.3.6 firmware" * Revert "amdgpu: update GC 11.5.1 firmware" Update to version 20251125 (git commit 23568a4b9420): * Revert "amdgpu: update GC 11.0.1 firmware" Update to version 20251121 (git commit ff6418d18552): * amdgpu: DMCUB updates for various ASICs Update to version 20251119 (git commit fe13aa9b9830): * amdgpu: update vega20 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update vangogh firmware * amdgpu: update renoir firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update GC 10.3.6 firmware * amdgpu: update VCN 5.0.0 firmware * amdgpu: update SMU 14.0.3 firmware * amdgpu: update PSP 14.0.3 firmware * amdgpu: update GC 12.0.1 firmware * amdgpu: update SMU 14.0.2 firmware * amdgpu: update PSP 14.0.2 firmware * amdgpu: update GC 12.0.0 firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update smu 13.0.7 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update SDMA 6.0.3 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update smu 13.0.0 kicker firmware * amdgpu: update PSP 13.0.0 kicker firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update SMU 13.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update navy flounder firmware * amdgpu: update sienna cichlid firmware * amdgpu: update navi14 firmware * amdgpu: update navi12 firmware * amdgpu: update navi10 firmware * amdgpu: update VCN 5.0.1 firmware * amdgpu: update PSP 13.0.12 firmware * amdgpu: update GC 9.5.0 firmware * amdgpu: update PSP 13.0.14 firmware * amdgpu: update GC 9.4.4 firmware * amdgpu: update PSP 14.0.5 firmware * amdgpu: update GC 11.5.3 firmware * amdgpu: update PSP 14.0.4 firmware * amdgpu: update GC 11.5.2 firmware * amdgpu: update green sardine firmware * amdgpu: update VCN 4.0.3 firmware * amdgpu: update SDMA 4.4.2 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update beige goby firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update aldebaran firmware * amdgpu: add vce1 firmware Update to version 20251107 (git commit b918d0b3cb97): * amdgpu: DMCUB updates for various ASICs Update to version 20251031 (git commit 04b323bb64f9): * amdgpu: DMCUB updates for various ASICs Update to version 20251024 (git commit 9b899c779b8a): * amdgpu: DMCUB updates for various ASICs * amdgpu: DMCUB updates for various ASICs Update to version 20251004 (git commit 757854f42d83): * amdgpu: DMCUB updates for various ASICs * Update VCN for Navi1x, Green Sardine and Renoir Update to version 20250926 (git commit fad361e997ee): * amdgpu: DMCUB updates for various ASICs * Revert "amdgpu: update gc 10.3.6 firmware" Update to version 20250919 (git commit 493de17dee99): * amdgpu: DMCUB updates for various ASICs Update to version 20250916 (git commit add225168d0d): * amdgpu: update PSP 14.0.3 kicker firmware * amdgpu: update vega20 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update vangogh firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update VPE 6.1.0 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update renoir firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update GC 10.3.6 firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update VCN 5.0.0 firmware * amdgpu: update PSP 14.0.3 firmware * amdgpu: update GC 12.0.1 firmware * amdgpu: update SMU 14.0.2 firmware * amdgpu: update PSP 14.0.2 firmware * amdgpu: update GC 12.0.0 firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update SMU 13.0.0 kicker firmware * amdgpu: update PSP 13.0.0 kicker firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update SDMA 6.0.0 firmware * amdgpu: update SMU 13.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update beige goby firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update navy flounder firmware * amdgpu: update sienna cichlid firmware * amdgpu: update navi14 firmware * amdgpu: update navi12 firmware * amdgpu: update navi10 firmware * amdgpu: update VCN 5.0.1 firmware * amdgpu: update PSP 13.0.12 firmware * amdgpu: update GC 9.5.0 firmware * amdgpu: update PSP 13.0.14 firmware * amdgpu: update GC 9.4.4 firmware * amdgpu: update SDMA 6.1.3 firmware * amdgpu: update PSP 14.0.5 firmware * amdgpu: update GC 11.5.3 firmware * amdgpu: update VPE 6.1.3 firmware * amdgpu: update PSP 14.0.4 firmware * amdgpu: update GC 11.5.2 firmware * amdgpu: update green sardine firmware * amdgpu: update VCN 4.0.3 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware Update to version 20250912 (git commit 46730bc6b999): * amdgpu: DMCUB updates for various ASICs Update to version 20250825 (git commit f044bc789f8e): * amdgpu: Update ISP FW for isp v4.1.1 * amdgpu: DMCUB updates for various ASICs Update to version 20250815 (git commit 07ed893df57c): * amdgpu: DMCUB updates for various ASICs Update to version 20250811 (git commit 08ee93ff8ffa): * amdgpu: DMCUB updates for various ASICs Update to version 20250808 (git commit 8f1ce114de6c): * amdgpu: update renoir firmware * amdgpu: add SMU 14.0.3 kicker firmware * amdgpu: add PSP 14.0.3 firmware * amdgpu: add GC 12.0.1 kicker firmware * amdgpu: update navy flounder firmware * amdgpu: update SDMA 6.1.2 firmware * amdgpu: update PSP 14.0.4 firmware * amdgpu: update GC 11.5.2 firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 5.0.0 firmware * amdgpu: update SDMA 7.0.1 firmware * amdgpu: update PSP 14.0.3 firmware * amdgpu: update GC 12.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update vega20 firmware * amdgpu: update SDMA 7.0.0 firmware * amdgpu: update PSP 14.0.2 firmware * amdgpu: update GC 12.0.0 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update GC 10.3.6 firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update SDMA 6.0.2 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update navi14 firmware * amdgpu: update SDMA 6.0.3 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update navi12 firmware * amdgpu: update vangogh firmware * amdgpu: update navi10 firmware * amdgpu: update PSP 13.0.0 kicker firmware * amdgpu: update VCN 5.0.1 firmware * amdgpu: update PSP 13.0.12 firmware * amdgpu: update GC 9.5.0 firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update SDMA 6.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update PSP 13.0.14 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update vpe 6.1.1 firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update SDMA 6.1.1 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update beige goby firmware * amdgpu: update PSP 13.0.8 firmware * amdgpu: update GC 10.3.7 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update SDMA 6.0.1 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update dimgrey_cavefish firmware * amdgpu: update aldebaran firmware Update to version 20250805 (git commit b6b0b15278c7): * amdgpu: Update GCN 4.0.5 microcode * amdgpu: Update SDMA 6.1.0 microcode * amdgpu: Update GC 11.5.0 microcode Update to version 20250725 (git commit 4bb152fb4405): * amdgpu: update dmcub fw for dcn314 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-468=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * kernel-firmware-amdgpu-20251203-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:52 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:30:52 -0000 Subject: SUSE-SU-2026:20986-1: important: Security update for postgresql13 Message-ID: <177575225297.22761.4633669076947995406@7334c935c7bb> # Security update for postgresql13 Announcement ID: SUSE-SU-2026:20986-1 Release Date: 2026-03-30T15:14:07Z Rating: important References: * bsc#1253332 * bsc#1253333 Cross-References: * CVE-2025-12817 * CVE-2025-12818 CVSS scores: * CVE-2025-12817 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-12817 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-12817 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-12818 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-12818 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-12818 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for postgresql13 fixes the following issues: Security fixes: * CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts (bsc#1253332) * CVE-2025-12818: Fixed several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer (bsc#1253333) Other fixes: * Update to 13.23 * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/13.23 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-467=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * postgresql13-pltcl-13.23-160000.1.1 * postgresql13-server-devel-13.23-160000.1.1 * postgresql13-13.23-160000.1.1 * postgresql13-devel-debuginfo-13.23-160000.1.1 * postgresql13-contrib-debuginfo-13.23-160000.1.1 * postgresql13-devel-13.23-160000.1.1 * postgresql13-plpython-13.23-160000.1.1 * postgresql13-server-13.23-160000.1.1 * postgresql13-server-debuginfo-13.23-160000.1.1 * postgresql13-server-devel-debuginfo-13.23-160000.1.1 * postgresql13-plpython-debuginfo-13.23-160000.1.1 * postgresql13-plperl-13.23-160000.1.1 * postgresql13-contrib-13.23-160000.1.1 * postgresql13-pltcl-debuginfo-13.23-160000.1.1 * postgresql13-debugsource-13.23-160000.1.1 * postgresql13-plperl-debuginfo-13.23-160000.1.1 * postgresql13-debuginfo-13.23-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * postgresql13-docs-13.23-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12817.html * https://www.suse.com/security/cve/CVE-2025-12818.html * https://bugzilla.suse.com/show_bug.cgi?id=1253332 * https://bugzilla.suse.com/show_bug.cgi?id=1253333 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:30:58 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:30:58 -0000 Subject: SUSE-SU-2026:20985-1: important: Security update for expat Message-ID: <177575225848.22761.2392653959521043183@7334c935c7bb> # Security update for expat Announcement ID: SUSE-SU-2026:20985-1 Release Date: 2026-03-30T14:59:16Z Rating: important References: * bsc#1259711 * bsc#1259726 * bsc#1259729 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). * CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). * CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-466=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-160000.5.1 * expat-2.7.1-160000.5.1 * libexpat-devel-2.7.1-160000.5.1 * expat-debuginfo-2.7.1-160000.5.1 * libexpat1-2.7.1-160000.5.1 * libexpat1-debuginfo-2.7.1-160000.5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259711 * https://bugzilla.suse.com/show_bug.cgi?id=1259726 * https://bugzilla.suse.com/show_bug.cgi?id=1259729 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:04 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:31:04 -0000 Subject: SUSE-SU-2026:20984-1: moderate: Security update for gnutls Message-ID: <177575226483.22761.339697077154241544@7334c935c7bb> # Security update for gnutls Announcement ID: SUSE-SU-2026:20984-1 Release Date: 2026-03-30T14:36:07Z Rating: moderate References: * bsc#1254132 * bsc#1257960 * bsc#1258083 * jsc#PED-15752 * jsc#PED-15753 Cross-References: * CVE-2025-14831 * CVE-2025-9820 CVSS scores: * CVE-2025-14831 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-14831 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-14831 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-9820 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-9820 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves two vulnerabilities, contains two features and has one fix can now be installed. ## Description: This update for gnutls fixes the following issues: * CVE-2025-14831: Fixed DoS via excessive resource consumption during certificate verification. (bsc#1257960) * CVE-2025-9820: Fixed a buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) * Add the functionality to allow to specify the hash algorithm for the PSK. This fixes a bug in the current implementation where the binder is always calculated with SHA256. (bsc#1258083, jsc#PED-15752, jsc#PED-15753) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-464=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * gnutls-debugsource-3.8.10-160000.2.1 * libgnutls-devel-3.8.10-160000.2.1 * libgnutls30-3.8.10-160000.2.1 * gnutls-3.8.10-160000.2.1 * libgnutlsxx-devel-3.8.10-160000.2.1 * libgnutlsxx30-debuginfo-3.8.10-160000.2.1 * libgnutls30-debuginfo-3.8.10-160000.2.1 * gnutls-debuginfo-3.8.10-160000.2.1 * libgnutlsxx30-3.8.10-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14831.html * https://www.suse.com/security/cve/CVE-2025-9820.html * https://bugzilla.suse.com/show_bug.cgi?id=1254132 * https://bugzilla.suse.com/show_bug.cgi?id=1257960 * https://bugzilla.suse.com/show_bug.cgi?id=1258083 * https://jira.suse.com/browse/PED-15752 * https://jira.suse.com/browse/PED-15753 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:12 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:31:12 -0000 Subject: SUSE-SU-2026:20983-1: important: Security update for postgresql16 Message-ID: <177575227276.22761.11937169804296196148@7334c935c7bb> # Security update for postgresql16 Announcement ID: SUSE-SU-2026:20983-1 Release Date: 2026-03-30T14:27:44Z Rating: important References: * bsc#1258008 * bsc#1258009 * bsc#1258010 * bsc#1258011 * bsc#1258754 Cross-References: * CVE-2026-2003 * CVE-2026-2004 * CVE-2026-2005 * CVE-2026-2006 CVSS scores: * CVE-2026-2003 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2003 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2004 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2004 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2005 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2005 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2006 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-2006 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves four vulnerabilities and has one fix can now be installed. ## Description: This update for postgresql16 fixes the following issues: * Update to versio 16.13. (bsc#1258754) * CVE-2026-2003: Guard against unexpected dimensions of oidvector/int2vector (bsc#1258008) * CVE-2026-2004: Harden selectivity estimators against being attached to operators that accept unexpected data types. (bsc#1258009) * CVE-2026-2005: Fix buffer overrun in contrib/pgcrypto's PGP decryption functions. (bsc#1258010) * CVE-2026-2006: Fix inadequate validation of multibyte character lengths. (bsc#1258011) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-465=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * postgresql16-16.13-160000.1.1 * postgresql16-plperl-16.13-160000.1.1 * postgresql16-server-16.13-160000.1.1 * postgresql16-contrib-debuginfo-16.13-160000.1.1 * postgresql16-server-devel-16.13-160000.1.1 * postgresql16-debugsource-16.13-160000.1.1 * postgresql16-contrib-16.13-160000.1.1 * postgresql16-pltcl-debuginfo-16.13-160000.1.1 * postgresql16-server-debuginfo-16.13-160000.1.1 * postgresql16-devel-debuginfo-16.13-160000.1.1 * postgresql16-plpython-16.13-160000.1.1 * postgresql16-plpython-debuginfo-16.13-160000.1.1 * postgresql16-pltcl-16.13-160000.1.1 * postgresql16-plperl-debuginfo-16.13-160000.1.1 * postgresql16-debuginfo-16.13-160000.1.1 * postgresql16-server-devel-debuginfo-16.13-160000.1.1 * postgresql16-devel-16.13-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * postgresql16-docs-16.13-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2003.html * https://www.suse.com/security/cve/CVE-2026-2004.html * https://www.suse.com/security/cve/CVE-2026-2005.html * https://www.suse.com/security/cve/CVE-2026-2006.html * https://bugzilla.suse.com/show_bug.cgi?id=1258008 * https://bugzilla.suse.com/show_bug.cgi?id=1258009 * https://bugzilla.suse.com/show_bug.cgi?id=1258010 * https://bugzilla.suse.com/show_bug.cgi?id=1258011 * https://bugzilla.suse.com/show_bug.cgi?id=1258754 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:22 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:31:22 -0000 Subject: SUSE-SU-2026:20982-1: important: Security update for tomcat10 Message-ID: <177575228289.22761.13833409611073949915@7334c935c7bb> # Security update for tomcat10 Announcement ID: SUSE-SU-2026:20982-1 Release Date: 2026-03-30T08:14:01Z Rating: important References: * bsc#1252753 * bsc#1252756 * bsc#1252905 * bsc#1253460 * bsc#1258371 * bsc#1258385 * bsc#1258387 Cross-References: * CVE-2025-55752 * CVE-2025-55754 * CVE-2025-61795 * CVE-2025-66614 * CVE-2026-24733 * CVE-2026-24734 CVSS scores: * CVE-2025-55752 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-55752 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-55752 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-55754 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-55754 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2025-55754 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-61795 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-61795 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61795 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-66614 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-66614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-66614 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-66614 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2026-24733 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-24733 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-24733 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-24733 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-24734 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-24734 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-24734 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves six vulnerabilities and has one fix can now be installed. ## Description: This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.52: * CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753). * CVE-2025-55754: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905). * CVE-2025-61795: temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756). * CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371). * CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385). * CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387). Changelog: * Fix: 69623: Additional fix for the long standing regression that meant that calls to ClassLoader.getResource().getContent() failed when made from within a web application with resource caching enabled if the target resource was packaged in a JAR file. (markt) * Fix: Pull request #923: Avoid adding multiple CSRF tokens to a URL in the CsrfPreventionFilter. (schultz) * Fix: 69918: Ensure request parameters are correctly parsed for HTTP/2 requests when the content-length header is not set. (dsoumis) * Update: Enable minimum and recommended Tomcat Native versions to be set separately for Tomcat Native 1.x and 2.x. Update the minimum and recommended versions for Tomcat Native 1.x to 1.3.4. Update the minimum and recommended versions for Tomcat Native 2.x to 2.0.12. (markt) * Add: Add a new ssoReauthenticationMode to the Tomcat provided Authenticators that provides a per Authenticator override of the SSO Valve requireReauthentication attribute. (markt) * Fix: Ensure URL encoding errors in the Rewrite Valve trigger an exception rather than silently using a replacement character. (markt) * Fix: 69932: Fix request end access log pattern regression, which would log the start time of the request instead. (remm) * Fix: 69871: Increase log level to INFO for missing configuration for the rewrite valve. (remm) * Fix: Add log warnings for additional Host appBase suspicious values. (remm) * Fix: Remove hard dependency on tomcat-jni.jar for catalina.jar. org.apache.catalina.Connector no longer requires org.apache.tomcat.jni.AprStatus to be present. (markt) * Add: Add the ability to use a custom function to generate the client identifier in the CrawlerSessionManagerValve. This is only available programmatically. Pull request #902 by Brian Matzon. (markt) * Fix: Change the SSO reauthentication behaviour for SPNEGO authentication so that a normal SPNEGO authentication is performed if the SSL Valve is configured with reauthentication enabled. This is so that the delegated credentials will be available to the web application. (markt) * Fix: When generating the class path in the Loader, re-order the check on individual class path components to avoid a potential NullPointerException. Identified by Coverity Scan. (markt) * Fix: Fix SSL socket factory configuration in the JNDI realm. Based on pull request #915 by Joshua Rogers. (remm) * Update: Add an attribute, digestInRfc3112Order, to MessageDigestCredentialHandler to control the order in which the credential and salt are digested. By default, the current, non-RFC 3112 compliant, order of salt then credential will be used. This default will change in Tomcat 12 to the RFC 3112 compliant order of credential then salt. (markt) * Fix: Log warnings when the SSO configuration does not comply with the documentation. (remm) * Update: Deprecate the RemoteAddrFilter and RemoteAddrValve in favour of the RemoteCIDRFilter and RemoteCIDRValve. (markt) * Fix: 69837: Fix corruption of the class path generated by the Loader when running on Windows. (markt) * Fix: Reject requests that map to invalid Windows file names earlier. (markt) * Fix: 69839: Ensure that changes to session IDs (typically after authentication) are promulgated to the SSO Valve to ensure that SSO entries are fully clean-up on session expiration. Patch provided by Kim Johan Andersson. (markt) * Fix: Fix a race condition in the creation of the storage location for the FileStore. (markt) * Cluster * Add: 62814: Document that human-readable names may be used for mapSendOptions and align documentation with channelSendOptions. Based on pull request #929 by archan0621. (markt) * Clustering * Fix: Correct a regression introduced in 10.1.45 that broke some clustering configurations. (markt) * Coyote * Fix: 69936: Fix bug in previous fix for Tomcat Native crashes on shutdown that triggered a significant memory leak. Patch provided by Wes. (markt) * Fix: Avoid possible NPEs when using a TLS enabled custom connector. (remm) * Fix: Improve warnings when setting ciphers lists in the FFM code, mirroring the tomcat-native changes. (remm) * Fix: 69910: Dereference TLS objects right after closing a socket to improve memory efficiency. (remm) * Fix: Relax the JSSE vs OpenSSL configuration style checks on SSLHostConfig to reflect the existing implementation that allows one configuration style to be used for the trust attributes and a different style for all the other attributes. (markt) * Fix: Better warning message when OpenSSLConf configuration elements are used with a JSSE TLS implementation. (markt) * Fix: When using OpenSSL via FFM, don't log a warning about missing CA certificates unless CA certificates were configured and the configuration failed. (markt) * Add: For configuration consistency between OpenSSL and JSSE TLS implementations, TLSv1.3 cipher suites included in the ciphers attribute of an SSLHostConfig are now always ignored (previously they would be ignored with OpenSSL implementations and used with JSSE implementations) and a warning is logged that the cipher suite has been ignored. (markt) * Add: Add the ciphersuite attribute to SSLHostConfig to configure the TLSv1.3 cipher suites. (markt) * Add: Add OCSP support to JSSE based TLS connectors and make the use of OCSP configurable per connector for both JSSE and OpenSSL based TLS implementations. Align the checks performed by OpenSSL with those performed by JSSE. (markt) * Add: Add support for soft failure of OCSP checks with soft failure support disabled by default. (markt) * Add: Add support for configuring the verification flags passed to OCSP_basic_verify when using an OpenSSL based TLS implementation. (markt) * Fix: Fix OpenSSL FFM code compatibility with LibreSSL versions below 3.5. * Fix: Prevent concurrent release of OpenSSLEngine resources and the termination of the Tomcat Native library as it can cause crashes during Tomcat shutdown. (markt) * Fix: Don't log an incorrect certificate KeyStore location when creating a TLS connector if the KeyStore instance has been set directly on the connector. (markt) * Fix: HTTP/0.9 only allows GET as the HTTP method. (remm) * Add: Add strictSni attribute on the Connector to allow matching the SSLHostConfig configuration associated with the SNI host name to the SSLHostConfig configuration matched from the HTTP protocol host name. Non matching configurations will cause the request to be rejected. The attribute default value is true, enabling the matching. (remm) * Fix: Graceful failure for OCSP on BoringSSL in the FFM code. (remm) * Fix: Fix use of deferAccept attribute in JMX, since it is normally only removed in Tomcat 11. (remm) * Fix: 69866: Fix a memory leak when using a trust store with the OpenSSL provider. Pull request #912 by aogburn. (markt) * Fix: Fix potential crash on shutdown when a Connector depends on the Tomcat Native library. (markt) * Fix: Fix AJP message length check. Pull request #916 by Joshua Rogers. * Fix: 69848: Fix copy/paste errors in 10.1.47 that meant DELETE requests received via the AJP connector were processed as OPTIONS requests and PROPFIND requests were processed as TRACE. (markt) * Fix: Various OCSP processing issues in the OpenSSL FFM code. (dsoumis) * General * Add: Add test.silent property to suppress JUnit console output during test execution. Useful for cleaner console output when running tests with multiple threads. (csutherl) * Jasper * Fix: 69333: Correct a regression in the previous fix for 69333 and ensure that reuse() or release() is always called for a tag. (markt) * Fix: 69877: Catch IllegalArgumentException when processing URIs when creating the classpath to handle invalid URIs. (remm) * Fix: Fix populating the classpath with the webapp classloader repositories. (remm) * Fix: 69862: Avoid NPE unwrapping Servlet exception which would hide some exception details. Patch submitted by Eric Blanquer. (remm) * Jdbc-pool * Fix: 64083: If the underlying connection has been closed, don't add it to the pool when it is returned. Pull request #235 by Alex Panchenko. (markt) * Web applications * Fix: Manager: Fix abrupt truncation of the HTML and JSON complete server status output if one or more of the web applications failed to start. (schultz) * Add: Manager: Include web application state in the HTML and JSON complete server status output. (markt) * Add: Documentation: Expand the documentation to better explain when OCSP is supported and when it is not. (markt) * Websocket * Fix: 69920: When attempting to write to a closed Writer or OutputStream obtained from a WebSocket session, throw an IOException rather than an IllegalStateExcpetion as required by Writer and strongly suggested by OutputStream. (markt) * Fix: 69845: When using permessage-deflate with Java 25 onwards, handle the underlying Inflater and/or Deflater throwing IllegalStateException when closed rather than NullPointerException as they do in Java 24 and earlier. * Other * Update: Update the internal fork of Commons Pool to 2.13.1. (markt) * Update: Update the internal fork of Commons DBCP to 2.14.0. (markt) * Update: Update Commons Daemon to 1.5.1. (markt) * Update: Update ByteBuddy to 1.18.3. (markt) * Update: Update UnboundID to 7.0.4. (markt) * Update: Update Checkstyle to 12.3.1. (markt) * Add: Improvements to French translations. (markt) * Add: Improvements to Japanese translations provided by tak7iji. (markt) * Add: Improvements to Chinese translations provided by Yang. vincent.h and yong hu. (markt) * Update: Update Tomcat Native to 2.0.12. (markt) * Add: Add property "gpg.sign.files" to optionally disable release artefact signing with GPG. (rjung) * Add: Add test profile system for selective test execution. Profiles can be specified via -Dtest.profile= to run specific test subsets without using patterns directly. Profile patterns are defined in test- profiles.properties. (csutherl) * Update: Update file extension to media type mappings to align with the current list used by the Apache Web Server (httpd). (markt) * Update: Update the packaged version of the Tomcat Migration Tool for Jakarta EE to 1.0.10. (markt) * Update: Update Commons Daemon to 1.5.0. (markt) * Update: Update Byte Buddy to 1.18.2. (markt) * Update: Update Checkstyle to 12.2.0. (markt) * Add: Improvements to Spanish translations provided by White Vogel. (markt) * Add: Improvements to French translations. (remm) * Update: Update the internal fork of Apache Commons BCEL to 6.11.0. (markt) * Update: Update to Byte Buddy 1.17.8. (markt) * Update: Update to Checkstyle 12.1.1. (markt) * Update: Update to Jacoco 0.8.14. (markt) * Update: Update to SpotBugs 4.9.8. (markt) * Update: Update to JSign 7.4. (markt) * Update: Update Maven Resolver Ant Tasks to 1.6.0. (rjung) Update to Tomcat 10.1.48: * Update: Deprecate the RemoteAddrFilter and RemoteAddValve in favour of the RemoteCIDRFilter and RemoteCIDRValve. (markt) * Fix: HTTP methods are case-sensitive so always use case sensitive comparisons when comparing HTTP methods. (markt) * Fix: 69814: Ensure that HttpSession.isNew() returns false once the client has joined the session. (markt) * Fix: Further performance improvements for ParameterMap. (jengebr/markt) * Code: Refactor access log time stamps to be based on the Instant request processing starts. (markt) * Fix: Fix a case-sensitivity issue in the trailer header allow list. * Fix: Be proactive in cleaning up temporary files after a failed multi-part upload rather than waiting for GC to do it. (markt) * Update: Change the digest used to calculate strong ETags (if enabled) for the default Servlet from SHA-1 to SHA-256 to align with the recommendation in RFC 9110 that hash functions used to generate strong ETags should be collision resistant. (markt) * Fix: Correct a regression in the fix for 69781 that broke FileStore. * Code: Remove a number of unnecessary packages from the catalina- deployer.jar. (markt) * Fix: 69781: Fix concurrent access issues in the session FileStore implementation that were causing lost sessions when the store was used with the PersistentValve. Based on pull request #882 by Aaron Ogburn. * Fix: Fix handling of QSA and QSD flags in RewriteValve. (markt) * Fix: Prevent the channel configuration (sender, receiver, membership service) from being changed unless the channel is fully stopped. (markt) * Fix: Handle spurious wake-ups during leader election for NonBlockingCoordinator. (markt) * Fix: Handle spurious wake-ups during sending of messages by RpcChannel. * Update: Add specific certificate selection code for TLS 1.3 supporting post quantum cryptography. Certificates defined with type MLDSA will be selected depending on the TLS client hello. (remm) * Update: Add groups attribute on SSLHostConfig allowing to restrict which groups can be enabled on the SSL engine. (remm) * Add: Optimize the conversion of HTTP method from byte form to String form. * Fix: Store HTTP request headers using the original case for the header name rather than forcing it to lower case. (markt) * Update: Add hybrid PQC support to OpenSSL, based on code from mod_ssl. Using this OpenSSL specific code path, additional PQC certificates defined with type MLDSA are added to contexts which use classic certificates. (jfclere/remm) * Fix: Ensure keys are handed out to OpenSSL even if PEMFile fails to process it, with appropriate logging. (remm) * Fix: Add new ML-DSA key algorithm to PEMFile and improve reporting when reading a key fails. (remm) * Fix: Fix possible early timeouts for network operations caused by a spurious wake-up of a waiting thread. Found by Coverity Scan. (markt) * Fix: Documentation. Clarify the purpose of the maxPostSize attribute of the Connector element. (markt) * Fix: Avoid NPE in manager webapp displaying certificate information. * Update: Update Byte Buddy to 1.17.7. (markt) * Update: Update Checkstyle to 11.1.0. (markt) * Update: Update SpotBugs to 4.9.6. (markt) * Update: Update Jsign to 7.2. (markt) * Add: Improvements to Russian translations provided by usmazat. (markt) * Update: Minor refactoring in JULI loggers. Patch provided by minjund. * Code: Review logging and include the full stack trace and exception message by default rather then just the exception message when logging an error or warning in response to an exception. (markt) * Add: Add escaping to log formatters to align with JSON formatter. (markt) * Update: Update Checkstyle to 11.0.0. (markt) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-462=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * tomcat10-admin-webapps-10.1.52-160000.1.1 * tomcat10-jsvc-10.1.52-160000.1.1 * tomcat10-webapps-10.1.52-160000.1.1 * tomcat10-lib-10.1.52-160000.1.1 * tomcat10-10.1.52-160000.1.1 * tomcat10-servlet-6_0-api-10.1.52-160000.1.1 * tomcat10-doc-10.1.52-160000.1.1 * tomcat10-jsp-3_1-api-10.1.52-160000.1.1 * tomcat10-docs-webapp-10.1.52-160000.1.1 * tomcat10-embed-10.1.52-160000.1.1 * tomcat10-el-5_0-api-10.1.52-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-55752.html * https://www.suse.com/security/cve/CVE-2025-55754.html * https://www.suse.com/security/cve/CVE-2025-61795.html * https://www.suse.com/security/cve/CVE-2025-66614.html * https://www.suse.com/security/cve/CVE-2026-24733.html * https://www.suse.com/security/cve/CVE-2026-24734.html * https://bugzilla.suse.com/show_bug.cgi?id=1252753 * https://bugzilla.suse.com/show_bug.cgi?id=1252756 * https://bugzilla.suse.com/show_bug.cgi?id=1252905 * https://bugzilla.suse.com/show_bug.cgi?id=1253460 * https://bugzilla.suse.com/show_bug.cgi?id=1258371 * https://bugzilla.suse.com/show_bug.cgi?id=1258385 * https://bugzilla.suse.com/show_bug.cgi?id=1258387 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:24 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:31:24 -0000 Subject: SUSE-OU-2026:20981-1: moderate: Optional update for python-pytoml, python-tox Message-ID: <177575228427.22761.16126952598834540492@7334c935c7bb> # Optional update for python-pytoml, python-tox Announcement ID: SUSE-OU-2026:20981-1 Release Date: 2026-03-30T08:13:10Z Rating: moderate References: * jsc#PED-15147 Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that contains one feature can now be installed. ## Description: This update for python-pytoml, python-tox fixes the following issues: This update ships python-pytoml and python-tox packages. (jsc#PED-15147) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-461=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * python313-pytoml-0.1.21-160000.1.1 * python313-tox-4.25.0-160000.1.1 ## References: * https://jira.suse.com/browse/PED-15147 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:25 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:31:25 -0000 Subject: SUSE-RU-2026:20980-1: moderate: Recommended update for aliyun-cli Message-ID: <177575228533.22761.13517313216606436300@7334c935c7bb> # Recommended update for aliyun-cli Announcement ID: SUSE-RU-2026:20980-1 Release Date: 2026-03-30T08:13:10Z Rating: moderate References: * jsc#PED-13767 Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that contains one feature can now be installed. ## Description: This update for aliyun-cli fixes the following issues: Ships aliyun-cli in version 3.1.5. (jsc#PED-13767) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-460=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 x86_64) * aliyun-cli-3.1.5-160000.1.1 * aliyun-cli-debuginfo-3.1.5-160000.1.1 ## References: * https://jira.suse.com/browse/PED-13767 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:26 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:31:26 -0000 Subject: SUSE-RU-2026:20979-1: moderate: Recommended update for plexus-pom, plexus-io, plexus-interactivity, plexus-compiler, plexus-archiver, modello, maven-surefire, maven-resolver, junit5, byte-buddy, sisu, xmlgraphics-commons, xmlgraphics-fop, apache-commons-io, plexus-testing, maven-shade-plugin, jdependency, maven-filtering, maven-resources-plugin Message-ID: <177575228684.22761.15476113568413302247@7334c935c7bb> # Recommended update for plexus-pom, plexus-io, plexus-interactivity, plexus- compiler, plexus-archiver, modello, maven-surefire, maven-resolver, junit5, byte-buddy, sisu, xmlgraphics-commons, xmlgraphics-fop, apache-commons-io, plexus-testing, maven-shade-plugin, jdependency, maven-filtering, maven- resources-plugin Announcement ID: SUSE-RU-2026:20979-1 Release Date: 2026-03-27T15:56:31Z Rating: moderate References: Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that can now be installed. ## Description: This update for plexus-pom, plexus-io, plexus-interactivity, plexus-compiler, plexus-archiver, modello, maven-surefire, maven-resolver, junit5, byte-buddy, sisu, xmlgraphics-commons, xmlgraphics-fop, apache-commons-io, plexus-testing, maven-shade-plugin, jdependency, maven-filtering, maven-resources-plugin fixes the following issues: Changes in plexus-pom: Upgrade to version 25 and 24 * New features and improvements * Configure njord publisher and releaseURL in pom * add Reproducible Central report Upgrade to version 23 and 22 * Breaking changes * Prepare for publishing via the Central Portal Upgrade to version 21 * New features and improvements * Add maven-dependency-plugin to pluginManagement * Align Spotless check/apply with Maven parent Upgrade to version 20 * New features and improvements * Enforce minimal Java version * Accept all line endings in spotless * Spotless plugin - format .md files * Apply formatting with spotless-plugin by default * Sync license header with ASF Upgrade to version 19 * Breaking changes * Remove org.apache.maven.plugin-tools:maven-plugin-annotations from dependencyManagement * New features and improvements * Use bestPractices for gpg plugin * Drop using passphrase for maven-gpg-plugin * Skip empty report for taglist-maven-plugin Upgrade to version 18 * New features and improvements * Skip empty surefire and pmd reports * Disable site descriptor publishing by child projects * Warning about usage of deprecated API by compiler * Maven compiler - disable annotation processing by default * Upgrade to version 17 * New features and improvements * Add default Specification and Implementation entries in jar manifest * Add maven-invoker-plugin to pluginManagement * Upgrade to version 16 * New features and improvements * Introduce minimalMavenBuildVersion property * Use default executor for m-release-p * Upgrade to version 15 * Bug Fixes * Update spotless plugin palantir dependency to 2.35.0 to work with Java 21 * Maintenance * Replace plexus-component-metadata plugin (deprecated) with Sisu Changes in plexus-io: Upgrade to version 3.6.0 * Maintenance * JUnit Jupiter best practices * Replace FileUtils.deleteDirectory(File) with JDK provided API * Close DeferredFileOutputStream to prevent FileNotFoundException on temp files * Handle IOException when retrieving file ownership on WSL2 network drives Changes in plexus-interactivity: Upgrade to version 1.5.1 * Maintenance * JUnit Jupiter best practices Changes in plexus-compiler: Upgrade to upstream release 2.16.2 * Bug Fixes * Fixed ConcurrentModificationException on compilerArguments Upgrade to upstream release 2.16.1 * Bug Fixes * Fix detecting java version for JDK 1.8 * # 420: fix detection of java version when JAVA_TOOL_OPTIONS is set Upgrade to upstream release 2.16.0 * New features and improvements * Added 3 MSVC csharp compiler options * Bump ErrorProne to 2.37.0 - requires Java 17 * Bug Fixes * Fix Zip Slip vulnerability in JAR extraction * Fixed wrong excludes management * Maintenance * Replace FileUtils.deleteDirectory(File) with JDK provided API * chore: remove junit3 references * Update Java version checks to include JDK 25 * Include JDK 24 in CI * Apply spotless re-formatting * Create codeql.yml * Pass tests with Java 22 and 23 Changes in plexus-archiver: Upgrade to upstream version 4.11.0 * New features and improvements * Replace PlexusIoZipFileResourceCollection with PlexusArchiverZipFileResourceCollection for non-JAR formats * Bug Fixes * Revert "Utilize VT if possible * Fix AbstractZipUnArchiver handling of zip entries with unspecified modification time * Fix AbstractArchiver.getFiles() to return forward slashes for ZIP-based archivers * Reduce heap usage in Zip archiver to prevent OutOfMemoryError in CI builds * Maintenance * Convert to Markdown and compare to Commons Compress * JUnit Jupiter best practices * Replace FileUtils.deleteDirectory(File) with JDK provided API Changes in modello: Upgrade to upstream version 2.6.0 * New features and improvements * Fix XSD generator to respect required field attribute * Give access to XmlModelMetadata from velocity helper * Fix multiplicity=1 for simple type associations in Reader/Writer generators * Bug Fixes * Fix Root class name conflict in JDOM writer generator Changes in maven-surefire: Upgrade to 3.5.5 * New features and improvements * Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) * Pass slf4j context to spawned thread * SUREFIRE-3239: allow override of statistics file checksum * Reduce log level for skipped tests result to info * Bug Fixes * Use PowerShell instead of WMIC for detecting zombie process on Windows. Please note if you are using Windows with Java 8 and not PowerShell you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4 * Properly work with test failures caused during beforeAll phase * Documentation updates * Clarify how late placeholder replacement (@{...}) deals with Changes in maven-resolver: Update to upstream version 1.9.27 * Bug Fixes * Sync TrackingFileManager with 2.x Update to upstream version 1.9.26 * New features and improvements * GH-1773: Treat 410 Gone as 404 Not Found * GH-1737: Revert partially parallel upload change * Bug Fixes * GH-1768; Drastically simplify auth caching * [1.9.x] Bug: GH-1703 Locally cached artifacts defy RRF * Documentation updates * Clarify that HTTP Transport uses Apache HTTP Client Changes in junit5: Update to upstream version 5.14.2 * Principal changes: * Introduce @ClassTemplate and @ParameterizedClass support in JUnit Jupiter * Access to ParameterInfo for JUnit Jupiter extensions * New @SentenceFragment annotation for use with IndicativeSentences display name generator * Add --redirect-stdout and --redirect-stderr options to ConsoleLauncher * Introduce test discovery support in EngineTestKit * Reporting of discovery issues for test engines * Resource management for launcher sessions and execution requests * GraalVM: removal of native-image.properties files from JARs * Bug fixes and other minor improvements * Deprecations along with new APIs to ease migration to JUnit 6 Changes in sisu: Upgrade to upstream release 1.0.0 * Changes * Get rid of ancient logback * Source formatting and license headers * Modernize codebase * Build with Java 25 * Remove "Incubation" from bundle names Changes in apache-commons-io: Upgrade to 2.21.0 * New features * FileUtils#byteCountToDisplaySize() supports Zettabyte, Yottabyte, Ronnabyte and Quettabyte * Add org.apache.commons.io.FileUtils.ONE_RB * Add org.apache.commons.io.FileUtils.ONE_QB * Add org.apache.commons.io.output.ProxyOutputStream .writeRepeat(byte[], int, int, long) * Add org.apache.commons.io.output.ProxyOutputStream .writeRepeat(byte[], long) * Add org.apache.commons.io.output.ProxyOutputStream .writeRepeat(int, long) * Add length unit support in FileSystem limits * Add IOUtils.toByteArray(InputStream, int, int) for safer chunked reading with size validation * Add org.apache.commons.io.file.PathUtils.getPath(String, String) * Add org.apache.commons.io.channels .ByteArraySeekableByteChannel * Add IOIterable.asIterable() * Add NIO channel support to 'AbstractStreamBuilder' * Add CloseShieldChannel to close-shielded NIO Channels * Added IOUtils.checkFromIndexSize as a Java 8 backport of Objects.checkFromIndexSize * Fixed Bugs * When testing on Java 21 and up, enable -XX:+EnableDynamicAgentLoading * When testing on Java 24 and up, don't fail FileUtilsListFilesTest for a different behavior in the JRE * ValidatingObjectInputStream does not validate dynamic proxy interfaces * BoundedInputStream.getRemaining() now reports Long.MAX_VALUE instead of 0 when no limit is set * BoundedInputStream.available() correctly accounts for the maximum read limit * Deprecate IOUtils.readFully(InputStream, int) in favor of toByteArray(InputStream, int) * IOUtils.toByteArray(InputStream) now throws IOException on byte array overflow * Javadoc general improvements * IOUtils.toByteArray() now throws EOFException when not enough data is available * Fix IOUtils.skip() usage in concurrent scenarios * [javadoc] Fix XmlStreamReader Javadoc to indicate the correct class that is built * Removed * Inline private constant field ProxyInputStream.exceptionHandler Upgrade to 2.20.0 * New features * Add org.apache.commons.io.file.CountingPathVisitor .accept(Path, BasicFileAttributes) * Add org.apache.commons.io.Charsets.isAlias(Charset, String) * Add org.apache.commons.io.Charsets.isUTF8(Charset) * Add org.apache.commons.io.Charsets.toCharsetDefault(String, Charset) * Add Tailer ignoreTouch option * Fixed Bugs * [javadoc] Rename parameter of ProxyOutputStream.write(int) * CopyDirectoryVisitor ignores fileFilter * org.apache.commons.io.build.AbstractOrigin.getReader(Charset) now maps a null Charset to the default Charset * org.apache.commons.io.build.AbstractOrigin .AbstractRandomAccessFileOrigin.getReader(Charset) now maps a null Charset to the default Charset * org.apache.commons.io.build.AbstractOrigin.ByeArrayOrigin .getReader(Charset) now maps a null Charset to the default Charset * org.apache.commons.io.build.AbstractOrigin.InputStreamOrigin .getReader(Charset) now maps a null Charset to the default Charset * org.apache.commons.io.build.AbstractOrigin.getWriter(Charset) now maps a null Charset to the default Charset * org.apache.commons.io.build.AbstractOrigin .AbstractRandomAccessFileOrigin.getWriter(Charset) now maps a null Charset to the default Charset * org.apache.commons.io.build.AbstractOrigin.OutputStreamOrigin .getWriter(Charset) now maps a null Charset to the default Charset * FileUtils.readLines(File, Charset) now maps a null Charset to the default Charset * Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream, org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 77] Another occurrence at WindowsLineEndingInputStream.java:[line 81] AT_STALE_THREAD_WRITE_OF_PRIMITIVE * Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 112] AT_STALE_THREAD_WRITE_OF_PRIMITIVE * Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 113] AT_STALE_THREAD_WRITE_OF_PRIMITIVE * Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 75] AT_STALE_THREAD_WRITE_OF_PRIMITIVE * Fix SpotBugs [ERROR] Medium: Shared primitive variable "atEos" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 120] AT_STALE_THREAD_WRITE_OF_PRIMITIVE * Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 124] AT_STALE_THREAD_WRITE_OF_PRIMITIVE * Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 125] AT_STALE_THREAD_WRITE_OF_PRIMITIVE * Fix SpotBugs [ERROR] Medium: Shared primitive variable "closed" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.ProxyInputStream] At ProxyInputStream.java:[line 233] AT_STALE_THREAD_WRITE_OF_PRIMITIVE * Fix SpotBugs [ERROR] Medium: Shared primitive variable "propagateClose" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.BoundedInputStream] At BoundedInputStream.java:[line 555] AT_STALE_THREAD_WRITE_OF_PRIMITIVE * QueueInputStream reads all but the first byte without waiting * Javadoc fixes and improvements * Avoid NPE in org.apache.commons.io.filefilter.WildcardFilter .accept(File) * FileUtils.forceDelete can delete a broken symlink again * Fix infinite loop in AbstractByteArrayOutputStream * Changes * Bump commons.bytebuddy.version from 1.17.5 to 1.17.6 * Bump org.apache.commons:commons-parent from 81 to 85 * Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 Upgrade to 2.19.0 * New features * Add ThrottledInputStream.Builder.setMaxBytes(long, ChronoUnit) * Add IOIterable * ReversedLinesFileReader implements IOIterable * Add AbstractByteArrayOutputStream.write(CharSequence, Charset) * Add AbstractByteArrayOutputStream.write(byte[]) * Add RandomAccessFileOutputStream.getRandomAccessFile() * Add ProxyInputStream.setReference(InputStream), was package-private setIn(InputStream) * Add ProxyOutputStream.setReference(OutputStream) * Add RandomAccessFileInputStream.copy(long, long, OutputStream) * Add ProxyOutputStream.Builder * Add ByteOrderMark.matches(int[]) * Add BrokenOutputStream.BrokenOutputStream(Function, Throwable>) and deprecate Supplier constructor * Add IOBooleanSupplier * Add Uncheck.getAsBoolean(IOBooleanSupplier) * Add FileChannels.contentEquals(SeekableByteChannel, SeekableByteChannel, int) * Add FileChannels.contentEquals(ReadableByteChannel, ReadableByteChannel, int) * Add SimplePathVisitor.AbstractBuilder * Add CountingPathVisitor.AbstractBuilder and CountingPathVisitor.Builder * Add AccumulatorPathVisitor.Builder and builder() * Add PathUtils.contentEquals(FileSystem, FileSystem) * Fixed Bugs * Deprecate constructor Counters.Counters() to be private in 4.0 * Deprecate constructor Charsets.Charsets() to be private in 4.0 * Pick up maven-antrun-plugin version from parent POM org.apache:apache * Javadoc is missing its Overview page * Remove -nouses directive from maven-bundle-plugin. OSGi package imports now state 'uses' definitions for package imports, this doesn't affect JPMS (from org.apache.commons:commons-parent:80) * Deprecate DeferredFileOutputStream.getStream() in favor of getOutputStream() * Improve Javadoc for a BoundedInputStream builder() throwing IOException * Improve Javadoc for all implementations of AbstractOriginSupplier#get() * The Consumer to IOUtils.closeQuietly(Closeable, Consumer) now accepts Exception, not just IOException * The Consumer to IOUtils.close(Closeable, IOConsumer) now accepts wrapped Exception, not just IOException * Use Uncheck.getAsBoolean(IOBooleanSupplier) to avoid boxing and unboxing of boolean values * Avoid unnecessary boxing and unboxing of long values in FileUtils.sizeOf(File) * Avoid unnecessary boxing and unboxing of int values in UncheckedBufferedReader.read() * Avoid unnecessary boxing and unboxing of int values in UncheckedFilterInputStream.available() and read() * Avoid unnecessary boxing and unboxing of int values in UncheckedFilterReader.read() * FileChannels.contentEquals(FileChannel, FileChannel, int) can return false when comparing a non-blocking channel * Deprecate FileChannels.contentEquals(FileChannel, FileChannel, int) in favor of FileChannels .contentEquals(SeekableByteChannel, SeekableByteChannel, int) * Improve performance of IOUtils.contentEquals(InputStream, InputStream) by about 13% * PathUtils.copyFileToDirectory() across file systems * IOUtils.contentEquals is incorrect when InputStream.available under-reports * java.lang.ArithmeticException: long overflow java.lang.Math .addExact(Math.java:932) at org.apache.commons.io.file .attribute.FileTimes.ntfsTimeToFileTime(FileTimes.java:164). See also https://issues.apache.org/jira/browse/MDEP-978 * java.lang.ArithmeticException: long overflow java.lang.Math .addExact(Math.java:932) at org.apache.commons.io.file .attribute.FileTimes.ntfsTimeToDate(long) * FileTimes.toNtfsTime(*) methods can overflow result values * Fix Javadoc for ChunkedOutputStream.Builder * General Javadoc improvements * Calling QueueInputStream.QueueInputStream(null) maps to the same kind of default blocking queue as QueueInputStream.Builder.setBlockingQueue(null) * CopyDirectoryVisitor creates incorrect file names when copying between different file systems that use different file system separators ("/" versus "\"); fixes PathUtils.copyDirectory(Path, Path, CopyOption...) * ThreadUtils.sleep(Duration) should handle the underlying OS time changing Changes in maven-filtering: Upgrade to upstream version 3.5.0: * New features and improvements + Introduce ChangeDetection + Use Release Drafter from shared and improvements * Bug Fixes + Issue 289: filter file names one component at a time on 3.x branch Changes in maven-resource-plugins: Upgrade to version 3.5.0: * New features and improvements + Bug: use change detecton strategies * Maintenance + Add IT for Issue 444 + Migration to JUnit 5 - avoid using AbstractMojoTestCase + Cleanup deps ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-459=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * maven-resolver-transport-classpath-1.9.27-160000.1.1 * plexus-pom-25-160000.1.1 * junit5-5.14.2-160000.1.1 * maven-surefire-plugin-3.5.5-160000.1.1 * maven-failsafe-plugin-3.5.5-160000.1.1 * apache-commons-io-javadoc-2.21.0-160000.1.1 * plexus-archiver-javadoc-4.11.0-160000.1.1 * maven-resolver-javadoc-1.9.27-160000.1.1 * apache-commons-io-2.21.0-160000.1.1 * maven-surefire-provider-testng-3.5.5-160000.1.1 * maven-filtering-3.5.0-160000.1.1 * maven-filtering-javadoc-3.5.0-160000.1.1 * junit5-bom-5.14.2-160000.1.1 * maven-resources-plugin-javadoc-3.5.0-160000.1.1 * modello-maven-plugin-javadoc-2.6.0-160000.1.1 * maven-resolver-transport-http-1.9.27-160000.1.1 * sisu-javadoc-1.0.0-160000.1.1 * xmlgraphics-commons-javadoc-2.10-160000.3.1 * maven-resolver-transport-wagon-1.9.27-160000.1.1 * maven-resolver-util-1.9.27-160000.1.1 * maven-resolver-transport-file-1.9.27-160000.1.1 * byte-buddy-javadoc-1.18.3-160000.2.1 * maven-surefire-provider-junit5-3.5.5-160000.1.1 * plexus-compiler-2.16.2-160000.1.1 * maven-surefire-plugins-javadoc-3.5.5-160000.1.1 * junit5-minimal-javadoc-5.14.2-160000.1.1 * maven-resolver-test-util-1.9.27-160000.1.1 * maven-surefire-provider-junit-3.5.5-160000.1.1 * modello-javadoc-2.6.0-160000.1.1 * maven-surefire-javadoc-3.5.5-160000.1.1 * maven-resolver-1.9.27-160000.1.1 * maven-resolver-impl-1.9.27-160000.1.1 * byte-buddy-maven-plugin-1.18.3-160000.2.1 * sisu-inject-1.0.0-160000.1.1 * modello-2.6.0-160000.1.1 * maven-surefire-report-plugin-3.5.5-160000.1.1 * plexus-io-3.6.0-160000.1.1 * junit5-minimal-5.14.2-160000.1.1 * byte-buddy-agent-1.18.3-160000.2.1 * sisu-mojos-1.0.0-160000.1.1 * plexus-interactivity-api-1.5.1-160000.1.1 * sisu-mojos-javadoc-1.0.0-160000.1.1 * maven-resolver-spi-1.9.27-160000.1.1 * plexus-archiver-4.11.0-160000.1.1 * plexus-interactivity-javadoc-1.5.1-160000.1.1 * byte-buddy-1.18.3-160000.2.1 * maven-surefire-report-parser-3.5.5-160000.1.1 * maven-resources-plugin-3.5.0-160000.1.1 * maven-resolver-named-locks-1.9.27-160000.1.1 * maven-resolver-connector-basic-1.9.27-160000.1.1 * plexus-compiler-javadoc-2.16.2-160000.1.1 * maven-surefire-provider-junit5-javadoc-3.5.5-160000.1.1 * junit5-javadoc-5.14.2-160000.1.1 * maven-resolver-api-1.9.27-160000.1.1 * xmlgraphics-fop-2.10-160000.3.1 * xmlgraphics-commons-2.10-160000.3.1 * maven-surefire-3.5.5-160000.1.1 * plexus-io-javadoc-3.6.0-160000.1.1 * plexus-compiler-extras-2.16.2-160000.1.1 * modello-maven-plugin-2.6.0-160000.1.1 * sisu-plexus-1.0.0-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:29 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:31:29 -0000 Subject: SUSE-SU-2026:20978-1: important: Security update for MozillaFirefox Message-ID: <177575228967.22761.17327873770891440948@7334c935c7bb> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2026:20978-1 Release Date: 2026-03-27T12:32:55Z Rating: important References: * bsc#1260083 Cross-References: * CVE-2025-59375 * CVE-2026-4684 * CVE-2026-4685 * CVE-2026-4686 * CVE-2026-4687 * CVE-2026-4688 * CVE-2026-4689 * CVE-2026-4690 * CVE-2026-4691 * CVE-2026-4692 * CVE-2026-4693 * CVE-2026-4694 * CVE-2026-4695 * CVE-2026-4696 * CVE-2026-4697 * CVE-2026-4698 * CVE-2026-4699 * CVE-2026-4700 * CVE-2026-4701 * CVE-2026-4702 * CVE-2026-4704 * CVE-2026-4705 * CVE-2026-4706 * CVE-2026-4707 * CVE-2026-4708 * CVE-2026-4709 * CVE-2026-4710 * CVE-2026-4711 * CVE-2026-4712 * CVE-2026-4713 * CVE-2026-4714 * CVE-2026-4715 * CVE-2026-4716 * CVE-2026-4717 * CVE-2026-4718 * CVE-2026-4719 * CVE-2026-4720 * CVE-2026-4721 CVSS scores: * CVE-2025-59375 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-59375 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59375 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4684 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4684 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4685 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4685 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4685 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4686 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4686 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4686 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4687 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4687 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2026-4687 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4688 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4688 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4688 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-4689 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4689 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-4689 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-4690 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4690 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H * CVE-2026-4690 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4691 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4691 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4691 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4692 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4692 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H * CVE-2026-4692 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-4693 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4693 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4693 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4694 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4694 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4694 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4695 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4695 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4695 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4696 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4696 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4696 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4697 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4697 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4697 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4698 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4698 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4698 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4699 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4699 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4699 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4700 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-4700 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4700 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4701 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4701 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4701 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4702 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4702 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4702 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4704 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-4704 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4704 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4705 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4705 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4705 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4706 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4706 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4706 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4707 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4707 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4707 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4708 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4708 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4708 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4709 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4709 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4709 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4710 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4710 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4710 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4711 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4711 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4711 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4712 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-4712 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4712 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-4713 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4713 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4713 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4714 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4714 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4714 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4715 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4715 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-4715 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-4716 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4716 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-4716 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-4717 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4717 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4717 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4718 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4718 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-4718 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-4719 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-4719 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4719 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4720 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4720 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4721 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-4721 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves 38 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Update to Firefox 140.9.0 ESR (MFSA 2026-22, bsc#1260083): * CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component * CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4686: Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4687: Sandbox escape due to incorrect boundary conditions in the Telemetry component * CVE-2026-4688: Sandbox escape due to use-after-free in the Disability Access APIs component * CVE-2026-4689: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component * CVE-2026-4690: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component * CVE-2026-4691: Use-after-free in the CSS Parsing and Computation component * CVE-2026-4692: Sandbox escape in the Responsive Design Mode component * CVE-2026-4693: Incorrect boundary conditions in the Audio/Video: Playback component * CVE-2026-4694: Incorrect boundary conditions, integer overflow in the Graphics component * CVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs component * CVE-2026-4696: Use-after-free in the Layout: Text and Fonts component * CVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs component * CVE-2026-4698: JIT miscompilation in the JavaScript Engine: JIT component * CVE-2026-4699: Incorrect boundary conditions in the Layout: Text and Fonts component * CVE-2026-4700: Mitigation bypass in the Networking: HTTP component * CVE-2026-4701: Use-after-free in the JavaScript Engine component * CVE-2026-4702: JIT miscompilation in the JavaScript Engine component * CVE-2026-4704: Denial-of-service in the WebRTC: Signaling component * CVE-2026-4705: Undefined behavior in the WebRTC: Signaling component * CVE-2026-4706: Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4707: Incorrect boundary conditions in the Graphics: Canvas2D component * CVE-2026-4708: Incorrect boundary conditions in the Graphics component * CVE-2026-4709: Incorrect boundary conditions in the Audio/Video: GMP component * CVE-2026-4710: Incorrect boundary conditions in the Audio/Video component * CVE-2026-4711: Use-after-free in the Widget: Cocoa component * CVE-2026-4712: Information disclosure in the Widget: Cocoa component * CVE-2026-4713: Incorrect boundary conditions in the Graphics component * CVE-2026-4714: Incorrect boundary conditions in the Audio/Video component * CVE-2026-4715: Uninitialized memory in the Graphics: Canvas2D component * CVE-2026-4716: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component * CVE-2026-4717: Privilege escalation in the Netmonitor component * CVE-2025-59375: Denial-of-service in the XML component * CVE-2026-4718: Undefined behavior in the WebRTC: Signaling component * CVE-2026-4719: Incorrect boundary conditions in the Graphics: Text component * CVE-2026-4720: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 * CVE-2026-4721: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-456=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-140.9.0-160000.1.1 * MozillaFirefox-debuginfo-140.9.0-160000.1.1 * MozillaFirefox-translations-other-140.9.0-160000.1.1 * MozillaFirefox-140.9.0-160000.1.1 * MozillaFirefox-debugsource-140.9.0-160000.1.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * MozillaFirefox-devel-140.9.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59375.html * https://www.suse.com/security/cve/CVE-2026-4684.html * https://www.suse.com/security/cve/CVE-2026-4685.html * https://www.suse.com/security/cve/CVE-2026-4686.html * https://www.suse.com/security/cve/CVE-2026-4687.html * https://www.suse.com/security/cve/CVE-2026-4688.html * https://www.suse.com/security/cve/CVE-2026-4689.html * https://www.suse.com/security/cve/CVE-2026-4690.html * https://www.suse.com/security/cve/CVE-2026-4691.html * https://www.suse.com/security/cve/CVE-2026-4692.html * https://www.suse.com/security/cve/CVE-2026-4693.html * https://www.suse.com/security/cve/CVE-2026-4694.html * https://www.suse.com/security/cve/CVE-2026-4695.html * https://www.suse.com/security/cve/CVE-2026-4696.html * https://www.suse.com/security/cve/CVE-2026-4697.html * https://www.suse.com/security/cve/CVE-2026-4698.html * https://www.suse.com/security/cve/CVE-2026-4699.html * https://www.suse.com/security/cve/CVE-2026-4700.html * https://www.suse.com/security/cve/CVE-2026-4701.html * https://www.suse.com/security/cve/CVE-2026-4702.html * https://www.suse.com/security/cve/CVE-2026-4704.html * https://www.suse.com/security/cve/CVE-2026-4705.html * https://www.suse.com/security/cve/CVE-2026-4706.html * https://www.suse.com/security/cve/CVE-2026-4707.html * https://www.suse.com/security/cve/CVE-2026-4708.html * https://www.suse.com/security/cve/CVE-2026-4709.html * https://www.suse.com/security/cve/CVE-2026-4710.html * https://www.suse.com/security/cve/CVE-2026-4711.html * https://www.suse.com/security/cve/CVE-2026-4712.html * https://www.suse.com/security/cve/CVE-2026-4713.html * https://www.suse.com/security/cve/CVE-2026-4714.html * https://www.suse.com/security/cve/CVE-2026-4715.html * https://www.suse.com/security/cve/CVE-2026-4716.html * https://www.suse.com/security/cve/CVE-2026-4717.html * https://www.suse.com/security/cve/CVE-2026-4718.html * https://www.suse.com/security/cve/CVE-2026-4719.html * https://www.suse.com/security/cve/CVE-2026-4720.html * https://www.suse.com/security/cve/CVE-2026-4721.html * https://bugzilla.suse.com/show_bug.cgi?id=1260083 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:34 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:31:34 -0000 Subject: SUSE-RU-2026:20977-1: moderate: Recommended update for rage-encryption Message-ID: <177575229423.22761.11120653489981514969@7334c935c7bb> # Recommended update for rage-encryption Announcement ID: SUSE-RU-2026:20977-1 Release Date: 2026-03-27T12:11:50Z Rating: moderate References: * bsc#1242079 * bsc#1244083 Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that has two fixes can now be installed. ## Description: This update for rage-encryption fixes the following issues: Changes in rage-encryption: * adjust to deterministic translations to allow reproducible builds (boo#1244083) * build with fuse 3 (boo#1242079) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-457=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 x86_64) * rage-encryption-debugsource-0.11.1+0-160000.3.1 * rage-encryption-0.11.1+0-160000.3.1 * rage-encryption-debuginfo-0.11.1+0-160000.3.1 * SUSE Linux Enterprise Server - BCI 16.0 (noarch) * rage-encryption-fish-completion-0.11.1+0-160000.3.1 * rage-encryption-zsh-completion-0.11.1+0-160000.3.1 * rage-encryption-bash-completion-0.11.1+0-160000.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1242079 * https://bugzilla.suse.com/show_bug.cgi?id=1244083 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:39 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:31:39 -0000 Subject: SUSE-SU-2026:20976-1: important: Security update for docker-compose Message-ID: <177575229943.22761.6698063977301968306@7334c935c7bb> # Security update for docker-compose Announcement ID: SUSE-SU-2026:20976-1 Release Date: 2026-03-27T10:04:45Z Rating: important References: * bsc#1252752 * bsc#1253584 * bsc#1254041 Cross-References: * CVE-2025-47913 * CVE-2025-47914 * CVE-2025-62725 CVSS scores: * CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47914 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47914 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-62725 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2025-62725 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2025-62725 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server - BCI 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for docker-compose fixes the following issues: * CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253584). * CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1254041). * CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files (bsc#1252752). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server - BCI 16.0 zypper in -t patch SUSE-SLES-16.0-455=1 ## Package List: * SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64) * docker-compose-2.33.1-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-47913.html * https://www.suse.com/security/cve/CVE-2025-47914.html * https://www.suse.com/security/cve/CVE-2025-62725.html * https://bugzilla.suse.com/show_bug.cgi?id=1252752 * https://bugzilla.suse.com/show_bug.cgi?id=1253584 * https://bugzilla.suse.com/show_bug.cgi?id=1254041 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:42 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:31:42 -0000 Subject: SUSE-SU-2026:1231-1: important: Security update for the Linux Kernel (Live Patch 48 for SUSE Linux Enterprise 15 SP4) Message-ID: <177575230215.22761.12385854444651464833@7334c935c7bb> # Security update for the Linux Kernel (Live Patch 48 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1231-1 Release Date: 2026-04-09T09:04:40Z Rating: important References: * bsc#1258784 Cross-References: * CVE-2026-23209 CVSS scores: * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.194 fixes one security issue The following security issue was fixed: * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1231=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1231=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_194-default-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_48-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_194-default-debuginfo-2-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_194-default-2-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_48-debugsource-2-150400.2.1 * kernel-livepatch-5_14_21-150400_24_194-default-debuginfo-2-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:46 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:31:46 -0000 Subject: SUSE-SU-2026:1232-1: important: Security update for cockpit Message-ID: <177575230632.22761.679919010716133203@7334c935c7bb> # Security update for cockpit Announcement ID: SUSE-SU-2026:1232-1 Release Date: 2026-04-09T10:47:30Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1232=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1232=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * cockpit-251.3-150300.6.9.1 * cockpit-bridge-251.3-150300.6.9.1 * cockpit-debuginfo-251.3-150300.6.9.1 * cockpit-debugsource-251.3-150300.6.9.1 * cockpit-bridge-debuginfo-251.3-150300.6.9.1 * cockpit-ws-251.3-150300.6.9.1 * cockpit-ws-debuginfo-251.3-150300.6.9.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * cockpit-system-251.3-150300.6.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * cockpit-251.3-150300.6.9.1 * cockpit-bridge-251.3-150300.6.9.1 * cockpit-debuginfo-251.3-150300.6.9.1 * cockpit-debugsource-251.3-150300.6.9.1 * cockpit-bridge-debuginfo-251.3-150300.6.9.1 * cockpit-ws-251.3-150300.6.9.1 * cockpit-ws-debuginfo-251.3-150300.6.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * cockpit-system-251.3-150300.6.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:50 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:31:50 -0000 Subject: SUSE-SU-2026:1230-1: important: Security update for bind Message-ID: <177575231024.22761.6888138374036026590@7334c935c7bb> # Security update for bind Announcement ID: SUSE-SU-2026:1230-1 Release Date: 2026-04-09T08:58:39Z Rating: important References: * bsc#1260805 Cross-References: * CVE-2026-1519 CVSS scores: * CVE-2026-1519 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-1519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for bind fixes the following issues: * CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1230=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1230=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1230=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1230=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1230=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1230=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * bind-debugsource-9.16.50-150500.8.35.1 * bind-utils-debuginfo-9.16.50-150500.8.35.1 * bind-9.16.50-150500.8.35.1 * bind-utils-9.16.50-150500.8.35.1 * bind-debuginfo-9.16.50-150500.8.35.1 * openSUSE Leap 15.5 (noarch) * python3-bind-9.16.50-150500.8.35.1 * bind-doc-9.16.50-150500.8.35.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * bind-utils-9.16.50-150500.8.35.1 * bind-utils-debuginfo-9.16.50-150500.8.35.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-bind-9.16.50-150500.8.35.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * bind-debugsource-9.16.50-150500.8.35.1 * bind-debuginfo-9.16.50-150500.8.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * bind-debugsource-9.16.50-150500.8.35.1 * bind-utils-debuginfo-9.16.50-150500.8.35.1 * bind-9.16.50-150500.8.35.1 * bind-utils-9.16.50-150500.8.35.1 * bind-debuginfo-9.16.50-150500.8.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * python3-bind-9.16.50-150500.8.35.1 * bind-doc-9.16.50-150500.8.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * bind-debugsource-9.16.50-150500.8.35.1 * bind-utils-debuginfo-9.16.50-150500.8.35.1 * bind-9.16.50-150500.8.35.1 * bind-utils-9.16.50-150500.8.35.1 * bind-debuginfo-9.16.50-150500.8.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * python3-bind-9.16.50-150500.8.35.1 * bind-doc-9.16.50-150500.8.35.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * bind-debugsource-9.16.50-150500.8.35.1 * bind-utils-debuginfo-9.16.50-150500.8.35.1 * bind-9.16.50-150500.8.35.1 * bind-utils-9.16.50-150500.8.35.1 * bind-debuginfo-9.16.50-150500.8.35.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * python3-bind-9.16.50-150500.8.35.1 * bind-doc-9.16.50-150500.8.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * bind-debugsource-9.16.50-150500.8.35.1 * bind-utils-debuginfo-9.16.50-150500.8.35.1 * bind-9.16.50-150500.8.35.1 * bind-utils-9.16.50-150500.8.35.1 * bind-debuginfo-9.16.50-150500.8.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * python3-bind-9.16.50-150500.8.35.1 * bind-doc-9.16.50-150500.8.35.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1519.html * https://bugzilla.suse.com/show_bug.cgi?id=1260805 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:31:53 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:31:53 -0000 Subject: SUSE-SU-2026:1229-1: important: Security update for bind Message-ID: <177575231367.22761.8593763792451054735@7334c935c7bb> # Security update for bind Announcement ID: SUSE-SU-2026:1229-1 Release Date: 2026-04-09T08:58:10Z Rating: important References: * bsc#1260805 Cross-References: * CVE-2026-1519 CVSS scores: * CVE-2026-1519 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-1519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for bind fixes the following issues: * CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1229=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1229=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libirs161-debuginfo-9.11.22-3.68.1 * libisccfg163-9.11.22-3.68.1 * bind-9.11.22-3.68.1 * libdns1110-9.11.22-3.68.1 * bind-debugsource-9.11.22-3.68.1 * liblwres161-9.11.22-3.68.1 * libdns1110-debuginfo-9.11.22-3.68.1 * libisccc161-debuginfo-9.11.22-3.68.1 * libisc1107-debuginfo-9.11.22-3.68.1 * libbind9-161-debuginfo-9.11.22-3.68.1 * bind-utils-9.11.22-3.68.1 * liblwres161-debuginfo-9.11.22-3.68.1 * bind-debuginfo-9.11.22-3.68.1 * bind-utils-debuginfo-9.11.22-3.68.1 * bind-chrootenv-9.11.22-3.68.1 * libisccfg163-debuginfo-9.11.22-3.68.1 * libisc1107-9.11.22-3.68.1 * libisccc161-9.11.22-3.68.1 * bind-devel-9.11.22-3.68.1 * libbind9-161-9.11.22-3.68.1 * libirs161-9.11.22-3.68.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * bind-doc-9.11.22-3.68.1 * python-bind-9.11.22-3.68.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libisc1107-32bit-9.11.22-3.68.1 * libisc1107-debuginfo-32bit-9.11.22-3.68.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libirs161-debuginfo-9.11.22-3.68.1 * libisccfg163-9.11.22-3.68.1 * bind-9.11.22-3.68.1 * libdns1110-9.11.22-3.68.1 * bind-debugsource-9.11.22-3.68.1 * liblwres161-9.11.22-3.68.1 * libdns1110-debuginfo-9.11.22-3.68.1 * libisccc161-debuginfo-9.11.22-3.68.1 * libisc1107-debuginfo-9.11.22-3.68.1 * libbind9-161-debuginfo-9.11.22-3.68.1 * bind-utils-9.11.22-3.68.1 * liblwres161-debuginfo-9.11.22-3.68.1 * libisc1107-debuginfo-32bit-9.11.22-3.68.1 * bind-debuginfo-9.11.22-3.68.1 * bind-utils-debuginfo-9.11.22-3.68.1 * bind-chrootenv-9.11.22-3.68.1 * libisc1107-32bit-9.11.22-3.68.1 * libisccfg163-debuginfo-9.11.22-3.68.1 * libisc1107-9.11.22-3.68.1 * libisccc161-9.11.22-3.68.1 * bind-devel-9.11.22-3.68.1 * libbind9-161-9.11.22-3.68.1 * libirs161-9.11.22-3.68.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * bind-doc-9.11.22-3.68.1 * python-bind-9.11.22-3.68.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1519.html * https://bugzilla.suse.com/show_bug.cgi?id=1260805 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:32:16 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:32:16 -0000 Subject: SUSE-RU-2026:1228-1: important: Recommended update for shadow Message-ID: <177575233684.22761.17433204625705160114@7334c935c7bb> # Recommended update for shadow Announcement ID: SUSE-RU-2026:1228-1 Release Date: 2026-04-09T08:27:29Z Rating: important References: * bsc#1144060 * bsc#1176006 * bsc#1181400 * bsc#1182850 * bsc#1185897 * bsc#1187536 * bsc#1189139 * bsc#1199026 * bsc#1203823 * bsc#1205502 * bsc#1206627 * bsc#1214806 * bsc#1246052 * bsc#916845 * jsc#PED-14520 * jsc#PED-3144 Cross-References: * CVE-2013-4235 * CVE-2023-4641 CVSS scores: * CVE-2013-4235 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2013-4235 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2023-4641 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-4641 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-4641 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities, contains two features and has 12 fixes can now be installed. ## Description: This update for shadow fixes the following issues: shadow is updated to 4.17.2 to bring lots of features and bug fixes. * util-linux-2.41 introduced new variable: LOGIN_ENV_SAFELIST. Recognize it and update dependencies. * Set SYS_{UID,GID}_MIN to 201: After repeated similar requests to change the ID ranges we set the above mentioned value to 201. The max value will stay at 499. This range should be sufficient and will give us leeway for the future. It's not straightforward to find out which static UIDs/GIDs are used in all packages. Update to 4.17.2: * src/login_nopam.c: Fix compiler warnings #1170 * lib/chkname.c: Put limits for LOGIN_NAME_MAX and sysconf(_SC_LOGIN_NAME_MAX) #1169 * Use HTTPS in link to Wikipedia article on password strength #1164 * lib/attr.h: use C23 attributes only with gcc >= 10 #1172 * login: Fix no-pam authorization regression #1174 * man: Add Portuguese translation #1178 * Update French translation #1177 * Add cheap defense mechanisms #1171 * Add Romanian translation #1176 Update to 4.17.1: * Fix `su -` regression #1163 Update to 4.17.0: * Fix the lower part of the domain of csrand_uniform() * Fix use of volatile pointer * Use str2[u]l() instead of atoi(3) * Use a2i() in various places * Fix const correctness * Use uid_t for holding UIDs (and GIDs) * Move all sprintf(3)-like APIs to a subdirectory * Move all copying APIs to a subdirectory * Fix forever loop on ENOMEM * Fix REALLOC() nmemb calculation * Remove id(1) * Remove groups(1) * Use local time for human-readable dates * Use %F instead of %Y-%m-%d with strftime(3) * is_valid{user,group}_name(): Set errno to distinguish the reasons * Recommend --badname only if it is useful * Add fmkomstemp() to fix mode of /etc/default/useradd * Fix use-after-free bug in sgetgrent() * Update Catalan translation * Remove references to cppw, cpgr * groupadd, groupmod: Update gshadow file with -U * Added option -a for listing active users only, optimized using if aflg,return * Added information in lastlog man page for new option '-a' * Plenty of code cleanup and clarifications * Disable flushing sssd caches. The sssd's files provider is no longer available. Update to 4.16.0: * The shadow implementations of id(1) and groups(1) are deprecated in favor of the GNU coreutils and binutils versions. They will be removed in 4.17.0. * The rlogind implementation has been removed. * The libsubid major version has been bumped, since it now requires specification of the module's free() implementation. Update to 4.15.1: * Fix a bug that caused spurious error messages about unknown login.defs configuration options #967 * Adding checks for fd omission #964 * Use temporary stat buffer #974 * Fix wrong french translation #975 Update to 4.15.0 * libshadow: * Use utmpx instead of utmp. This fixes a regression introduced in 4.14.0. * Fix build error (parameter name omitted). * Build system: * Link correctly with libdl. * Install pam configs for chpasswd(8) and newusers(8) when using ./configure --with-libpam --disable-account-tools-setuid. * Merge libshadow and libmisc into a single libshadow. This fixes problems in the linker, which were reported at least in Gentoo. * Fix build with musl libc. * Support out of tree builds * useradd(8): * Set proper SELinux labels for def_usrtemplate Update to 4.14.6: * login(1): * Fix off-by-one bugs. * passwd(1): * Don't silently truncate passwords of length >= 200 characters. Instead, accept a length of PASS_MAX, and reject longer ones. * libshadow: * Fix calculation in strtoday(), which caused a wrong half-day offset in some cases (bsc#1176006) * Fix parsing of dates in get_date() (bsc#1176006) * Use utmpx instead of utmp. This fixes a regression introduced in 4.14.0. Update to 4.14.5: * Build system: * Fix regression introduced in 4.14.4, due to a typo. chgpasswd had been deleted from a Makefile variable, but it should have been chpasswd. Update to 4.14.4: * Build system: * Link correctly with libdl. * Install pam configs for chpasswd(8) and newusers(8) when using ./configure --with-libpam --disable-account-tools-setuid. * libshadow: * Fix build error (parameter name omitted). * Fix off-by-one bug. * Remove warning. Update to 4.14.3: * libshadow: Avoid null pointer dereference (#904) * Remove pam_keyinit from PAM configuration. (bsc#1199026 bsc#1203823) This was introduced for bsc#1144060. Update to 4.14.2: * libshadow: * Fix build with musl libc. * Avoid NULL dereference. * Update utmp at an initial login * useradd(8): * Set proper SELinux labels for def_usrtemplate * Manual: * Document --prefix in chage(1), chpasswd(8), and passwd(1) Update to 4.14.1: Build system: Merge libshadow and libmisc into a single libshadow. This fixes problems in the linker, which were reported at least in Gentoo. #791 * Set proper SELinux labels for new homedirs. Update to 4.14.0: * configure: add with-libbsd option * Code cleanup * Replace utmp interface #757 * new option enable-logind #674 * shadow userdel: add the adaptation to the busybox ps in 01-kill_user_procs.sh * chsh: warn if root sets a shell not listed in /etc/shells #535 * newgrp: fix potential string injection * lastlog: fix alignment of Latest header * Fix yescrypt support #748 * chgpasswd: Fix segfault in command-line options * gpasswd: Fix password leak (bsc#1214806, CVE-2023-4641) * Add --prefix to passwd, chpasswd and chage #714 (bsc#1206627) * usermod: fix off-by-one issues #701 * ch(g)passwd: Check selinux permissions upon startup #675 * sub_[ug]id_{add,remove}: fix return values * chsh: Verify that login shell path is absolute #730 * process_prefix_flag: Drop privileges * run_parts for groupadd and groupdel #706 * newgrp/useradd: always set SIGCHLD to default * useradd/usermod: add --selinux-range argument #698 * sssd: skip flushing if executable does not exist #699 * semanage: Do not set default SELinux range #676 * Add control character check #687 * usermod: respect --prefix for --gid option * Fix null dereference in basename * newuidmap and newgidmap: support passing pid as fd * Prevent out of boundary access #633 * Explicitly override only newlines #633 * Correctly handle illegal system file in tz #633 * Supporting vendor given -shells- configuration file #599 * Warn if failed to read existing /etc/nsswitch.conf * chfn: new_fields: fix wrong fields printed * Allow supplementary groups to be added via config file #586 * useradd: check if subid range exists for user #592 (rh#2012929) * Rename lastlog to lastlog.legacy to be able to switch to Y2038 safe lastlog2 as default [jsc#PED-3144] * bsc#1205502: Fix useradd audit event logging of ID field Update to 4.13: * useradd.8: fix default group ID * Revert drop of subid_init() * Georgian translation * useradd: Avoid taking unneeded space: do not reset non-existent data in lastlog * relax username restrictions * selinux: check MLS enabled before setting serange * copy_tree: use fchmodat instead of chmod * copy_tree: don't block on FIFOs * add shell linter * copy_tree: carefully treat permissions * lib/commonio: make lock failures more detailed * lib: use strzero and memzero where applicable * Update Dutch translation * Don't test for NULL before calling free * Use libc MAX() and MIN() * chage: Fix regression in print_date * usermod: report error if homedir does not exist * libmisc: minimum id check for system accounts * fix usermod -rG x y wrongly adding a group * man: add missing space in useradd.8.xml * lastlog: check for localtime() return value * Raise limit for passwd and shadow entry length * Remove adduser-old.c * useradd: Fix buffer overflow when using a prefix * Don't warn when failed to open /etc/nsswitch.conf Update to 4.12.3: Revert removal of subid_init, which should have bumped soname. So note that 4.12 through 4.12.2 were broken for subid users. Update to 4.12.2: * Address CVE-2013-4235 (TOCTTOU when copying directories) [bsc#916845] Update to 4.12.1: * Fix uk manpages Update to 4.12: * Add absolute path hint to --root * Various cleanups * Fix Ubuntu release used in CI tests * add -F options to userad * useradd manpage updates * Check for ownerid (not just username) in subid ranges * Declare file local functions static * Use strict prototypes * Do not drop const qualifier for Basename * Constify various pointers * Don't return uninitialized memory * Don't let compiler optimize away memory cleaning * Remove many obsolete compatibility checks and defines * Modify ID range check in useradd * Use "extern "C"" to make libsubid easier to use from C++ * French translation updates * Fix s/with-pam/with-libpam/ * Spanish translation updates * French translation fixes * Default max group name length to 32 * Fix PAM service files without-selinux * Improve manpages * groupadd, useradd, usermod * groups and id * pwck * Fix condition under which pw_dir check happens * logoutd: switch to strncat * AUTHORS: improve markdown output * Handle ERANGE errors correctly * Check for fopen NULL return * Split get_salt() into its own fn juyin) * Get salt before chroot to ensure /dev/urandom. * Chpasswd code cleanup * Work around git safe.directory enforcement * Alphabetize order in usermod help * Erase password copy on error branches * Suggest using --badname if needed * Update translation files * Correct badnames option to badname * configure: replace obsolete autoconf macros * tests: replace egrep with grep -E * Update Ukrainian translations * Cleanups * Remove redeclared variable * Remove commented out code and FIXMEs * Add header guards * Initialize local variables * CI updates * Create github workflow to install dependencies * Enable CodeQL * Update actions version * libmisc: use /dev/urandom as fallback if other methods fail Provide /etc/login.defs.d on SLE15 since we support and use it Update to 4.11.1: * build: include lib/shadowlog_internal.h in dist tarballs Update to 4.11: * Handle possible TOCTTOU issues in usermod/userdel \- (CVE-2013-4235) \- Use O_NOFOLLOW when copying file \- Kill all user tasks in userdel * Fix useradd -D segfault * Clean up obsolete libc feature-check ifdefs * Fix -fno-common build breaks due to duplicate Prog declarations * Have single date_to_str definition * Fix libsubid SONAME version * Clarify licensing info, use SPDX. Update to 4.10: * From this release forward, su from this package should be considered deprecated. Please replace any users of it with su rom util-linux * libsubid fixes * Rename the test program list_subid_ranges to getsubids, write a manpage, so distros can ship it. * Add libeconf dep for new*idmap * Allow all group types with usermod -G * Avoid useradd generating empty subid range * Handle NULL pw_passwd * Fix default value SHA_get_salt_rounds * Use https where possible in README * Update content and format of README * Translation updates * Switch from xml2po to itstool in 'make dist' * Fix double frees * Add LOG_INIT configurable to useradd * Add CREATE_MAIL_SPOOL documentation * Create a security.md * Fix su never being SIGKILLd when trapping TERM * Fix wrong SELinux labels in several possible cases * Fix missing chmod in chadowtb_move * Handle malformed hushlogins entries * Fix groupdel segv when passwd does not exist * Fix covscan-found newgrp segfault * Remove trailing slash on hoedir * Fix passwd -l message - it does not change expirey * Fix SIGCHLD handling bugs in su and vipw * Remove special case for "" in usermod * Implement usermod -rG to remove a specific group * call pam_end() after fork in child path for su and login * useradd: In absence of /etc/passwd, assume 0 == root * lib: check NULL before freeing data * Fix pwck segfault * Really enable USERGROUPS_ENAB [bsc#1189139]. Added hardening to systemd service(s) (bsc#1181400). * Add LOGIN_KEEP_USERNAME to login.defs. * Remove PREVENT_NO_AUTH from login.defs. Only used by the unpackaged login and su. * Remove variables BCRYPT_MIN_ROUNDS, BCRYPT_MAX_ROUNDS, YESCRYPT_COST_FACTOR, not supported by the current configuratiton. * login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to be compatible with other Linux distros and the other tools creating user accounts in use on openSUSE. Set HOME_MODE to 700 for security reasons and compatibility. [bsc#1189139] [bsc#1182850] Update to 4.9: * Updated translations * Major salt updates * Various coverity and cleanup fixes * Consistently use 0 to disable PASS_MIN_DAYS in man * Implement NSS support for subids and a libsubid * setfcap: retain setfcap when mapping uid 0 * login.defs: include HMAC_CRYPTO_ALGO key * selinux fixes * Fix path prefix path handling * Manpage updates * Treat an empty passwd field as invalid(Haelwenn Monnier) * newxidmap: allow running under alternative gid * usermod: check that shell is executable * Add yescript support * useradd memleak fixes * useradd: use built-in settings by default * getdefs: add foreign * buffer overflow fixes * Adding run-parts style for pre and post useradd/del * login.defs/MOTD_FILE: Use "" instead of blank entry [bsc#1187536] * Add /etc/login.defs.d directory * Enable shadowgrp so that we can set more secure group passwords using shadow. * Disable MOTD_FILE to allow the use of pam_motd to unify motd message output [bsc#1185897]. Else motd entries of e.g. cockpit will not be shown. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1228=1 openSUSE-SLE-15.6-2026-1228=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1228=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libsubid5-4.17.2-150600.17.18.1 * libsubid-devel-4.17.2-150600.17.18.1 * shadow-debuginfo-4.17.2-150600.17.18.1 * libsubid5-debuginfo-4.17.2-150600.17.18.1 * shadow-4.17.2-150600.17.18.1 * shadow-debugsource-4.17.2-150600.17.18.1 * openSUSE Leap 15.6 (noarch) * login_defs-4.17.2-150600.17.18.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libsubid5-4.17.2-150600.17.18.1 * libsubid-devel-4.17.2-150600.17.18.1 * shadow-debuginfo-4.17.2-150600.17.18.1 * libsubid5-debuginfo-4.17.2-150600.17.18.1 * shadow-4.17.2-150600.17.18.1 * shadow-debugsource-4.17.2-150600.17.18.1 * Basesystem Module 15-SP7 (noarch) * login_defs-4.17.2-150600.17.18.1 ## References: * https://www.suse.com/security/cve/CVE-2013-4235.html * https://www.suse.com/security/cve/CVE-2023-4641.html * https://bugzilla.suse.com/show_bug.cgi?id=1144060 * https://bugzilla.suse.com/show_bug.cgi?id=1176006 * https://bugzilla.suse.com/show_bug.cgi?id=1181400 * https://bugzilla.suse.com/show_bug.cgi?id=1182850 * https://bugzilla.suse.com/show_bug.cgi?id=1185897 * https://bugzilla.suse.com/show_bug.cgi?id=1187536 * https://bugzilla.suse.com/show_bug.cgi?id=1189139 * https://bugzilla.suse.com/show_bug.cgi?id=1199026 * https://bugzilla.suse.com/show_bug.cgi?id=1203823 * https://bugzilla.suse.com/show_bug.cgi?id=1205502 * https://bugzilla.suse.com/show_bug.cgi?id=1206627 * https://bugzilla.suse.com/show_bug.cgi?id=1214806 * https://bugzilla.suse.com/show_bug.cgi?id=1246052 * https://bugzilla.suse.com/show_bug.cgi?id=916845 * https://jira.suse.com/browse/PED-14520 * https://jira.suse.com/browse/PED-3144 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 16:32:21 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 16:32:21 -0000 Subject: SUSE-FU-2026:1227-1: important: Feature update for apache2-mod_auth_openidc Message-ID: <177575234147.22761.6937770011415434178@7334c935c7bb> # Feature update for apache2-mod_auth_openidc Announcement ID: SUSE-FU-2026:1227-1 Release Date: 2026-04-09T08:27:20Z Rating: important References: * bsc#1227261 * bsc#1248806 * jsc#PED-14130 Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains one feature and has two fixes can now be installed. ## Description: This update for apache2-mod_auth_openidc fixes the following issues: Update to 2.4.17.1 (bsc#1248806 / jsc#PED-14130). Changelog: https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.17.1 * Fix apxs2 binary location, which made the library file be installed in root folder (bsc#1227261). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1227=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1227=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1227=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1227=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1227=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1227=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1227=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1227=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * apache2-mod_auth_openidc-debuginfo-2.4.17.1-150100.3.37.1 * apache2-mod_auth_openidc-2.4.17.1-150100.3.37.1 * apache2-mod_auth_openidc-debugsource-2.4.17.1-150100.3.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * apache2-mod_auth_openidc-debuginfo-2.4.17.1-150100.3.37.1 * apache2-mod_auth_openidc-2.4.17.1-150100.3.37.1 * apache2-mod_auth_openidc-debugsource-2.4.17.1-150100.3.37.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * apache2-mod_auth_openidc-debuginfo-2.4.17.1-150100.3.37.1 * apache2-mod_auth_openidc-2.4.17.1-150100.3.37.1 * apache2-mod_auth_openidc-debugsource-2.4.17.1-150100.3.37.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * apache2-mod_auth_openidc-debuginfo-2.4.17.1-150100.3.37.1 * apache2-mod_auth_openidc-2.4.17.1-150100.3.37.1 * apache2-mod_auth_openidc-debugsource-2.4.17.1-150100.3.37.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * apache2-mod_auth_openidc-debuginfo-2.4.17.1-150100.3.37.1 * apache2-mod_auth_openidc-2.4.17.1-150100.3.37.1 * apache2-mod_auth_openidc-debugsource-2.4.17.1-150100.3.37.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * apache2-mod_auth_openidc-debuginfo-2.4.17.1-150100.3.37.1 * apache2-mod_auth_openidc-2.4.17.1-150100.3.37.1 * apache2-mod_auth_openidc-debugsource-2.4.17.1-150100.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * apache2-mod_auth_openidc-debuginfo-2.4.17.1-150100.3.37.1 * apache2-mod_auth_openidc-2.4.17.1-150100.3.37.1 * apache2-mod_auth_openidc-debugsource-2.4.17.1-150100.3.37.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * apache2-mod_auth_openidc-debuginfo-2.4.17.1-150100.3.37.1 * apache2-mod_auth_openidc-2.4.17.1-150100.3.37.1 * apache2-mod_auth_openidc-debugsource-2.4.17.1-150100.3.37.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1227261 * https://bugzilla.suse.com/show_bug.cgi?id=1248806 * https://jira.suse.com/browse/PED-14130 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 9 20:30:15 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 09 Apr 2026 20:30:15 -0000 Subject: SUSE-SU-2026:1236-1: important: Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6) Message-ID: <177576661548.19813.13950382259857305981@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1236-1 Release Date: 2026-04-09T14:22:37Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.53 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1236=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1236=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_53-default-14-150600.2.1 * kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-14-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_12-debugsource-14-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_53-default-14-150600.2.1 * kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-14-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_12-debugsource-14-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 08:30:21 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 10 Apr 2026 08:30:21 -0000 Subject: SUSE-SU-2026:1239-1: important: Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP6) Message-ID: <177580982116.21169.17482552362187734022@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1239-1 Release Date: 2026-04-09T19:04:34Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.47 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1239=1 SUSE-2026-1238=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1239=1 SUSE-SLE- Module-Live-Patching-15-SP6-2026-1238=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-14-150600.2.1 * kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-15-150600.2.1 * kernel-livepatch-6_4_0-150600_23_50-default-14-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_10-debugsource-15-150600.2.1 * kernel-livepatch-6_4_0-150600_23_47-default-15-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_11-debugsource-14-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-14-150600.2.1 * kernel-livepatch-6_4_0-150600_23_47-default-debuginfo-15-150600.2.1 * kernel-livepatch-6_4_0-150600_23_50-default-14-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_10-debugsource-15-150600.2.1 * kernel-livepatch-6_4_0-150600_23_47-default-15-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_11-debugsource-14-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 08:30:29 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 10 Apr 2026 08:30:29 -0000 Subject: SUSE-SU-2026:1237-1: important: Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4) Message-ID: <177580982991.21169.2963052281951389899@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1237-1 Release Date: 2026-04-09T17:05:00Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves four vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.187 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1237=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1237=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_187-default-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_47-debugsource-4-150400.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_187-default-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_47-debugsource-4-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 12:31:18 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 10 Apr 2026 12:31:18 -0000 Subject: SUSE-SU-2026:1242-1: important: Security update for the Linux Kernel (Live Patch 45 for SUSE Linux Enterprise 15 SP4) Message-ID: <177582427892.21608.16919418138807847245@634a8d224e68> # Security update for the Linux Kernel (Live Patch 45 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1242-1 Release Date: 2026-04-10T07:04:48Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.179 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1241=1 SUSE-2026-1242=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1242=1 SUSE-SLE- Module-Live-Patching-15-SP5-2026-1241=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1240=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1240=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_24-debugsource-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-17-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_27-debugsource-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_97-default-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-15-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_24-debugsource-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_97-default-debuginfo-17-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_27-debugsource-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_97-default-17-150500.2.1 * kernel-livepatch-5_14_21-150500_55_110-default-15-150500.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_45-debugsource-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_179-default-debuginfo-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_179-default-8-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_45-debugsource-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_179-default-debuginfo-8-150400.2.1 * kernel-livepatch-5_14_21-150400_24_179-default-8-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 16:30:15 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 10 Apr 2026 16:30:15 -0000 Subject: SUSE-SU-2026:1248-1: important: Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5) Message-ID: <177583861599.25885.13558477276619821284@7334c935c7bb> # Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1248-1 Release Date: 2026-04-10T11:04:25Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.113 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1246=1 SUSE-2026-1248=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1246=1 SUSE-SLE- Module-Live-Patching-15-SP5-2026-1248=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_28-debugsource-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-14-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_29-debugsource-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-12-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_28-debugsource-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-12-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-14-150500.2.1 * kernel-livepatch-5_14_21-150500_55_116-default-12-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x) * kernel-livepatch-SLE15-SP5_Update_29-debugsource-12-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 16:32:33 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 10 Apr 2026 16:32:33 -0000 Subject: SUSE-SU-2026:1244-1: important: Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7) Message-ID: <177583875322.22066.6552966510120229163@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1244-1 Release Date: 2026-04-10T08:04:54Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.16 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1244=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_16-default-8-150700.2.1 * kernel-livepatch-6_4_0-150700_53_16-default-debuginfo-8-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_4-debugsource-8-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 16:32:55 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 10 Apr 2026 16:32:55 -0000 Subject: SUSE-SU-2026:1252-1: important: Security update for tigervnc Message-ID: <177583877513.22066.13599743276894129181@ea440c8e37cc> # Security update for tigervnc Announcement ID: SUSE-SU-2026:1252-1 Release Date: 2026-04-10T11:37:03Z Rating: important References: * bsc#1260871 Cross-References: * CVE-2026-34352 CVSS scores: * CVE-2026-34352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L * CVE-2026-34352 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34352 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for tigervnc fixes the following issues: * CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1252=1 openSUSE-SLE-15.6-2026-1252=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1252=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1252=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libXvnc1-debuginfo-1.13.1-150600.4.3.1 * tigervnc-debugsource-1.13.1-150600.4.3.1 * libXvnc1-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-1.13.1-150600.4.3.1 * libXvnc-devel-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-debuginfo-1.13.1-150600.4.3.1 * tigervnc-1.13.1-150600.4.3.1 * tigervnc-debuginfo-1.13.1-150600.4.3.1 * openSUSE Leap 15.6 (noarch) * tigervnc-x11vnc-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-novnc-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-java-1.13.1-150600.4.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le x86_64 i586) * xorg-x11-Xvnc-module-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.13.1-150600.4.3.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libXvnc1-debuginfo-1.13.1-150600.4.3.1 * tigervnc-debugsource-1.13.1-150600.4.3.1 * libXvnc1-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-1.13.1-150600.4.3.1 * libXvnc-devel-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-debuginfo-1.13.1-150600.4.3.1 * tigervnc-1.13.1-150600.4.3.1 * tigervnc-debuginfo-1.13.1-150600.4.3.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le x86_64) * xorg-x11-Xvnc-module-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.13.1-150600.4.3.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * xorg-x11-Xvnc-novnc-1.13.1-150600.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libXvnc1-debuginfo-1.13.1-150600.4.3.1 * tigervnc-debugsource-1.13.1-150600.4.3.1 * libXvnc1-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-module-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-1.13.1-150600.4.3.1 * libXvnc-devel-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-debuginfo-1.13.1-150600.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.13.1-150600.4.3.1 * tigervnc-1.13.1-150600.4.3.1 * tigervnc-debuginfo-1.13.1-150600.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * xorg-x11-Xvnc-novnc-1.13.1-150600.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34352.html * https://bugzilla.suse.com/show_bug.cgi?id=1260871 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 20:30:11 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 10 Apr 2026 20:30:11 -0000 Subject: SUSE-SU-2026:1254-1: important: Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP5) Message-ID: <177585301179.26409.9393317361018906069@7334c935c7bb> # Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1254-1 Release Date: 2026-04-10T14:04:42Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.127 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1254=1 SUSE-2026-1253=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1254=1 SUSE-SLE- Module-Live-Patching-15-SP5-2026-1253=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_34-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_133-default-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_127-default-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-4-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_32-debugsource-4-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_34-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_133-default-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_127-default-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-4-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_32-debugsource-4-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 20:30:20 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 10 Apr 2026 20:30:20 -0000 Subject: SUSE-SU-2026:1257-1: important: Security update for openssl-1_1 Message-ID: <177585302050.26409.12751097295491217605@7334c935c7bb> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2026:1257-1 Release Date: 2026-04-10T15:06:44Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1257=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1257=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1257=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1257=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1257=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1257=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1257=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1257=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1257=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * openssl-1_1-debugsource-1.1.1l-150400.7.90.1 * libopenssl1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-1.1.1l-150400.7.90.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.90.1 * openssl-1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-1.1.1l-150400.7.90.1 * openSUSE Leap 15.4 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-1.1.1l-150400.7.90.1 * openSUSE Leap 15.4 (noarch) * openssl-1_1-doc-1.1.1l-150400.7.90.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libopenssl1_1-64bit-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-64bit-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-64bit-1.1.1l-150400.7.90.1 * libopenssl1_1-64bit-debuginfo-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.90.1 * libopenssl1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-1.1.1l-150400.7.90.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.90.1 * openssl-1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.90.1 * libopenssl1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-1.1.1l-150400.7.90.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.90.1 * openssl-1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.90.1 * libopenssl1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-1.1.1l-150400.7.90.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.90.1 * openssl-1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.90.1 * libopenssl1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-1.1.1l-150400.7.90.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.90.1 * openssl-1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.90.1 * libopenssl1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-1.1.1l-150400.7.90.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.90.1 * openssl-1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.90.1 * libopenssl1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-1.1.1l-150400.7.90.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.90.1 * openssl-1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.90.1 * libopenssl1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-1.1.1l-150400.7.90.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.90.1 * openssl-1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.90.1 * libopenssl1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-1.1.1l-150400.7.90.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.90.1 * openssl-1_1-1.1.1l-150400.7.90.1 * libopenssl1_1-hmac-1.1.1l-150400.7.90.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.90.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.90.1 * libopenssl1_1-32bit-1.1.1l-150400.7.90.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 20:30:28 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 10 Apr 2026 20:30:28 -0000 Subject: SUSE-SU-2026:1256-1: important: Security update for openssl-1_0_0 Message-ID: <177585302885.26409.335146897343524550@7334c935c7bb> # Security update for openssl-1_0_0 Announcement ID: SUSE-SU-2026:1256-1 Release Date: 2026-04-10T14:57:45Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-1_0_0 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1256=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1256=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl1_0_0-hmac-1.0.2p-3.106.1 * openssl-1_0_0-debugsource-1.0.2p-3.106.1 * libopenssl-1_0_0-devel-1.0.2p-3.106.1 * openssl-1_0_0-1.0.2p-3.106.1 * libopenssl1_0_0-1.0.2p-3.106.1 * openssl-1_0_0-debuginfo-1.0.2p-3.106.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.106.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * openssl-1_0_0-doc-1.0.2p-3.106.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libopenssl1_0_0-32bit-1.0.2p-3.106.1 * libopenssl-1_0_0-devel-32bit-1.0.2p-3.106.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.106.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-3.106.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libopenssl-1_0_0-devel-32bit-1.0.2p-3.106.1 * libopenssl1_0_0-hmac-1.0.2p-3.106.1 * openssl-1_0_0-debugsource-1.0.2p-3.106.1 * libopenssl-1_0_0-devel-1.0.2p-3.106.1 * libopenssl1_0_0-32bit-1.0.2p-3.106.1 * openssl-1_0_0-1.0.2p-3.106.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-3.106.1 * libopenssl1_0_0-1.0.2p-3.106.1 * openssl-1_0_0-debuginfo-1.0.2p-3.106.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.106.1 * libopenssl1_0_0-debuginfo-1.0.2p-3.106.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * openssl-1_0_0-doc-1.0.2p-3.106.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 20:30:35 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 10 Apr 2026 20:30:35 -0000 Subject: SUSE-SU-2026:1255-1: important: Security update for openssl-1_1 Message-ID: <177585303576.26409.17876405529193960337@7334c935c7bb> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2026:1255-1 Release Date: 2026-04-10T14:56:49Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1255=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1255=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.1d-2.125.1 * openssl-1_1-debugsource-1.1.1d-2.125.1 * libopenssl-1_1-devel-1.1.1d-2.125.1 * openssl-1_1-1.1.1d-2.125.1 * libopenssl1_1-1.1.1d-2.125.1 * libopenssl1_1-debuginfo-1.1.1d-2.125.1 * libopenssl1_1-hmac-1.1.1d-2.125.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-2.125.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.125.1 * libopenssl1_1-32bit-1.1.1d-2.125.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.125.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * openssl-1_1-debuginfo-1.1.1d-2.125.1 * libopenssl-1_1-devel-32bit-1.1.1d-2.125.1 * openssl-1_1-debugsource-1.1.1d-2.125.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.125.1 * libopenssl1_1-hmac-1.1.1d-2.125.1 * libopenssl-1_1-devel-1.1.1d-2.125.1 * openssl-1_1-1.1.1d-2.125.1 * libopenssl1_1-1.1.1d-2.125.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.125.1 * libopenssl1_1-32bit-1.1.1d-2.125.1 * libopenssl1_1-debuginfo-1.1.1d-2.125.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 20:30:38 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 10 Apr 2026 20:30:38 -0000 Subject: SUSE-SU-2026:1251-1: important: Security update for cockpit-podman Message-ID: <177585303885.26409.17752030673624724680@7334c935c7bb> # Security update for cockpit-podman Announcement ID: SUSE-SU-2026:1251-1 Release Date: 2026-04-10T11:36:50Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit-podman fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1251=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1251=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (noarch) * cockpit-podman-33-150300.6.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * cockpit-podman-33-150300.6.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 20:30:42 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 10 Apr 2026 20:30:42 -0000 Subject: SUSE-SU-2026:1250-1: important: Security update for cockpit-tukit Message-ID: <177585304280.26409.10016787678539802445@7334c935c7bb> # Security update for cockpit-tukit Announcement ID: SUSE-SU-2026:1250-1 Release Date: 2026-04-10T11:36:40Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit-tukit fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1250=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1250=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (noarch) * cockpit-tukit-0.0.3~git14.ff11a9a-150300.1.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * cockpit-tukit-0.0.3~git14.ff11a9a-150300.1.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 20:30:47 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 10 Apr 2026 20:30:47 -0000 Subject: SUSE-SU-2026:1249-1: important: Security update for cockpit-machines Message-ID: <177585304700.26409.1668784441165293541@7334c935c7bb> # Security update for cockpit-machines Announcement ID: SUSE-SU-2026:1249-1 Release Date: 2026-04-10T11:36:32Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit-machines fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1249=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1249=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (noarch) * cockpit-machines-249.1-150300.5.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * cockpit-machines-249.1-150300.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 10 20:30:49 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 10 Apr 2026 20:30:49 -0000 Subject: SUSE-SU-2026:1247-1: important: Security update for nghttp2 Message-ID: <177585304987.26409.12212910839986860400@7334c935c7bb> # Security update for nghttp2 Announcement ID: SUSE-SU-2026:1247-1 Release Date: 2026-04-10T10:35:16Z Rating: important References: * bsc#1259845 Cross-References: * CVE-2026-27135 CVSS scores: * CVE-2026-27135 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27135 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27135 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for nghttp2 fixes the following issue: * CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1247=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1247=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1247=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1247=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1247=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1247=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1247=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1247=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1247=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1247=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1247=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1247=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1247=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1247=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1247=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2_asio-devel-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.22.1 * libnghttp2-devel-1.40.0-150200.22.1 * libnghttp2_asio1-1.40.0-150200.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.22.1 * libnghttp2-14-32bit-1.40.0-150200.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2_asio-devel-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.22.1 * libnghttp2-devel-1.40.0-150200.22.1 * libnghttp2_asio1-1.40.0-150200.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.22.1 * libnghttp2-14-32bit-1.40.0-150200.22.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2_asio-devel-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.22.1 * libnghttp2-devel-1.40.0-150200.22.1 * libnghttp2_asio1-1.40.0-150200.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.22.1 * libnghttp2-14-32bit-1.40.0-150200.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2_asio-devel-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.22.1 * libnghttp2-devel-1.40.0-150200.22.1 * libnghttp2_asio1-1.40.0-150200.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.22.1 * libnghttp2-14-32bit-1.40.0-150200.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2_asio-devel-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.22.1 * libnghttp2-devel-1.40.0-150200.22.1 * libnghttp2_asio1-1.40.0-150200.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.22.1 * libnghttp2-14-32bit-1.40.0-150200.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2_asio-devel-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.22.1 * libnghttp2-devel-1.40.0-150200.22.1 * libnghttp2_asio1-1.40.0-150200.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.22.1 * libnghttp2-14-32bit-1.40.0-150200.22.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2_asio-devel-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.22.1 * libnghttp2-devel-1.40.0-150200.22.1 * libnghttp2_asio1-1.40.0-150200.22.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.22.1 * libnghttp2-14-32bit-1.40.0-150200.22.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libnghttp2-14-1.40.0-150200.22.1 * nghttp2-debuginfo-1.40.0-150200.22.1 * nghttp2-debugsource-1.40.0-150200.22.1 * libnghttp2_asio-devel-1.40.0-150200.22.1 * libnghttp2-14-debuginfo-1.40.0-150200.22.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.22.1 * libnghttp2-devel-1.40.0-150200.22.1 * libnghttp2_asio1-1.40.0-150200.22.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.22.1 * libnghttp2-14-32bit-1.40.0-150200.22.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27135.html * https://bugzilla.suse.com/show_bug.cgi?id=1259845 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:14 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:30:14 -0000 Subject: SUSE-SU-2026:1285-1: important: Security update for the Linux Kernel (Live Patch 68 for SUSE Linux Enterprise 12 SP5) Message-ID: <177606901432.28623.2415684585546401288@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 68 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1285-1 Release Date: 2026-04-12T19:04:23Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1255235 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.258 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1285=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_258-default-13-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:16 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:30:16 -0000 Subject: SUSE-RU-2026:21027-1: moderate: Recommended update for kernel-firmware-bluetooth Message-ID: <177606901681.28623.17905850555325596281@c2c2e0ac4d9f> # Recommended update for kernel-firmware-bluetooth Announcement ID: SUSE-RU-2026:21027-1 Release Date: 2026-04-10T12:56:40Z Rating: moderate References: Affected Products: * SUSE Linux Micro 6.2 An update that can now be installed. ## Description: This update for kernel-firmware-bluetooth fixes the following issues: Changes in kernel-firmware-bluetooth: * Update to version 20251202 (git commit 685171356137): * linux-firmware: Update firmware file for Intel Scorpius core * linux-firmware: Update firmware file for Intel BlazarIGfP core * linux-firmware: Update firmware file for Intel BlazarI core * linux-firmware: Update firmware file for Intel BlazarU-HrPGfP core * linux-firmware: Update firmware file for Intel BlazarU core * Update to version 20251125 (git commit 23568a4b9420): * QCA: Add Bluetooth firmware for WCN685x uart interface * Update to version 20251121 (git commit ff6418d18552): * rtl_bt: Update RTL8852B BT USB FW to 0x42D3_4E04 * Update to version 20251111 (git commit 6fc940781a01): * rtl_bt: Update RTL8922A BT USB firmware to 0x41C0_C905 * Update to version 20251106 (git commit b055b3e24542): * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel BlazarI core * Update to version 20251029 (git commit bfc84303530a): * rtl_bt: Add firmware and config files for RTL8761CUV * Update to version 20251024 (git commit 9b899c779b8a): * QCA: Update Bluetooth WCN6856 firmware 2.1.0-00653 to 2.1.0-00659 * Update to version 20251010 (git commit fef0b3bbf494): * linux-firmware: Update firmware file for Intel Magnetar core * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel BlazarI core * Update to version 20251010 (git commit 49fafa182b23): * qca: Update Bluetooth WCN6750 1.1.3-00091 firmware to 1.1.3-00100 * Update to version 20251004 (git commit 757854f42d83): * rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x3BAC_ADBA * Update to version 20250903 (git commit c784990ba3d2): * rtl_bt: Update RTL8822C BT USB firmware to 0x2B66_D962 * Update to version 20250820 (git commit 70dda28e5098): * Link rtl8723b_config.bin to rtl8723bs * Update to version 20250808 (git commit 8f1ce114de6c): * qca: Update Bluetooth WCN6750 1.1.3-00069 firmware to 1.1.3-00091 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-525=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * kernel-firmware-bluetooth-20251202-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:15 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:30:15 -0000 Subject: SUSE-RU-2026:21028-1: moderate: Recommended update for kernel-firmware-mediatek Message-ID: <177606901562.28623.15844882164930794406@c2c2e0ac4d9f> # Recommended update for kernel-firmware-mediatek Announcement ID: SUSE-RU-2026:21028-1 Release Date: 2026-04-10T13:04:24Z Rating: moderate References: Affected Products: * SUSE Linux Micro 6.2 An update that can now be installed. ## Description: This update for kernel-firmware-mediatek fixes the following issues: Changes in kernel-firmware-mediatek: * Update to version 20251129 (git commit 01006f5dea2d): * linux-firmware: update firmware for MT7925 WiFi device * mediatek MT7925: update bluetooth firmware to 20251124093155 * Update to version 20251119 (git commit fe13aa9b9830): * mediatek MT7922: update bluetooth firmware to 20251118163447 * linux-firmware: update firmware for MT7922 WiFi device * Update to version 20251118 (git commit 53dce114cc5d): * mt76: add firmware for MT7990 * mt76: update firmware for MT7992 * mt76: update firmware for MT7996 * Update to version 20251110 (git commit 15b5dddd9b2a): * linux-firmware: add firmware for mt7987 internal 2.5G ethernet phy * Update aliases * Update to version 20251029 (git commit bfc84303530a): * linux-firmware: update firmware for MT7925 WiFi device * mediatek MT7925: update bluetooth firmware to 20251015213201 * Update to version 20251024 (git commit 9b899c779b8a): * mediatek MT7920: update bluetooth firmware to 20251020151255 * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7920 WiFi device * mediatek MT7922: update bluetooth firmware to 20251020143443 * Revert "linux-firmware: update firmware for MT7922 WiFi device" * Update aliases from 6.18-rc1 * Update to version 20250926 (git commit fad361e997ee): * mediatek: mtk_wed: drop links for mt7988 * Update to version 20250909 (git commit 4573c02ca0ca): * mediatek MT7922: update bluetooth firmware to 20250903123504 * linux-firmware: update firmware for MT7922 WiFi device * Update to version 20250903 (git commit 577ee67ffca2): * linux-firmware: update firmware for MT7925 WiFi device * mediatek MT7925:update bluetooth firmware to 20250825220109 Update binary firmware for MT7925 BT devices. * Update to version 20250813 (git commit acb26167a103): * mediatek: Add MT8189 SCP firmware * Update to version 20250804 (git commit 37b63dc35d98): * linux-firmware: update firmware for MT7925 WiFi device * mediatek MT7925: update bluetooth firmware to 20250721233113 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-526=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * kernel-firmware-mediatek-20251129-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:19 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:30:19 -0000 Subject: SUSE-RU-2026:21026-1: moderate: Recommended update for read-only-root-fs Message-ID: <177606901911.28623.5144621135749644483@c2c2e0ac4d9f> # Recommended update for read-only-root-fs Announcement ID: SUSE-RU-2026:21026-1 Release Date: 2026-04-10T12:55:21Z Rating: moderate References: * bsc#1252892 Affected Products: * SUSE Linux Micro 6.2 An update that has one fix can now be installed. ## Description: This update for read-only-root-fs fixes the following issues: * Add patch to fix workaround for read-only / subvolumes (bsc#1252892) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-524=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * read-only-root-fs-1.0+git20250708.3eed5de-160000.4.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1252892 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:22 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:30:22 -0000 Subject: SUSE-RU-2026:21025-1: moderate: Recommended update for nvidia-open-driver-G07-signed Message-ID: <177606902282.28623.11618634842255490186@c2c2e0ac4d9f> # Recommended update for nvidia-open-driver-G07-signed Announcement ID: SUSE-RU-2026:21025-1 Release Date: 2026-04-10T11:45:31Z Rating: moderate References: * bsc#1259719 * bsc#1260044 Affected Products: * SUSE Linux Micro 6.2 An update that has two fixes can now be installed. ## Description: This update for nvidia-open-driver-G07-signed fixes the following issues: * adding 'ExcludeArch: %ix86 s390x ppc64le' to no longer get autoclines by buildservice hoping that this wont't break RPM descriptions for -cuda variant again * update CUDA variant to 595.58.03 * update non-CUDA version to 595.58.03 (bsc#1260044) * do not set ExclusiveArch in order to fix RPM description for -cuda variant (bsc#1259719) * improved RPM description for -cuda and non-cuda variant * add 'Provides: open-driver-non-cuda-variant = %version' for non-CUDA variant to be able: * to distinguish between both variants; * to be used by nvidia-open-driver-G07-signed-kmp-meta for TW ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-523=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 x86_64) * nvidia-open-driver-G07-signed-cuda-kmp-default-debuginfo-595.58.03_k6.12.0_160000.27-160000.1.1 * nvidia-open-driver-G07-signed-cuda-debugsource-595.58.03-160000.1.1 * nvidia-open-driver-G07-signed-debugsource-595.58.03-160000.1.1 * nvidia-open-driver-G07-signed-kmp-default-debuginfo-595.58.03_k6.12.0_160000.27-160000.1.1 * nvidia-open-driver-G07-signed-cuda-kmp-default-595.58.03_k6.12.0_160000.27-160000.1.1 * nvidia-open-driver-G07-signed-kmp-default-595.58.03_k6.12.0_160000.27-160000.1.1 * SUSE Linux Micro 6.2 (aarch64) * nvidia-open-driver-G07-signed-kmp-64kb-debuginfo-595.58.03_k6.12.0_160000.27-160000.1.1 * nvidia-open-driver-G07-signed-kmp-64kb-595.58.03_k6.12.0_160000.27-160000.1.1 * nvidia-open-driver-G07-signed-cuda-kmp-64kb-595.58.03_k6.12.0_160000.27-160000.1.1 * nvidia-open-driver-G07-signed-cuda-kmp-64kb-debuginfo-595.58.03_k6.12.0_160000.27-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1259719 * https://bugzilla.suse.com/show_bug.cgi?id=1260044 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:26 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:30:26 -0000 Subject: SUSE-SU-2026:21024-1: important: Security update for cockpit-machines Message-ID: <177606902667.28623.7561137459271731524@c2c2e0ac4d9f> # Security update for cockpit-machines Announcement ID: SUSE-SU-2026:21024-1 Release Date: 2026-04-10T11:34:47Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit-machines fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character that doesn't appear in the test string can lead to ReDoS (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-519=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * cockpit-machines-346-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:30 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:30:30 -0000 Subject: SUSE-SU-2026:21023-1: important: Security update for cockpit-podman Message-ID: <177606903041.28623.3125888817494391989@c2c2e0ac4d9f> # Security update for cockpit-podman Announcement ID: SUSE-SU-2026:21023-1 Release Date: 2026-04-10T11:33:40Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit-podman fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-518=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * cockpit-podman-117-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:34 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:30:34 -0000 Subject: SUSE-SU-2026:21022-1: important: Security update for cockpit Message-ID: <177606903423.28623.3611833014232304011@c2c2e0ac4d9f> # Security update for cockpit Announcement ID: SUSE-SU-2026:21022-1 Release Date: 2026-04-10T11:27:10Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character that doesn't appear in the test string can lead to ReDoS (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-520=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * cockpit-ws-selinux-354-160000.2.1 * cockpit-ws-debuginfo-354-160000.2.1 * cockpit-ws-354-160000.2.1 * cockpit-354-160000.2.1 * cockpit-debugsource-354-160000.2.1 * SUSE Linux Micro 6.2 (noarch) * cockpit-system-354-160000.2.1 * cockpit-bridge-354-160000.2.1 * cockpit-selinux-354-160000.2.1 * cockpit-networkmanager-354-160000.2.1 * cockpit-storaged-354-160000.2.1 * cockpit-firewalld-354-160000.2.1 * cockpit-kdump-354-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:38 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:30:38 -0000 Subject: SUSE-SU-2026:21021-1: important: Security update for python-cryptography Message-ID: <177606903820.28623.6950434450781141271@c2c2e0ac4d9f> # Security update for python-cryptography Announcement ID: SUSE-SU-2026:21021-1 Release Date: 2026-04-10T11:23:42Z Rating: important References: * bsc#1258074 * bsc#1260876 Cross-References: * CVE-2026-26007 * CVE-2026-34073 CVSS scores: * CVE-2026-26007 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-26007 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-26007 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26007 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-34073 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34073 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-34073 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34073 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-cryptography fixes the following issues: * CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. (bsc#1260876) * CVE-2026-26007: missing validation can lead to security issues for signature verification (ECDSA) and shared key negotiation (ECDH) (bsc#1258074). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-522=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * python313-cryptography-debuginfo-44.0.3-160000.3.1 * python313-cryptography-44.0.3-160000.3.1 * python-cryptography-debugsource-44.0.3-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26007.html * https://www.suse.com/security/cve/CVE-2026-34073.html * https://bugzilla.suse.com/show_bug.cgi?id=1258074 * https://bugzilla.suse.com/show_bug.cgi?id=1260876 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:46 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:30:46 -0000 Subject: SUSE-SU-2026:21020-1: important: Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) Message-ID: <177606904640.28623.12686805652951877390@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21020-1 Release Date: 2026-04-10T08:13:56Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-517=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_9-default-3-160000.1.1 * kernel-livepatch-6_12_0-160000_9-default-debuginfo-3-160000.1.1 * kernel-livepatch-SLE16_Update_4-debugsource-3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:51 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:30:51 -0000 Subject: SUSE-SU-2026:21019-1: important: Security update for glibc Message-ID: <177606905181.28623.262960891619036744@c2c2e0ac4d9f> # Security update for glibc Announcement ID: SUSE-SU-2026:21019-1 Release Date: 2026-04-10T06:18:59Z Rating: important References: * bsc#1258319 * bsc#1260078 * bsc#1260082 Cross-References: * CVE-2026-4437 * CVE-2026-4438 CVSS scores: * CVE-2026-4437 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4437 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4437 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4438 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4438 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for glibc fixes the following issues: Security fixes: * CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). * CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). Other fixes: * nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-516=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * glibc-locale-base-2.40-160000.4.1 * glibc-devel-debuginfo-2.40-160000.4.1 * glibc-devel-2.40-160000.4.1 * glibc-locale-2.40-160000.4.1 * glibc-debuginfo-2.40-160000.4.1 * glibc-2.40-160000.4.1 * glibc-debugsource-2.40-160000.4.1 * SUSE Linux Micro 6.2 (aarch64 x86_64) * glibc-gconv-modules-extra-2.40-160000.4.1 * glibc-gconv-modules-extra-debuginfo-2.40-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4437.html * https://www.suse.com/security/cve/CVE-2026-4438.html * https://bugzilla.suse.com/show_bug.cgi?id=1258319 * https://bugzilla.suse.com/show_bug.cgi?id=1260078 * https://bugzilla.suse.com/show_bug.cgi?id=1260082 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:54 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:30:54 -0000 Subject: SUSE-SU-2026:21018-1: moderate: Security update for ovmf Message-ID: <177606905437.28623.4852926887341042926@c2c2e0ac4d9f> # Security update for ovmf Announcement ID: SUSE-SU-2026:21018-1 Release Date: 2026-04-09T15:05:01Z Rating: moderate References: * bsc#1252441 Cross-References: * CVE-2025-59438 CVSS scores: * CVE-2025-59438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-59438 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-59438 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for ovmf fixes the following issue: * CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting (bsc#1252441). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-514=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * qemu-ovmf-x86_64-202502-160000.4.1 * qemu-uefi-aarch64-202502-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59438.html * https://bugzilla.suse.com/show_bug.cgi?id=1252441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:30:56 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:30:56 -0000 Subject: SUSE-RU-2026:21017-1: moderate: Recommended update for linux-glibc-devel Message-ID: <177606905699.28623.12063536200385091902@c2c2e0ac4d9f> # Recommended update for linux-glibc-devel Announcement ID: SUSE-RU-2026:21017-1 Release Date: 2026-04-09T14:40:19Z Rating: moderate References: * bsc#1253334 Affected Products: * SUSE Linux Micro 6.2 An update that has one fix can now be installed. ## Description: This update for linux-glibc-devel fixes the following issues: Changes in linux-glibc-devel: * Sync with SLES 16.0 update kernel (6.12.0-160000.6) (bsc#1253334) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-513=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * linux-glibc-devel-6.12-160000.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1253334 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:31:02 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:31:02 -0000 Subject: SUSE-SU-2026:21016-1: moderate: Security update for util-linux Message-ID: <177606906259.28623.14154623279974217070@c2c2e0ac4d9f> # Security update for util-linux Announcement ID: SUSE-SU-2026:21016-1 Release Date: 2026-04-09T13:02:47Z Rating: moderate References: * bsc#1222465 * bsc#1254666 * bsc#1258859 * jsc#PED-13682 Cross-References: * CVE-2025-14104 * CVE-2026-3184 CVSS scores: * CVE-2025-14104 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-14104 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2025-14104 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-3184 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-3184 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-3184 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities, contains one feature and has one fix can now be installed. ## Description: This update for util-linux fixes the following issues: Security issues: * CVE-2025-14104: heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). * CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859). Non security issues: * fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). * lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-510=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * util-linux-debuginfo-2.41.1-160000.3.1 * util-linux-2.41.1-160000.3.1 * util-linux-systemd-debugsource-2.41.1-160000.3.1 * libsmartcols1-2.41.1-160000.3.1 * libsmartcols1-debuginfo-2.41.1-160000.3.1 * libuuid1-2.41.1-160000.3.1 * util-linux-systemd-debuginfo-2.41.1-160000.3.1 * libblkid1-debuginfo-2.41.1-160000.3.1 * libfdisk1-2.41.1-160000.3.1 * util-linux-debugsource-2.41.1-160000.3.1 * libfdisk1-debuginfo-2.41.1-160000.3.1 * liblastlog2-2-debuginfo-2.41.1-160000.3.1 * libmount1-debuginfo-2.41.1-160000.3.1 * libuuid1-debuginfo-2.41.1-160000.3.1 * util-linux-systemd-2.41.1-160000.3.1 * libmount1-2.41.1-160000.3.1 * lastlog2-2.41.1-160000.3.1 * liblastlog2-2-2.41.1-160000.3.1 * lastlog2-debuginfo-2.41.1-160000.3.1 * libblkid1-2.41.1-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14104.html * https://www.suse.com/security/cve/CVE-2026-3184.html * https://bugzilla.suse.com/show_bug.cgi?id=1222465 * https://bugzilla.suse.com/show_bug.cgi?id=1254666 * https://bugzilla.suse.com/show_bug.cgi?id=1258859 * https://jira.suse.com/browse/PED-13682 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:31:04 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:31:04 -0000 Subject: SUSE-OU-2026:21015-1: moderate: Optional update for synce4l, gpsd Message-ID: <177606906414.28623.14958777396274185281@c2c2e0ac4d9f> # Optional update for synce4l, gpsd Announcement ID: SUSE-OU-2026:21015-1 Release Date: 2026-04-09T12:42:57Z Rating: moderate References: * jsc#PED-15929 Affected Products: * SUSE Linux Micro 6.2 An update that contains one feature can now be installed. ## Description: This update for synce4l, gpsd fixes the following issues: synce4l and gpsd are shipped to SLES and SL Micro. (jsc#PED-15929) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-508=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * synce4l-debugsource-1.1.1-160000.1.1 * synce4l-1.1.1-160000.1.1 * gpsd-debugsource-3.27.5-160000.1.1 * synce4l-debuginfo-1.1.1-160000.1.1 * gpsd-debuginfo-3.27.5-160000.1.1 * gpsd-3.27.5-160000.1.1 ## References: * https://jira.suse.com/browse/PED-15929 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:31:06 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:31:06 -0000 Subject: SUSE-RU-2026:21014-1: moderate: Recommended update for chrony Message-ID: <177606906651.28623.15259557368411796700@c2c2e0ac4d9f> # Recommended update for chrony Announcement ID: SUSE-RU-2026:21014-1 Release Date: 2026-04-09T11:57:51Z Rating: moderate References: * bsc#1246544 Affected Products: * SUSE Linux Micro 6.2 An update that has one fix can now be installed. ## Description: This update for chrony fixes the following issues: * Add maxunreach option to limit selection of unreachable sources * Add -u option to chronyc to drop root privileges (default chronyc user is set by configure script) * Fix refclock extpps option to work on Linux greater than or equal to 6.15 * Validate refclock samples for reachability updates * Fix racy socket creation (bsc#1246544) * Add opencommands directive to select remote monitoring commands * Add interval option to driftfile directive * Add waitsynced and waitunsynced options to local directive * Add sanity checks for integer values in configuration * Add support for systemd Type=notify service * Add RTC refclock driver * Allow PHC refclock to be specified with network interface name * Do not require multiple refclock samples per poll to simplify filter configuration * Keep refclock reachable when dropping samples with large delay * Improve quantile-based filtering to adapt faster to larger delay * Improve logging of selection failures * Detect clock interference from other processes * Try to reopen message log (-l option) on cyclelogs command * Fix sourcedir reloading to not multiply sources * Fix tracking offset after failed clock step * Drop support for NTS with Nettle less than 3.6 and GnuTLS less than 3.6.14 * Drop support for building without POSIX threads ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-503=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * chrony-debugsource-4.8-160000.1.1 * chrony-4.8-160000.1.1 * chrony-debuginfo-4.8-160000.1.1 * SUSE Linux Micro 6.2 (noarch) * chrony-pool-empty-4.8-160000.1.1 * chrony-pool-suse-4.8-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1246544 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:31:19 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:31:19 -0000 Subject: SUSE-RU-2026:21010-1: moderate: Recommended update for kernel-firmware-ath12k Message-ID: <177606907936.28623.13462392818115617518@c2c2e0ac4d9f> # Recommended update for kernel-firmware-ath12k Announcement ID: SUSE-RU-2026:21010-1 Release Date: 2026-04-09T11:07:50Z Rating: moderate References: * bsc#1250952 Affected Products: * SUSE Linux Micro 6.2 An update that has one fix can now be installed. ## Description: This update for kernel-firmware-ath12k fixes the following issues: * amdgpu and ath12k firmware files drivers where missing (bsc#1250952). * Version update 20250919 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-497=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * kernel-firmware-ath12k-20250919-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1250952 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:31:16 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:31:16 -0000 Subject: SUSE-RU-2026:21011-1: moderate: Recommended update for patterns-base Message-ID: <177606907662.28623.1517606954241879407@c2c2e0ac4d9f> # Recommended update for patterns-base Announcement ID: SUSE-RU-2026:21011-1 Release Date: 2026-04-09T11:14:33Z Rating: moderate References: * jsc#PED-262 Affected Products: * SUSE Linux Micro 6.2 An update that contains one feature can now be installed. ## Description: This update for patterns-base fixes the following issues: Changes in patterns-base: * Drop biosdevname, this is being replaced by systemd predictable network interface naming (jsc#PED-262). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-500=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * patterns-base-base-20241218-160000.3.1 * patterns-base-minimal_base-20241218-160000.3.1 * patterns-base-selinux-20241218-160000.3.1 * patterns-base-bootloader-20241218-160000.3.1 * patterns-base-basesystem-20241218-160000.3.1 * patterns-base-transactional_base-20241218-160000.3.1 * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * patterns-base-kernel_livepatching-20241218-160000.3.1 ## References: * https://jira.suse.com/browse/PED-262 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:31:10 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:31:10 -0000 Subject: SUSE-SU-2026:21013-1: moderate: Security update for zlib Message-ID: <177606907008.28623.3821264065787269550@c2c2e0ac4d9f> # Security update for zlib Announcement ID: SUSE-SU-2026:21013-1 Release Date: 2026-04-09T11:25:32Z Rating: moderate References: * bsc#1216378 * bsc#1258392 Cross-References: * CVE-2023-45853 * CVE-2026-27171 CVSS scores: * CVE-2023-45853 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45853 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45853 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27171 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-27171 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27171 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27171 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for zlib fixes the following issues: * CVE-2026-27171: Fixed an infinite loop via the crc32_combine64 and crc32_combine_gen64 functions due to missing checks for negative lengths. (bsc#1258392) * CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6. (bsc#1216378) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-502=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * zlib-devel-1.2.13-160000.3.1 * libz1-1.2.13-160000.3.1 * zlib-debugsource-1.2.13-160000.3.1 * libz1-debuginfo-1.2.13-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45853.html * https://www.suse.com/security/cve/CVE-2026-27171.html * https://bugzilla.suse.com/show_bug.cgi?id=1216378 * https://bugzilla.suse.com/show_bug.cgi?id=1258392 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:31:15 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:31:15 -0000 Subject: SUSE-RU-2026:21012-1: important: Recommended update for sg3_utils Message-ID: <177606907544.28623.14710804992408474182@c2c2e0ac4d9f> # Recommended update for sg3_utils Announcement ID: SUSE-RU-2026:21012-1 Release Date: 2026-04-09T11:14:34Z Rating: important References: * bsc#1215720 * bsc#1216355 * bsc#1258664 Affected Products: * SUSE Linux Micro 6.2 An update that has three fixes can now be installed. ## Description: This update for sg3_utils fixes the following issues: * Update to version 1.48~20221101+5.c6a1f6b8: * rescan-scsi-bus.sh: * Fix invocation of udevadm (bsc#1258664) * Fix multipath issue when called with -s and without -u (bsc#1215720, bsc#1216355) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-499=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * sg3_utils-debuginfo-1.48~20221101+5.c6a1f6b8-160000.1.1 * libsgutils2-1_48-2-1.48~20221101+5.c6a1f6b8-160000.1.1 * sg3_utils-1.48~20221101+5.c6a1f6b8-160000.1.1 * sg3_utils-debugsource-1.48~20221101+5.c6a1f6b8-160000.1.1 * libsgutils2-1_48-2-debuginfo-1.48~20221101+5.c6a1f6b8-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215720 * https://bugzilla.suse.com/show_bug.cgi?id=1216355 * https://bugzilla.suse.com/show_bug.cgi?id=1258664 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:31:28 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:31:28 -0000 Subject: SUSE-SU-2026:21009-1: important: Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 16) Message-ID: <177606908838.28623.7108006750204902498@c2c2e0ac4d9f> # Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21009-1 Release Date: 2026-04-09T08:48:26Z Rating: important References: * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-493=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-SLE16-RT_Update_2-debugsource-4-160000.1.1 * kernel-livepatch-6_12_0-160000_7-rt-debuginfo-4-160000.1.1 * kernel-livepatch-6_12_0-160000_7-rt-4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:31:40 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:31:40 -0000 Subject: SUSE-SU-2026:21008-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 16) Message-ID: <177606910015.28623.15757489068517755943@c2c2e0ac4d9f> # Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21008-1 Release Date: 2026-04-09T08:48:26Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-492=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_6-rt-debuginfo-6-160000.1.1 * kernel-livepatch-SLE16-RT_Update_1-debugsource-6-160000.1.1 * kernel-livepatch-6_12_0-160000_6-rt-6-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:31:51 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:31:51 -0000 Subject: SUSE-SU-2026:21007-1: important: Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 16) Message-ID: <177606911167.28623.14009401691234176505@c2c2e0ac4d9f> # Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21007-1 Release Date: 2026-04-09T08:48:26Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-491=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-SLE16-RT_Update_0-debugsource-7-160000.3.4 * kernel-livepatch-6_12_0-160000_5-rt-7-160000.3.4 * kernel-livepatch-6_12_0-160000_5-rt-debuginfo-7-160000.3.4 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:31:59 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:31:59 -0000 Subject: SUSE-SU-2026:21006-1: important: Security update for the Linux Kernel RT (Live Patch 3 for SUSE Linux Enterprise 16) Message-ID: <177606911947.28623.10533976556613285273@c2c2e0ac4d9f> # Security update for the Linux Kernel RT (Live Patch 3 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21006-1 Release Date: 2026-04-09T08:48:26Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-490=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_8-rt-debuginfo-3-160000.1.1 * kernel-livepatch-6_12_0-160000_8-rt-3-160000.1.1 * kernel-livepatch-SLE16-RT_Update_3-debugsource-3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:32:07 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:32:07 -0000 Subject: SUSE-SU-2026:21005-1: important: Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise 16) Message-ID: <177606912745.28623.9369776123901786169@c2c2e0ac4d9f> # Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21005-1 Release Date: 2026-04-09T08:48:26Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-489=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_9-rt-3-160000.1.1 * kernel-livepatch-SLE16-RT_Update_4-debugsource-3-160000.1.1 * kernel-livepatch-6_12_0-160000_9-rt-debuginfo-3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:32:12 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:32:12 -0000 Subject: SUSE-SU-2026:21004-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise 16) Message-ID: <177606913285.28623.14074138161436904897@c2c2e0ac4d9f> # Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21004-1 Release Date: 2026-04-09T08:48:26Z Rating: important References: * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues The following security issues were fixed: * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-488=1 ## Package List: * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_26-rt-2-160000.1.1 * kernel-livepatch-6_12_0-160000_26-rt-debuginfo-2-160000.1.1 * kernel-livepatch-SLE16-RT_Update_5-debugsource-2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:32:20 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:32:20 -0000 Subject: SUSE-SU-2026:21003-1: important: Security update for systemd Message-ID: <177606914038.28623.10755512507562605626@c2c2e0ac4d9f> # Security update for systemd Announcement ID: SUSE-SU-2026:21003-1 Release Date: 2026-04-07T15:08:39Z Rating: important References: * bsc#1255326 * bsc#1258344 * bsc#1259418 * bsc#1259650 * bsc#1259697 * jsc#PED-14853 Cross-References: * CVE-2026-29111 * CVE-2026-4105 CVSS scores: * CVE-2026-29111 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-29111 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29111 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4105 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4105 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4105 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities, contains one feature and has three fixes can now be installed. ## Description: This update for systemd fixes the following issues: Update to systemd v257.13: Security issues: * CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). * CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). * udev: local root execution via malicious hardware devices and unsanitized kernel output (bsc#1259697). Non security issues: * Avoid shipping (empty) directories and ghost files in /var (jsc#PED-14853). * Sign systemd-boot EFI binary on aarch64 (bsc#1258344) * terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) Changelog: * 6941d92dc2 machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105) * 03bb697b8d udev: check for invalid chars in various fields received from the kernel (bsc#1259697) * 54588d2ded core: validate input cgroup path more prudently (bsc#1259418 CVE-2026-29111) * fb9d92682b terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/3c53ef3ea20bd43ef587cbdfa7107aeb1ef55654...d349fc5cd4f9ee2b7884c2610647e92806d14b28 ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-485=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * systemd-portable-257.13-160000.1.1 * libsystemd0-debuginfo-257.13-160000.1.1 * libsystemd0-257.13-160000.1.1 * udev-257.13-160000.1.1 * systemd-debugsource-257.13-160000.1.1 * libudev1-debuginfo-257.13-160000.1.1 * systemd-container-257.13-160000.1.1 * systemd-experimental-debuginfo-257.13-160000.1.1 * udev-debuginfo-257.13-160000.1.1 * systemd-experimental-257.13-160000.1.1 * systemd-container-debuginfo-257.13-160000.1.1 * systemd-journal-remote-257.13-160000.1.1 * systemd-portable-debuginfo-257.13-160000.1.1 * systemd-journal-remote-debuginfo-257.13-160000.1.1 * systemd-debuginfo-257.13-160000.1.1 * systemd-257.13-160000.1.1 * libudev1-257.13-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-29111.html * https://www.suse.com/security/cve/CVE-2026-4105.html * https://bugzilla.suse.com/show_bug.cgi?id=1255326 * https://bugzilla.suse.com/show_bug.cgi?id=1258344 * https://bugzilla.suse.com/show_bug.cgi?id=1259418 * https://bugzilla.suse.com/show_bug.cgi?id=1259650 * https://bugzilla.suse.com/show_bug.cgi?id=1259697 * https://jira.suse.com/browse/PED-14853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:32:25 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:32:25 -0000 Subject: SUSE-SU-2026:21002-1: important: Security update for tar Message-ID: <177606914533.28623.2867581048821449825@c2c2e0ac4d9f> # Security update for tar Announcement ID: SUSE-SU-2026:21002-1 Release Date: 2026-04-07T14:55:48Z Rating: important References: * bsc#1246399 * bsc#1246607 Cross-References: * CVE-2025-45582 CVSS scores: * CVE-2025-45582 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-45582 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-45582 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for tar fixes the following issue: Security issue: * CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). Non security issue: * Fixes tar creating invalid tarballs when used with --delete (bsc#1246607) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-486=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * tar-debuginfo-1.35-160000.3.1 * tar-debugsource-1.35-160000.3.1 * tar-1.35-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-45582.html * https://bugzilla.suse.com/show_bug.cgi?id=1246399 * https://bugzilla.suse.com/show_bug.cgi?id=1246607 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:32:28 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:32:28 -0000 Subject: SUSE-SU-2026:21001-1: moderate: Security update for libtasn1 Message-ID: <177606914814.28623.15904826581455748961@c2c2e0ac4d9f> # Security update for libtasn1 Announcement ID: SUSE-SU-2026:21001-1 Release Date: 2026-04-07T14:45:56Z Rating: moderate References: * bsc#1256341 Cross-References: * CVE-2025-13151 CVSS scores: * CVE-2025-13151 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-13151 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-13151 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for libtasn1 fixes the following issues: * CVE-2025-13151: lack of validation of input data size leads to stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-484=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libtasn1-debugsource-4.21.0-160000.1.1 * libtasn1-6-debuginfo-4.21.0-160000.1.1 * libtasn1-6-4.21.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13151.html * https://bugzilla.suse.com/show_bug.cgi?id=1256341 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:32:34 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:32:34 -0000 Subject: SUSE-SU-2026:21000-1: important: Security update for libpng16 Message-ID: <177606915410.28623.5793766130588765210@c2c2e0ac4d9f> # Security update for libpng16 Announcement ID: SUSE-SU-2026:21000-1 Release Date: 2026-04-07T11:59:28Z Rating: important References: * bsc#1260754 * bsc#1260755 Cross-References: * CVE-2026-33416 * CVE-2026-33636 CVSS scores: * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-33636 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-33636 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-33636 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for libpng16 fixes the following issues: * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). * CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-480=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libpng16-16-debuginfo-1.6.44-160000.6.1 * libpng16-16-1.6.44-160000.6.1 * libpng16-debugsource-1.6.44-160000.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://www.suse.com/security/cve/CVE-2026-33636.html * https://bugzilla.suse.com/show_bug.cgi?id=1260754 * https://bugzilla.suse.com/show_bug.cgi?id=1260755 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:32:39 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:32:39 -0000 Subject: SUSE-SU-2026:20999-1: important: Security update for glibc Message-ID: <177606915942.28623.10810142662668463378@c2c2e0ac4d9f> # Security update for glibc Announcement ID: SUSE-SU-2026:20999-1 Release Date: 2026-04-10T07:11:54Z Rating: important References: * bsc#1258319 * bsc#1260078 * bsc#1260082 Cross-References: * CVE-2026-4437 * CVE-2026-4438 CVSS scores: * CVE-2026-4437 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4437 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4437 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4438 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4438 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.2 * SUSE Linux Micro Extras 6.2 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for glibc fixes the following issues: Security fixes: * CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). * CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). Other fixes: * nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.2 zypper in -t patch SUSE-SLE-Micro-Extras-6.2-516=1 ## Package List: * SUSE Linux Micro Extras 6.2 (aarch64 ppc64le s390x x86_64) * glibc-debuginfo-2.40-160000.4.1 * glibc-gconv-modules-extra-2.40-160000.4.1 * glibc-gconv-modules-extra-debuginfo-2.40-160000.4.1 * glibc-debugsource-2.40-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4437.html * https://www.suse.com/security/cve/CVE-2026-4438.html * https://bugzilla.suse.com/show_bug.cgi?id=1258319 * https://bugzilla.suse.com/show_bug.cgi?id=1260078 * https://bugzilla.suse.com/show_bug.cgi?id=1260082 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:32:46 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:32:46 -0000 Subject: SUSE-SU-2026:20998-1: important: Security update for systemd Message-ID: <177606916687.28623.2436273500208529689@c2c2e0ac4d9f> # Security update for systemd Announcement ID: SUSE-SU-2026:20998-1 Release Date: 2026-04-07T15:10:12Z Rating: important References: * bsc#1255326 * bsc#1258344 * bsc#1259418 * bsc#1259650 * bsc#1259697 * jsc#PED-14853 Cross-References: * CVE-2026-29111 * CVE-2026-4105 CVSS scores: * CVE-2026-29111 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-29111 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29111 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4105 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4105 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4105 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 * SUSE Linux Micro Extras 6.2 An update that solves two vulnerabilities, contains one feature and has three fixes can now be installed. ## Description: This update for systemd fixes the following issues: Update to systemd v257.13: Security issues: * CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). * CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). * udev: local root execution via malicious hardware devices and unsanitized kernel output (bsc#1259697). Non security issues: * Avoid shipping (empty) directories and ghost files in /var (jsc#PED-14853). * Sign systemd-boot EFI binary on aarch64 (bsc#1258344) * terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) Changelog: * 6941d92dc2 machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105) * 03bb697b8d udev: check for invalid chars in various fields received from the kernel (bsc#1259697) * 54588d2ded core: validate input cgroup path more prudently (bsc#1259418 CVE-2026-29111) * fb9d92682b terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/3c53ef3ea20bd43ef587cbdfa7107aeb1ef55654...d349fc5cd4f9ee2b7884c2610647e92806d14b28 ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.2 zypper in -t patch SUSE-SLE-Micro-Extras-6.2-485=1 ## Package List: * SUSE Linux Micro Extras 6.2 (aarch64 ppc64le s390x x86_64) * systemd-debuginfo-257.13-160000.1.1 * systemd-devel-257.13-160000.1.1 * systemd-debugsource-257.13-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-29111.html * https://www.suse.com/security/cve/CVE-2026-4105.html * https://bugzilla.suse.com/show_bug.cgi?id=1255326 * https://bugzilla.suse.com/show_bug.cgi?id=1258344 * https://bugzilla.suse.com/show_bug.cgi?id=1259418 * https://bugzilla.suse.com/show_bug.cgi?id=1259650 * https://bugzilla.suse.com/show_bug.cgi?id=1259697 * https://jira.suse.com/browse/PED-14853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:32:54 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:32:54 -0000 Subject: SUSE-SU-2026:1284-1: important: Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 15 SP7) Message-ID: <177606917447.28623.14234952970364712656@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1284-1 Release Date: 2026-04-12T10:34:11Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.25 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1284=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_25-default-debuginfo-3-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_7-debugsource-3-150700.2.1 * kernel-livepatch-6_4_0-150700_53_25-default-3-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:33:06 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:33:06 -0000 Subject: SUSE-SU-2026:1283-1: important: Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise 15 SP6) Message-ID: <177606918602.28623.5534330698871955125@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1283-1 Release Date: 2026-04-12T10:34:05Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.60 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1283=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1282=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1282=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_51-default-13-150700.3.36.1 * kernel-livepatch-6_4_0-150700_51-default-debuginfo-13-150700.3.36.1 * kernel-livepatch-SLE15-SP7_Update_0-debugsource-13-150700.3.36.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_13-debugsource-12-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-12-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-12-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_13-debugsource-12-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-12-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-12-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:33:17 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:33:17 -0000 Subject: SUSE-SU-2026:1281-1: important: Security update for the Linux Kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP4) Message-ID: <177606919721.28623.4454545726379905238@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1281-1 Release Date: 2026-04-12T08:35:33Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.170 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1281=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1281=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_170-default-14-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_42-debugsource-14-150400.2.1 * kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-14-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_170-default-14-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_42-debugsource-14-150400.2.1 * kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-14-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:33:26 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:33:26 -0000 Subject: SUSE-SU-2026:1280-1: important: Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise 15 SP4) Message-ID: <177606920675.28623.17015165575981939229@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1280-1 Release Date: 2026-04-12T02:04:37Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.167 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1280=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1280=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-15-150400.2.1 * kernel-livepatch-5_14_21-150400_24_167-default-15-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_41-debugsource-15-150400.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-15-150400.2.1 * kernel-livepatch-5_14_21-150400_24_167-default-15-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_41-debugsource-15-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:33:34 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:33:34 -0000 Subject: SUSE-SU-2026:1279-1: important: Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7) Message-ID: <177606921466.28623.8501133612649236166@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1279-1 Release Date: 2026-04-12T00:08:13Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.28 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1279=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_28-default-debuginfo-3-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_8-debugsource-3-150700.2.1 * kernel-livepatch-6_4_0-150700_53_28-default-3-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:33:47 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:33:47 -0000 Subject: SUSE-SU-2026:1278-1: important: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7) Message-ID: <177606922714.28623.8750701411664703364@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1278-1 Release Date: 2026-04-12T00:08:07Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.3 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1278=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1277=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-1276=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1275=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_6-default-debuginfo-12-150700.2.1 * kernel-livepatch-6_4_0-150700_53_19-default-debuginfo-5-150700.2.1 * kernel-livepatch-6_4_0-150700_53_19-default-5-150700.2.1 * kernel-livepatch-6_4_0-150700_53_3-default-debuginfo-13-150700.2.1 * kernel-livepatch-6_4_0-150700_53_11-default-8-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_3-debugsource-8-150700.2.1 * kernel-livepatch-6_4_0-150700_53_3-default-13-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_5-debugsource-5-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_2-debugsource-12-150700.2.1 * kernel-livepatch-6_4_0-150700_53_11-default-debuginfo-8-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_1-debugsource-13-150700.2.1 * kernel-livepatch-6_4_0-150700_53_6-default-12-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:33:58 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:33:58 -0000 Subject: SUSE-SU-2026:1274-1: important: Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6) Message-ID: <177606923812.28623.3631052592037313587@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1274-1 Release Date: 2026-04-11T20:04:33Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 * bsc#1259896 * bsc#1259962 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves five vulnerabilities and has two security fixes can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.84 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). The following non security issue was fixed: * Fix NULL pointer dereference in smb2_query_server_interfaces Livepatch for to restore a null check of server->ops->query_server_interfaces that was dropped by mistake. (bsc#1259896 bsc#1259962). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1274=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1274=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_84-default-3-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_19-debugsource-3-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_84-default-3-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_19-debugsource-3-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 * https://bugzilla.suse.com/show_bug.cgi?id=1259896 * https://bugzilla.suse.com/show_bug.cgi?id=1259962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:34:06 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:34:06 -0000 Subject: SUSE-SU-2026:1272-1: important: Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6) Message-ID: <177606924645.28623.12877680742824781805@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1272-1 Release Date: 2026-04-11T18:04:50Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.81 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1272=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1272=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_81-default-3-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_18-debugsource-3-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_81-default-3-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_18-debugsource-3-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:34:19 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:34:19 -0000 Subject: SUSE-SU-2026:1271-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6) Message-ID: <177606925925.28623.6406194642971474266@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1271-1 Release Date: 2026-04-11T18:04:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.65 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1271=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1271=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_65-default-8-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_14-debugsource-8-150600.2.1 * kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-8-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_65-default-8-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_14-debugsource-8-150600.2.1 * kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-8-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:34:27 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:34:27 -0000 Subject: SUSE-SU-2026:1270-1: important: Security update for the Linux Kernel (Live Patch 33 for SUSE Linux Enterprise 15 SP5) Message-ID: <177606926704.28623.11882558806935682600@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 33 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1270-1 Release Date: 2026-04-11T16:34:14Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.130 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1270=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1270=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_130-default-4-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_33-debugsource-4-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_130-default-4-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_33-debugsource-4-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:34:36 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:34:36 -0000 Subject: SUSE-SU-2026:1269-1: important: Security update for the Linux Kernel (Live Patch 37 for SUSE Linux Enterprise 15 SP4) Message-ID: <177606927667.28623.5942773034035740499@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 37 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1269-1 Release Date: 2026-04-11T16:04:45Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.153 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1269=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1269=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-17-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_37-debugsource-17-150400.2.1 * kernel-livepatch-5_14_21-150400_24_153-default-17-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_153-default-debuginfo-17-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_37-debugsource-17-150400.2.1 * kernel-livepatch-5_14_21-150400_24_153-default-17-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:34:39 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:34:39 -0000 Subject: SUSE-SU-2026:1273-1: important: Security update for MozillaFirefox Message-ID: <177606927986.28623.30168360843073821@c2c2e0ac4d9f> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2026:1273-1 Release Date: 2026-04-11T19:04:49Z Rating: important References: * bsc#1261663 * jsc#PED-15778 Cross-References: * CVE-2026-5731 * CVE-2026-5732 * CVE-2026-5734 CVSS scores: * CVE-2026-5731 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5731 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5732 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5732 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5734 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5734 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities and contains one feature can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Update to 149.0.2 and 140.9.1esr (bsc#1261663). * CVE-2026-5731: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. * CVE-2026-5732: Incorrect boundary conditions, integer overflow in the Graphics: Text component. * CVE-2026-5734: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1273=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1273=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-140.9.1-112.307.1 * MozillaFirefox-debugsource-140.9.1-112.307.1 * MozillaFirefox-debuginfo-140.9.1-112.307.1 * MozillaFirefox-translations-common-140.9.1-112.307.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * MozillaFirefox-devel-140.9.1-112.307.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * MozillaFirefox-140.9.1-112.307.1 * MozillaFirefox-debugsource-140.9.1-112.307.1 * MozillaFirefox-debuginfo-140.9.1-112.307.1 * MozillaFirefox-translations-common-140.9.1-112.307.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * MozillaFirefox-devel-140.9.1-112.307.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5731.html * https://www.suse.com/security/cve/CVE-2026-5732.html * https://www.suse.com/security/cve/CVE-2026-5734.html * https://bugzilla.suse.com/show_bug.cgi?id=1261663 * https://jira.suse.com/browse/PED-15778 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:34:49 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:34:49 -0000 Subject: SUSE-SU-2026:1268-1: important: Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise 15 SP4) Message-ID: <177606928956.28623.12442323929578760715@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1268-1 Release Date: 2026-04-11T14:04:52Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.158 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1267=1 SUSE-2026-1268=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1267=1 SUSE-SLE- Module-Live-Patching-15-SP4-2026-1268=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_158-default-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_161-default-16-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_39-debugsource-16-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_38-debugsource-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-16-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_161-default-debuginfo-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_158-default-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_161-default-16-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_39-debugsource-16-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_38-debugsource-16-150400.2.1 * kernel-livepatch-5_14_21-150400_24_158-default-debuginfo-16-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:34:57 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:34:57 -0000 Subject: SUSE-SU-2026:1266-1: important: Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6) Message-ID: <177606929747.28623.14981204716940028749@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1266-1 Release Date: 2026-04-11T11:04:41Z Rating: important References: * bsc#1258051 * bsc#1258183 * bsc#1258784 * bsc#1259896 * bsc#1259962 Cross-References: * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.87 fixes various security issues The following security issues were fixed: * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). The following non security issue was fixed: * Fix NULL pointer dereference in smb2_query_server_interfaces Livepatch for to restore a null check of server->ops->query_server_interfaces that was dropped by mistake. (bsc#1259896 bsc#1259962). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1266=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1266=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_87-default-2-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_20-debugsource-2-150600.2.1 * kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-2-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_87-default-2-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_20-debugsource-2-150600.2.1 * kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-2-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 * https://bugzilla.suse.com/show_bug.cgi?id=1259896 * https://bugzilla.suse.com/show_bug.cgi?id=1259962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:35:04 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:35:04 -0000 Subject: SUSE-SU-2026:1265-1: important: Security update for the Linux Kernel (Live Patch 46 for SUSE Linux Enterprise 15 SP4) Message-ID: <177606930488.28623.13126527863932418922@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 46 for SUSE Linux Enterprise 15 SP4) Announcement ID: SUSE-SU-2026:1265-1 Release Date: 2026-04-11T04:34:33Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves four vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.184 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1265=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1265=1 ## Package List: * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_46-debugsource-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_184-default-4-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-4-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_46-debugsource-4-150400.2.1 * kernel-livepatch-5_14_21-150400_24_184-default-4-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:35:15 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:35:15 -0000 Subject: SUSE-SU-2026:1263-1: important: Security update for the Linux Kernel (Live Patch 25 for SUSE Linux Enterprise 15 SP5) Message-ID: <177606931507.28623.13435074275800991387@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 25 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1263-1 Release Date: 2026-04-11T03:36:25Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.100 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1263=1 SUSE-2026-1264=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1263=1 SUSE-SLE- Module-Live-Patching-15-SP5-2026-1264=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-16-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_25-debugsource-16-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_26-debugsource-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_100-default-16-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_100-default-debuginfo-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_103-default-16-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_25-debugsource-16-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_26-debugsource-16-150500.2.1 * kernel-livepatch-5_14_21-150500_55_100-default-16-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:35:23 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:35:23 -0000 Subject: SUSE-SU-2026:1262-1: important: Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Message-ID: <177606932384.28623.13245367093562670181@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1262-1 Release Date: 2026-04-10T21:43:56Z Rating: important References: * bsc#1258051 * bsc#1258183 * bsc#1258784 * bsc#1259896 * bsc#1259962 Cross-References: * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.31 fixes various security issues The following security issues were fixed: * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). The following non security issue was fixed: * Fix NULL pointer dereference in smb2_query_server_interfaces Livepatch for to restore a null check of server->ops->query_server_interfaces that was dropped by mistake. (bsc#1259896 bsc#1259962). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1262=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP7_Update_9-debugsource-2-150700.2.1 * kernel-livepatch-6_4_0-150700_53_31-default-debuginfo-2-150700.2.1 * kernel-livepatch-6_4_0-150700_53_31-default-2-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 * https://bugzilla.suse.com/show_bug.cgi?id=1259896 * https://bugzilla.suse.com/show_bug.cgi?id=1259962 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:35:35 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:35:35 -0000 Subject: SUSE-SU-2026:1261-1: important: Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise 15 SP6) Message-ID: <177606933513.28623.13475333051926383779@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1261-1 Release Date: 2026-04-10T19:34:47Z Rating: important References: * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.78 fixes various security issues The following security issues were fixed: * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1261=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1260=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1260=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_22-default-debuginfo-3-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_6-debugsource-3-150700.2.1 * kernel-livepatch-6_4_0-150700_53_22-default-3-150700.2.1 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_78-default-3-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_17-debugsource-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-3-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150600_23_78-default-3-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_17-debugsource-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-3-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:35:47 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:35:47 -0000 Subject: SUSE-SU-2026:1259-1: important: Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP6) Message-ID: <177606934783.28623.11060808554535627733@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1259-1 Release Date: 2026-04-10T17:35:16Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.42 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1259=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1259=1 ## Package List: * openSUSE Leap 15.6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_9-debugsource-16-150600.2.1 * kernel-livepatch-6_4_0-150600_23_42-default-16-150600.2.1 * kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-16-150600.2.1 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP6_Update_9-debugsource-16-150600.2.1 * kernel-livepatch-6_4_0-150600_23_42-default-16-150600.2.1 * kernel-livepatch-6_4_0-150600_23_42-default-debuginfo-16-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 08:35:52 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 08:35:52 -0000 Subject: SUSE-SU-2026:1258-1: important: Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5) Message-ID: <177606935265.28623.11665871433208239546@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1258-1 Release Date: 2026-04-10T17:35:09Z Rating: important References: * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.136 fixes various security issues The following security issues were fixed: * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1258=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1258=1 ## Package List: * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_136-default-3-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_35-debugsource-3-150500.2.1 * kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-3-150500.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_136-default-3-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_35-debugsource-3-150500.2.1 * kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-3-150500.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 12:30:12 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 12:30:12 -0000 Subject: SUSE-SU-2026:1288-1: important: Security update for the Linux Kernel (Live Patch 74 for SUSE Linux Enterprise 12 SP5) Message-ID: <177608341272.1635.484370710099835331@7334c935c7bb> # Security update for the Linux Kernel (Live Patch 74 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1288-1 Release Date: 2026-04-13T06:34:14Z Rating: important References: * bsc#1255235 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.280 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1288=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_280-default-4-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 12:30:24 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 12:30:24 -0000 Subject: SUSE-SU-2026:1287-1: important: Security update for the Linux Kernel (Live Patch 69 for SUSE Linux Enterprise 12 SP5) Message-ID: <177608342453.1635.11554619348358522887@7334c935c7bb> # Security update for the Linux Kernel (Live Patch 69 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1287-1 Release Date: 2026-04-12T23:15:16Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1255235 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.261 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1287=1 SUSE-SLE-Live- Patching-12-SP5-2026-1286=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_266-default-12-2.1 * kgraft-patch-4_12_14-122_261-default-12-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:30:21 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:30:21 -0000 Subject: SUSE-SU-2026:1297-1: important: Security update for the Linux Kernel (Live Patch 66 for SUSE Linux Enterprise 12 SP5) Message-ID: <177609782186.29674.11282016698598737381@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 66 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1297-1 Release Date: 2026-04-13T12:42:15Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1255235 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.250 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1297=1 SUSE-SLE-Live- Patching-12-SP5-2026-1295=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_269-default-9-2.1 * kgraft-patch-4_12_14-122_250-default-16-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:30:32 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:30:32 -0000 Subject: SUSE-SU-2026:1296-1: important: Security update for python39 Message-ID: <177609783260.29674.11769243974419915810@ea440c8e37cc> # Security update for python39 Announcement ID: SUSE-SU-2026:1296-1 Release Date: 2026-04-13T12:32:58Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for python39 fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). * CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). * CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). * CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1296=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1296=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1296=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1296=1 ## Package List: * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * python39-curses-3.9.25-150300.4.99.1 * python39-base-3.9.25-150300.4.99.1 * python39-3.9.25-150300.4.99.1 * python39-dbm-3.9.25-150300.4.99.1 * libpython3_9-1_0-3.9.25-150300.4.99.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * python39-curses-3.9.25-150300.4.99.1 * python39-base-3.9.25-150300.4.99.1 * python39-3.9.25-150300.4.99.1 * python39-dbm-3.9.25-150300.4.99.1 * libpython3_9-1_0-3.9.25-150300.4.99.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * python39-dbm-debuginfo-3.9.25-150300.4.99.1 * python39-doc-devhelp-3.9.25-150300.4.99.1 * python39-base-debuginfo-3.9.25-150300.4.99.1 * python39-debuginfo-3.9.25-150300.4.99.1 * libpython3_9-1_0-3.9.25-150300.4.99.1 * python39-tk-3.9.25-150300.4.99.1 * python39-curses-debuginfo-3.9.25-150300.4.99.1 * python39-base-3.9.25-150300.4.99.1 * python39-testsuite-debuginfo-3.9.25-150300.4.99.1 * python39-doc-3.9.25-150300.4.99.1 * libpython3_9-1_0-debuginfo-3.9.25-150300.4.99.1 * python39-core-debugsource-3.9.25-150300.4.99.1 * python39-curses-3.9.25-150300.4.99.1 * python39-dbm-3.9.25-150300.4.99.1 * python39-tk-debuginfo-3.9.25-150300.4.99.1 * python39-3.9.25-150300.4.99.1 * python39-tools-3.9.25-150300.4.99.1 * python39-debugsource-3.9.25-150300.4.99.1 * python39-idle-3.9.25-150300.4.99.1 * python39-testsuite-3.9.25-150300.4.99.1 * python39-devel-3.9.25-150300.4.99.1 * openSUSE Leap 15.3 (x86_64) * python39-32bit-3.9.25-150300.4.99.1 * libpython3_9-1_0-32bit-debuginfo-3.9.25-150300.4.99.1 * python39-32bit-debuginfo-3.9.25-150300.4.99.1 * python39-base-32bit-debuginfo-3.9.25-150300.4.99.1 * libpython3_9-1_0-32bit-3.9.25-150300.4.99.1 * python39-base-32bit-3.9.25-150300.4.99.1 * openSUSE Leap 15.3 (aarch64_ilp32) * python39-base-64bit-3.9.25-150300.4.99.1 * python39-64bit-3.9.25-150300.4.99.1 * python39-64bit-debuginfo-3.9.25-150300.4.99.1 * libpython3_9-1_0-64bit-3.9.25-150300.4.99.1 * python39-base-64bit-debuginfo-3.9.25-150300.4.99.1 * libpython3_9-1_0-64bit-debuginfo-3.9.25-150300.4.99.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python39-dbm-debuginfo-3.9.25-150300.4.99.1 * python39-doc-devhelp-3.9.25-150300.4.99.1 * python39-base-debuginfo-3.9.25-150300.4.99.1 * python39-debuginfo-3.9.25-150300.4.99.1 * libpython3_9-1_0-3.9.25-150300.4.99.1 * python39-tk-3.9.25-150300.4.99.1 * python39-curses-debuginfo-3.9.25-150300.4.99.1 * python39-base-3.9.25-150300.4.99.1 * python39-testsuite-debuginfo-3.9.25-150300.4.99.1 * python39-doc-3.9.25-150300.4.99.1 * libpython3_9-1_0-debuginfo-3.9.25-150300.4.99.1 * python39-core-debugsource-3.9.25-150300.4.99.1 * python39-curses-3.9.25-150300.4.99.1 * python39-dbm-3.9.25-150300.4.99.1 * python39-tk-debuginfo-3.9.25-150300.4.99.1 * python39-3.9.25-150300.4.99.1 * python39-tools-3.9.25-150300.4.99.1 * python39-debugsource-3.9.25-150300.4.99.1 * python39-idle-3.9.25-150300.4.99.1 * python39-testsuite-3.9.25-150300.4.99.1 * python39-devel-3.9.25-150300.4.99.1 * openSUSE Leap 15.6 (x86_64) * python39-32bit-3.9.25-150300.4.99.1 * libpython3_9-1_0-32bit-debuginfo-3.9.25-150300.4.99.1 * python39-32bit-debuginfo-3.9.25-150300.4.99.1 * python39-base-32bit-debuginfo-3.9.25-150300.4.99.1 * libpython3_9-1_0-32bit-3.9.25-150300.4.99.1 * python39-base-32bit-3.9.25-150300.4.99.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:30:48 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:30:48 -0000 Subject: SUSE-SU-2026:21091-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609784828.29674.18296751590266163836@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21091-1 Release Date: 2026-04-09T13:21:21Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-339=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-25-rt-debuginfo-17-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_5-debugsource-17-1.1 * kernel-livepatch-6_4_0-25-rt-17-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:31:06 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:31:06 -0000 Subject: SUSE-SU-2026:21090-1: important: Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609786677.29674.13413138100151224616@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21090-1 Release Date: 2026-04-09T13:21:21Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-338=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-28-rt-debuginfo-15-3.1 * kernel-livepatch-6_4_0-28-rt-15-3.1 * kernel-livepatch-MICRO-6-0-RT_Update_6-debugsource-15-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:31:23 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:31:23 -0000 Subject: SUSE-SU-2026:21089-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609788316.29674.11677931534077126619@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21089-1 Release Date: 2026-04-09T13:21:12Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-337=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-30-rt-15-1.3 * kernel-livepatch-MICRO-6-0-RT_Update_7-debugsource-15-1.3 * kernel-livepatch-6_4_0-30-rt-debuginfo-15-1.3 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:31:38 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:31:38 -0000 Subject: SUSE-SU-2026:21088-1: important: Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609789884.29674.17473833609654608823@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21088-1 Release Date: 2026-04-09T13:21:12Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-336=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-31-rt-14-1.2 * kernel-livepatch-6_4_0-31-rt-debuginfo-14-1.2 * kernel-livepatch-MICRO-6-0-RT_Update_8-debugsource-14-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:31:54 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:31:54 -0000 Subject: SUSE-SU-2026:21087-1: important: Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609791418.29674.10189054333333915168@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21087-1 Release Date: 2026-04-09T13:20:57Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-33.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-335=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_9-debugsource-12-1.2 * kernel-livepatch-6_4_0-33-rt-debuginfo-12-1.2 * kernel-livepatch-6_4_0-33-rt-12-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:32:11 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:32:11 -0000 Subject: SUSE-SU-2026:21086-1: important: Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609793140.29674.557405714340331956@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21086-1 Release Date: 2026-04-09T13:20:57Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-334=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_10-debugsource-12-1.1 * kernel-livepatch-6_4_0-34-rt-debuginfo-12-1.1 * kernel-livepatch-6_4_0-34-rt-12-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:32:25 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:32:25 -0000 Subject: SUSE-SU-2026:21085-1: important: Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609794590.29674.15189152292452760132@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21085-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-333=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_11-debugsource-8-1.1 * kernel-livepatch-6_4_0-35-rt-debuginfo-8-1.1 * kernel-livepatch-6_4_0-35-rt-8-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:32:41 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:32:41 -0000 Subject: SUSE-SU-2026:21084-1: important: Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609796140.29674.1879923415310731665@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21084-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-332=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-36-rt-7-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_12-debugsource-7-1.1 * kernel-livepatch-6_4_0-36-rt-debuginfo-7-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:33:00 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:33:00 -0000 Subject: SUSE-SU-2026:21083-1: important: Security update for the Linux Kernel RT (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609798068.29674.5486179077897565829@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21083-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-37.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-331=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-6_4_0-37-rt-3-1.1 * kernel-livepatch-6_4_0-37-rt-debuginfo-3-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_13-debugsource-3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:33:13 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:33:13 -0000 Subject: SUSE-SU-2026:21082-1: important: Security update for the Linux Kernel RT (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609799311.29674.3575731983878408555@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21082-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues The following security issues were fixed: * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-330=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_14-debugsource-3-1.1 * kernel-livepatch-6_4_0-38-rt-debuginfo-3-1.1 * kernel-livepatch-6_4_0-38-rt-3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:33:23 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:33:23 -0000 Subject: SUSE-SU-2026:21081-1: important: Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609800356.29674.2176210222764426738@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21081-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-329=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_15-debugsource-2-1.1 * kernel-livepatch-6_4_0-39-rt-2-1.1 * kernel-livepatch-6_4_0-39-rt-debuginfo-2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:33:37 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:33:37 -0000 Subject: SUSE-SU-2026:21080-1: important: Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609801717.29674.13699873653247587561@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21080-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-328=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-25-default-18-1.2 * kernel-livepatch-MICRO-6-0_Update_5-debugsource-18-1.2 * kernel-livepatch-6_4_0-25-default-debuginfo-18-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:33:50 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:33:50 -0000 Subject: SUSE-SU-2026:21079-1: important: Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609803016.29674.14896480675610754918@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21079-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-327=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_6-debugsource-16-3.1 * kernel-livepatch-6_4_0-28-default-debuginfo-16-3.1 * kernel-livepatch-6_4_0-28-default-16-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:34:04 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:34:04 -0000 Subject: SUSE-SU-2026:21078-1: important: Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609804433.29674.10070552650222643716@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21078-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-29.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-326=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-29-default-15-1.2 * kernel-livepatch-6_4_0-29-default-debuginfo-15-1.2 * kernel-livepatch-MICRO-6-0_Update_7-debugsource-15-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:34:18 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:34:18 -0000 Subject: SUSE-SU-2026:21077-1: important: Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609805857.29674.5200908792813726333@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21077-1 Release Date: 2026-04-09T13:20:22Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-325=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-30-default-debuginfo-14-1.2 * kernel-livepatch-6_4_0-30-default-14-1.2 * kernel-livepatch-MICRO-6-0_Update_8-debugsource-14-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:34:42 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:34:42 -0000 Subject: SUSE-SU-2026:21076-1: important: Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609808292.29674.13948339907215859599@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21076-1 Release Date: 2026-04-09T13:20:22Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-324=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-31-default-debuginfo-14-1.2 * kernel-livepatch-6_4_0-31-default-14-1.2 * kernel-livepatch-MICRO-6-0_Update_9-debugsource-14-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:34:57 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:34:57 -0000 Subject: SUSE-SU-2026:21075-1: important: Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609809714.29674.5981038633718667635@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21075-1 Release Date: 2026-04-09T13:20:09Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-323=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_10-debugsource-8-1.1 * kernel-livepatch-6_4_0-32-default-8-1.1 * kernel-livepatch-6_4_0-32-default-debuginfo-8-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:35:10 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:35:10 -0000 Subject: SUSE-SU-2026:21074-1: important: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609811053.29674.6396902523891284312@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21074-1 Release Date: 2026-04-09T13:20:09Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-322=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-34-default-7-1.1 * kernel-livepatch-MICRO-6-0_Update_11-debugsource-7-1.1 * kernel-livepatch-6_4_0-34-default-debuginfo-7-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:35:24 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:35:24 -0000 Subject: SUSE-SU-2026:21073-1: important: Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609812443.29674.2564987601354858149@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21073-1 Release Date: 2026-04-09T13:19:58Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-35.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-321=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-35-default-debuginfo-7-1.1 * kernel-livepatch-MICRO-6-0_Update_12-debugsource-7-1.1 * kernel-livepatch-6_4_0-35-default-7-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:35:36 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:35:36 -0000 Subject: SUSE-SU-2026:21072-1: important: Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609813647.29674.16658879598482475861@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21072-1 Release Date: 2026-04-09T13:19:58Z Rating: important References: * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-320=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_13-debugsource-5-1.1 * kernel-livepatch-6_4_0-36-default-5-1.1 * kernel-livepatch-6_4_0-36-default-debuginfo-5-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:35:45 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:35:45 -0000 Subject: SUSE-SU-2026:21071-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609814570.29674.5849433495891498406@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21071-1 Release Date: 2026-04-09T13:19:47Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-319=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-38-default-3-1.2 * kernel-livepatch-6_4_0-38-default-debuginfo-3-1.2 * kernel-livepatch-MICRO-6-0_Update_14-debugsource-3-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:35:57 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:35:57 -0000 Subject: SUSE-SU-2026:21070-1: important: Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609815716.29674.17869210205511877040@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21070-1 Release Date: 2026-04-09T13:19:46Z Rating: important References: * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-318=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_16-debugsource-2-1.1 * kernel-livepatch-6_4_0-39-default-2-1.1 * kernel-livepatch-6_4_0-39-default-debuginfo-2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:36:01 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:36:01 -0000 Subject: SUSE-SU-2026:21069-1: important: Security update for glibc Message-ID: <177609816173.29674.13999390388253738052@ea440c8e37cc> # Security update for glibc Announcement ID: SUSE-SU-2026:21069-1 Release Date: 2026-04-09T10:41:58Z Rating: important References: * bsc#1260078 * bsc#1260082 Cross-References: * CVE-2026-4437 * CVE-2026-4438 CVSS scores: * CVE-2026-4437 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4437 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4437 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4438 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4438 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for glibc fixes the following issues: * CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). * CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-659=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * glibc-locale-2.38-12.1 * glibc-locale-base-2.38-12.1 * glibc-2.38-12.1 * glibc-debuginfo-2.38-12.1 * glibc-devel-debuginfo-2.38-12.1 * glibc-devel-2.38-12.1 * glibc-debugsource-2.38-12.1 * glibc-locale-base-debuginfo-2.38-12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4437.html * https://www.suse.com/security/cve/CVE-2026-4438.html * https://bugzilla.suse.com/show_bug.cgi?id=1260078 * https://bugzilla.suse.com/show_bug.cgi?id=1260082 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:36:13 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:36:13 -0000 Subject: SUSE-RU-2026:21068-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <177609817303.29674.15759583320183069290@ea440c8e37cc> # Recommended update for cloud-regionsrv-client Announcement ID: SUSE-RU-2026:21068-1 Release Date: 2026-04-09T10:15:35Z Rating: moderate References: * bsc#1247539 * bsc#1253777 * bsc#1254702 * bsc#1254960 * bsc#1254982 * bsc#1254984 * bsc#1260421 * jsc#PED-14732 Affected Products: * SUSE Linux Micro 6.0 An update that contains one feature and has seven fixes can now be installed. ## Description: This update for cloud-regionsrv-client fixes the following issues: Update to version 11.0.2 (bsc#1260421) * Add iputils as a dependency to make automatic NVIDIA repo enablement work Update to version 11.0.1 * Fix attempt to read a deleted file resulting in an error. Refresh the file list for repos and services for each pass over the server domains we are looking to clean up the registration. * Update user visible messages only showing messages for the application configuration file. Update to version 11.0.0 (bsc#1254960, bsc#1254982, bsc#1253777) * Major version bump for main package and plugin sub-packages due to interpreter change in SLE 15 SP4+ from Python 3.6 to Python 3.11 * Create cache directory in code and drop from package (jsc#PED-14732) * Fix race condition between license watcher timer and registration (bsc#1254984) * Fix cleanup issue in hosts (bsc#1254702) * Fix cache clean up * Fix exit condition from container registry setup * Lock the registration process to ensure single execution (bsc#1254984) * Fix traceback on FP and cert mismatch * Switch remaining code to updated logging implementation * Increase loggin information in log to help with issue debugging * Fix exit code on partial registration success * Remove obsolete switchcloudguestservices Update to version 10.5.3 * Move project setup to poetry and apply python standards * Fix use of logging facility Use logging facility in the desired way throughout the entire code base. This includes the following changes and refactor * Add handler and formatter for the logfile containing more information about function and position in code for the message * Add handler for stdout (INFO and WARNING) * Add handler for stderr (ERROR). * Implement Logger class providing the logging setup and methods * Drop the start_logging() method. * Fix and refactor all unit tests around the use of logging with a proper fixture and place all tests for registerutils into its own class TestRegisterUtils. * Add --debug switch for registercloudguest. Allow to increase logfile information. All messages produced via log.debug(...) in code will be part of the logfile. Debug messages will not be shown on the console * Update SLE12 patches due to logging refactor * Use --debug flag in guestregister service ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-661=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * cloud-regionsrv-client-11.0.2-8.1 * cloud-regionsrv-client-plugin-ec2-2.0.0-8.1 * cloud-regionsrv-client-generic-config-1.0.0-8.1 * cloud-regionsrv-client-plugin-gce-2.0.0-8.1 * cloud-regionsrv-client-plugin-azure-3.0.0-8.1 * cloud-regionsrv-client-license-watcher-1.0.0-8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1247539 * https://bugzilla.suse.com/show_bug.cgi?id=1253777 * https://bugzilla.suse.com/show_bug.cgi?id=1254702 * https://bugzilla.suse.com/show_bug.cgi?id=1254960 * https://bugzilla.suse.com/show_bug.cgi?id=1254982 * https://bugzilla.suse.com/show_bug.cgi?id=1254984 * https://bugzilla.suse.com/show_bug.cgi?id=1260421 * https://jira.suse.com/browse/PED-14732 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:36:18 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:36:18 -0000 Subject: SUSE-SU-2026:21067-1: important: Security update for libpng16 Message-ID: <177609817803.29674.13726726212938003219@ea440c8e37cc> # Security update for libpng16 Announcement ID: SUSE-SU-2026:21067-1 Release Date: 2026-04-09T10:15:35Z Rating: important References: * bsc#1260754 * bsc#1260755 Cross-References: * CVE-2026-33416 * CVE-2026-33636 CVSS scores: * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-33636 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-33636 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-33636 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for libpng16 fixes the following issues: * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). * CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-660=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libpng16-16-debuginfo-1.6.43-4.1 * libpng16-debugsource-1.6.43-4.1 * libpng16-16-1.6.43-4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://www.suse.com/security/cve/CVE-2026-33636.html * https://bugzilla.suse.com/show_bug.cgi?id=1260754 * https://bugzilla.suse.com/show_bug.cgi?id=1260755 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:36:19 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:36:19 -0000 Subject: SUSE-RU-2026:21066-1: moderate: Recommended update for suse-build-key Message-ID: <177609817979.29674.9864584291176614679@ea440c8e37cc> # Recommended update for suse-build-key Announcement ID: SUSE-RU-2026:21066-1 Release Date: 2026-04-09T10:15:34Z Rating: moderate References: Affected Products: * SUSE Linux Micro 6.0 An update that can now be installed. ## Description: This update for suse-build-key fixes the following issues: * Add the auto import framework * Added post quantum cryptographic keys for SLES 15 and SLES 16: * build-pqc-15.pem * build-pqc-16.pem ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-658=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * suse-build-key-12.0-7.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:36:28 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:36:28 -0000 Subject: SUSE-SU-2026:21065-1: important: Security update for openssl-3 Message-ID: <177609818850.29674.13585454955389433004@ea440c8e37cc> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:21065-1 Release Date: 2026-04-08T16:35:01Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-657=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libopenssl-3-fips-provider-3.1.4-12.1 * openssl-3-debugsource-3.1.4-12.1 * libopenssl-3-fips-provider-debuginfo-3.1.4-12.1 * libopenssl3-debuginfo-3.1.4-12.1 * libopenssl3-3.1.4-12.1 * openssl-3-debuginfo-3.1.4-12.1 * libopenssl-3-devel-3.1.4-12.1 * openssl-3-3.1.4-12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:36:31 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:36:31 -0000 Subject: SUSE-SU-2026:21064-1: moderate: Security update for libtpms Message-ID: <177609819178.29674.4830300851461822179@ea440c8e37cc> # Security update for libtpms Announcement ID: SUSE-SU-2026:21064-1 Release Date: 2026-04-08T14:16:30Z Rating: moderate References: * bsc#1244528 Cross-References: * CVE-2025-49133 CVSS scores: * CVE-2025-49133 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2025-49133 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2025-49133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for libtpms fixes the following issues: * CVE-2025-49133: out-of-bounds (OOB) access due to HMAC signing issue leads to abort and vTPM DoS (bsc#1244528). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-656=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libtpms-debugsource-0.9.6-2.1 * libtpms0-debuginfo-0.9.6-2.1 * libtpms0-0.9.6-2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49133.html * https://bugzilla.suse.com/show_bug.cgi?id=1244528 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:36:34 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:36:34 -0000 Subject: SUSE-SU-2026:21063-1: moderate: Security update for python-requests Message-ID: <177609819492.29674.7230609978280510778@ea440c8e37cc> # Security update for python-requests Announcement ID: SUSE-SU-2026:21063-1 Release Date: 2026-04-08T14:11:11Z Rating: moderate References: * bsc#1260589 Cross-References: * CVE-2026-25645 CVSS scores: * CVE-2026-25645 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-25645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-25645 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N * CVE-2026-25645 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-requests fixes the following issue: * CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-655=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * python311-requests-2.32.3-3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25645.html * https://bugzilla.suse.com/show_bug.cgi?id=1260589 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:36:41 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:36:41 -0000 Subject: SUSE-SU-2026:21062-1: important: Security update for expat Message-ID: <177609820149.29674.5977933019665180775@ea440c8e37cc> # Security update for expat Announcement ID: SUSE-SU-2026:21062-1 Release Date: 2026-04-07T18:52:25Z Rating: important References: * bsc#1259711 * bsc#1259726 * bsc#1259729 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). * CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). * CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-654=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libexpat1-debuginfo-2.7.1-5.1 * expat-debugsource-2.7.1-5.1 * libexpat1-2.7.1-5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259711 * https://bugzilla.suse.com/show_bug.cgi?id=1259726 * https://bugzilla.suse.com/show_bug.cgi?id=1259729 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:36:56 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:36:56 -0000 Subject: SUSE-SU-2026:21061-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609821673.29674.791126565330550455@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21061-1 Release Date: 2026-04-09T13:21:21Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-339=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-25-rt-debuginfo-17-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_5-debugsource-17-1.1 * kernel-livepatch-6_4_0-25-rt-17-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:37:10 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:37:10 -0000 Subject: SUSE-SU-2026:21060-1: important: Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609823052.29674.8178308865357454098@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21060-1 Release Date: 2026-04-09T13:21:21Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-338=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-28-rt-debuginfo-15-3.1 * kernel-livepatch-6_4_0-28-rt-15-3.1 * kernel-livepatch-MICRO-6-0-RT_Update_6-debugsource-15-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:37:25 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:37:25 -0000 Subject: SUSE-SU-2026:21059-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609824516.29674.4712120585634346791@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21059-1 Release Date: 2026-04-09T13:21:12Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-337=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-30-rt-15-1.3 * kernel-livepatch-MICRO-6-0-RT_Update_7-debugsource-15-1.3 * kernel-livepatch-6_4_0-30-rt-debuginfo-15-1.3 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:37:38 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:37:38 -0000 Subject: SUSE-SU-2026:21058-1: important: Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609825858.29674.10974930059189468721@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21058-1 Release Date: 2026-04-09T13:21:12Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-336=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-31-rt-14-1.2 * kernel-livepatch-6_4_0-31-rt-debuginfo-14-1.2 * kernel-livepatch-MICRO-6-0-RT_Update_8-debugsource-14-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:37:54 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:37:54 -0000 Subject: SUSE-SU-2026:21057-1: important: Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609827475.29674.4873938669949065599@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21057-1 Release Date: 2026-04-09T13:20:57Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-33.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-335=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_9-debugsource-12-1.2 * kernel-livepatch-6_4_0-33-rt-debuginfo-12-1.2 * kernel-livepatch-6_4_0-33-rt-12-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:38:08 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:38:08 -0000 Subject: SUSE-SU-2026:21056-1: important: Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609828877.29674.10563987043954344235@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21056-1 Release Date: 2026-04-09T13:20:57Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-334=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_10-debugsource-12-1.1 * kernel-livepatch-6_4_0-34-rt-debuginfo-12-1.1 * kernel-livepatch-6_4_0-34-rt-12-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:38:22 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:38:22 -0000 Subject: SUSE-SU-2026:21055-1: important: Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609830265.29674.13840983670134760827@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21055-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-333=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_11-debugsource-8-1.1 * kernel-livepatch-6_4_0-35-rt-debuginfo-8-1.1 * kernel-livepatch-6_4_0-35-rt-8-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:38:37 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:38:37 -0000 Subject: SUSE-SU-2026:21054-1: important: Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609831717.29674.13507585083937997640@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21054-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-332=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-36-rt-7-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_12-debugsource-7-1.1 * kernel-livepatch-6_4_0-36-rt-debuginfo-7-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:38:50 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:38:50 -0000 Subject: SUSE-SU-2026:21053-1: important: Security update for the Linux Kernel RT (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609833038.29674.1778704664079138047@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21053-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-37.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-331=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-6_4_0-37-rt-3-1.1 * kernel-livepatch-6_4_0-37-rt-debuginfo-3-1.1 * kernel-livepatch-MICRO-6-0-RT_Update_13-debugsource-3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:39:00 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:39:00 -0000 Subject: SUSE-SU-2026:21052-1: important: Security update for the Linux Kernel RT (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609834083.29674.10016567799956847355@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21052-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues The following security issues were fixed: * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-330=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_14-debugsource-3-1.1 * kernel-livepatch-6_4_0-38-rt-debuginfo-3-1.1 * kernel-livepatch-6_4_0-38-rt-3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:39:09 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:39:09 -0000 Subject: SUSE-SU-2026:21051-1: important: Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609834994.29674.14804212764566565315@ea440c8e37cc> # Security update for the Linux Kernel RT (Live Patch 15 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21051-1 Release Date: 2026-04-09T13:20:43Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-329=1 ## Package List: * SUSE Linux Micro 6.1 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_15-debugsource-2-1.1 * kernel-livepatch-6_4_0-39-rt-2-1.1 * kernel-livepatch-6_4_0-39-rt-debuginfo-2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:39:26 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:39:26 -0000 Subject: SUSE-SU-2026:21050-1: important: Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609836637.29674.2843574977903245280@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21050-1 Release Date: 2026-04-09T13:20:33Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-328=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-25-default-18-1.2 * kernel-livepatch-MICRO-6-0_Update_5-debugsource-18-1.2 * kernel-livepatch-6_4_0-25-default-debuginfo-18-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:39:44 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:39:44 -0000 Subject: SUSE-SU-2026:21049-1: important: Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609838468.29674.2381378970494625455@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21049-1 Release Date: 2026-04-09T13:20:25Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-327=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_6-debugsource-16-3.1 * kernel-livepatch-6_4_0-28-default-debuginfo-16-3.1 * kernel-livepatch-6_4_0-28-default-16-3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:40:07 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:40:07 -0000 Subject: SUSE-SU-2026:21048-1: important: Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609840735.29674.7775209998819321090@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21048-1 Release Date: 2026-04-09T13:20:25Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-29.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-326=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-29-default-15-1.2 * kernel-livepatch-6_4_0-29-default-debuginfo-15-1.2 * kernel-livepatch-MICRO-6-0_Update_7-debugsource-15-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:40:21 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:40:21 -0000 Subject: SUSE-SU-2026:21047-1: important: Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609842195.29674.17158508774572359355@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21047-1 Release Date: 2026-04-09T13:20:15Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-325=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-30-default-debuginfo-14-1.2 * kernel-livepatch-6_4_0-30-default-14-1.2 * kernel-livepatch-MICRO-6-0_Update_8-debugsource-14-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:40:37 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:40:37 -0000 Subject: SUSE-SU-2026:21046-1: important: Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609843786.29674.13596402558988758289@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21046-1 Release Date: 2026-04-09T13:20:15Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-324=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-31-default-debuginfo-14-1.2 * kernel-livepatch-6_4_0-31-default-14-1.2 * kernel-livepatch-MICRO-6-0_Update_9-debugsource-14-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:40:52 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:40:52 -0000 Subject: SUSE-SU-2026:21045-1: important: Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609845217.29674.11443306994651459077@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21045-1 Release Date: 2026-04-09T13:20:06Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-323=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_10-debugsource-8-1.1 * kernel-livepatch-6_4_0-32-default-8-1.1 * kernel-livepatch-6_4_0-32-default-debuginfo-8-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:41:10 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:41:10 -0000 Subject: SUSE-SU-2026:21044-1: important: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609847004.29674.2774640593947233338@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21044-1 Release Date: 2026-04-09T13:20:06Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-322=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-34-default-7-1.1 * kernel-livepatch-MICRO-6-0_Update_11-debugsource-7-1.1 * kernel-livepatch-6_4_0-34-default-debuginfo-7-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:41:21 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:41:21 -0000 Subject: SUSE-SU-2026:21043-1: important: Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609848179.29674.512767558413237775@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21043-1 Release Date: 2026-04-09T13:20:01Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-35.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-321=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-35-default-debuginfo-7-1.1 * kernel-livepatch-MICRO-6-0_Update_12-debugsource-7-1.1 * kernel-livepatch-6_4_0-35-default-7-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:41:31 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:41:31 -0000 Subject: SUSE-SU-2026:21042-1: important: Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609849117.29674.15384698142547755580@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21042-1 Release Date: 2026-04-09T13:20:01Z Rating: important References: * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-320=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_13-debugsource-5-1.1 * kernel-livepatch-6_4_0-36-default-5-1.1 * kernel-livepatch-6_4_0-36-default-debuginfo-5-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:41:44 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:41:44 -0000 Subject: SUSE-SU-2026:21041-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609850434.29674.5715937578782760082@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21041-1 Release Date: 2026-04-09T13:20:01Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-319=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-38-default-3-1.2 * kernel-livepatch-6_4_0-38-default-debuginfo-3-1.2 * kernel-livepatch-MICRO-6-0_Update_14-debugsource-3-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:41:50 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:41:50 -0000 Subject: SUSE-SU-2026:21040-1: important: Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0) Message-ID: <177609851001.29674.11726255621221830062@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0) Announcement ID: SUSE-SU-2026:21040-1 Release Date: 2026-04-09T13:20:01Z Rating: important References: * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-318=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-MICRO-6-0_Update_16-debugsource-2-1.1 * kernel-livepatch-6_4_0-39-default-2-1.1 * kernel-livepatch-6_4_0-39-default-debuginfo-2-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:41:54 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:41:54 -0000 Subject: SUSE-SU-2026:21039-1: important: Security update for glibc Message-ID: <177609851421.29674.14460660716818450409@ea440c8e37cc> # Security update for glibc Announcement ID: SUSE-SU-2026:21039-1 Release Date: 2026-04-09T11:38:10Z Rating: important References: * bsc#1260078 * bsc#1260082 Cross-References: * CVE-2026-4437 * CVE-2026-4438 CVSS scores: * CVE-2026-4437 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4437 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4437 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4438 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4438 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for glibc fixes the following issues: * CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). * CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-478=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * glibc-devel-debuginfo-2.38-slfo.1.1_7.1 * glibc-devel-2.38-slfo.1.1_7.1 * glibc-locale-2.38-slfo.1.1_7.1 * glibc-locale-base-2.38-slfo.1.1_7.1 * glibc-debugsource-2.38-slfo.1.1_7.1 * glibc-locale-base-debuginfo-2.38-slfo.1.1_7.1 * glibc-debuginfo-2.38-slfo.1.1_7.1 * glibc-2.38-slfo.1.1_7.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4437.html * https://www.suse.com/security/cve/CVE-2026-4438.html * https://bugzilla.suse.com/show_bug.cgi?id=1260078 * https://bugzilla.suse.com/show_bug.cgi?id=1260082 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:41:58 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:41:58 -0000 Subject: SUSE-SU-2026:21038-1: important: Security update for libpng16 Message-ID: <177609851832.29674.3142109894244487703@ea440c8e37cc> # Security update for libpng16 Announcement ID: SUSE-SU-2026:21038-1 Release Date: 2026-04-09T10:48:50Z Rating: important References: * bsc#1260754 * bsc#1260755 Cross-References: * CVE-2026-33416 * CVE-2026-33636 CVSS scores: * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-33636 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-33636 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-33636 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves two vulnerabilities can now be installed. ## Description: This update for libpng16 fixes the following issues: * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). * CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-479=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libpng16-debugsource-1.6.43-slfo.1.1_4.1 * libpng16-16-1.6.43-slfo.1.1_4.1 * libpng16-16-debuginfo-1.6.43-slfo.1.1_4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://www.suse.com/security/cve/CVE-2026-33636.html * https://bugzilla.suse.com/show_bug.cgi?id=1260754 * https://bugzilla.suse.com/show_bug.cgi?id=1260755 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:42:07 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:42:07 -0000 Subject: SUSE-SU-2026:21037-1: important: Security update for openssl-3 Message-ID: <177609852733.29674.9034592686821699242@ea440c8e37cc> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:21037-1 Release Date: 2026-04-08T15:06:09Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-477=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libopenssl3-debuginfo-3.1.4-slfo.1.1_9.1 * libopenssl-3-fips-provider-debuginfo-3.1.4-slfo.1.1_9.1 * libopenssl3-3.1.4-slfo.1.1_9.1 * libopenssl-3-devel-3.1.4-slfo.1.1_9.1 * openssl-3-debugsource-3.1.4-slfo.1.1_9.1 * openssl-3-3.1.4-slfo.1.1_9.1 * libopenssl-3-fips-provider-3.1.4-slfo.1.1_9.1 * openssl-3-debuginfo-3.1.4-slfo.1.1_9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:42:10 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:42:10 -0000 Subject: SUSE-SU-2026:21036-1: moderate: Security update for python-requests Message-ID: <177609853010.29674.12744603300105864188@ea440c8e37cc> # Security update for python-requests Announcement ID: SUSE-SU-2026:21036-1 Release Date: 2026-04-08T14:29:25Z Rating: moderate References: * bsc#1260589 Cross-References: * CVE-2026-25645 CVSS scores: * CVE-2026-25645 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-25645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-25645 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N * CVE-2026-25645 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for python-requests fixes the following issue: * CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-475=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * python311-requests-2.32.4-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25645.html * https://bugzilla.suse.com/show_bug.cgi?id=1260589 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:42:13 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:42:13 -0000 Subject: SUSE-SU-2026:21035-1: moderate: Security update for libtpms Message-ID: <177609853304.29674.13922014199724970981@ea440c8e37cc> # Security update for libtpms Announcement ID: SUSE-SU-2026:21035-1 Release Date: 2026-04-08T14:28:15Z Rating: moderate References: * bsc#1244528 Cross-References: * CVE-2025-49133 CVSS scores: * CVE-2025-49133 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2025-49133 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2025-49133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for libtpms fixes the following issues: * CVE-2025-49133: out-of-bounds (OOB) access due to HMAC signing issue leads to abort and vTPM DoS (bsc#1244528). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-476=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libtpms0-debuginfo-0.9.6-slfo.1.1_2.1 * libtpms-debugsource-0.9.6-slfo.1.1_2.1 * libtpms0-0.9.6-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49133.html * https://bugzilla.suse.com/show_bug.cgi?id=1244528 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:42:26 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:42:26 -0000 Subject: SUSE-RU-2026:21034-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <177609854630.29674.1240080280674710210@ea440c8e37cc> # Recommended update for cloud-regionsrv-client Announcement ID: SUSE-RU-2026:21034-1 Release Date: 2026-04-07T13:10:14Z Rating: moderate References: * bsc#1247539 * bsc#1253777 * bsc#1254702 * bsc#1254960 * bsc#1254982 * bsc#1254984 * bsc#1260421 * jsc#PED-14732 Affected Products: * SUSE Linux Micro 6.1 An update that contains one feature and has seven fixes can now be installed. ## Description: This update for cloud-regionsrv-client fixes the following issues: Update to version 11.0.2 (bsc#1260421) * Add iputils as a dependency to make automatic NVIDIA repo enablement work Update to version 11.0.1 * Fix attempt to read a deleted file resulting in an error. Refresh the file list for repos and services for each pass over the server domains we are looking to clean up the registration. * Update user visible messages only showing messages for the application configuration file. Update to version 11.0.0 (bsc#1254960, bsc#1254982, bsc#1253777) * Major version bump for main package and plugin sub-packages due to interpreter change in SLE 15 SP4+ from Python 3.6 to Python 3.11 * Create cache directory in code and drop from package (jsc#PED-14732) * Fix race condition between license watcher timer and registration (bsc#1254984) * Fix cleanup issue in hosts (bsc#1254702) * Fix cache clean up * Fix exit condition from container registry setup * Lock the registration process to ensure single execution (bsc#1254984) * Fix traceback on FP and cert mismatch * Switch remaining code to updated logging implementation * Increase loggin information in log to help with issue debugging * Fix exit code on partial registration success * Remove obsolete switchcloudguestservices Update to version 10.5.3 * Move project setup to poetry and apply python standards * Fix use of logging facility Use logging facility in the desired way throughout the entire code base. This includes the following changes and refactor * Add handler and formatter for the logfile containing more information about function and position in code for the message * Add handler for stdout (INFO and WARNING) * Add handler for stderr (ERROR). * Implement Logger class providing the logging setup and methods * Drop the start_logging() method. * Fix and refactor all unit tests around the use of logging with a proper fixture and place all tests for registerutils into its own class TestRegisterUtils. * Add --debug switch for registercloudguest. Allow to increase logfile information. All messages produced via log.debug(...) in code will be part of the logfile. Debug messages will not be shown on the console * Update SLE12 patches due to logging refactor * Use --debug flag in guestregister service ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-474=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * cloud-regionsrv-client-plugin-azure-3.0.0-slfo.1.1_7.1 * cloud-regionsrv-client-plugin-ec2-2.0.0-slfo.1.1_7.1 * cloud-regionsrv-client-11.0.2-slfo.1.1_7.1 * cloud-regionsrv-client-license-watcher-1.0.0-slfo.1.1_7.1 * cloud-regionsrv-client-generic-config-1.0.0-slfo.1.1_7.1 * cloud-regionsrv-client-plugin-gce-2.0.0-slfo.1.1_7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1247539 * https://bugzilla.suse.com/show_bug.cgi?id=1253777 * https://bugzilla.suse.com/show_bug.cgi?id=1254702 * https://bugzilla.suse.com/show_bug.cgi?id=1254960 * https://bugzilla.suse.com/show_bug.cgi?id=1254982 * https://bugzilla.suse.com/show_bug.cgi?id=1254984 * https://bugzilla.suse.com/show_bug.cgi?id=1260421 * https://jira.suse.com/browse/PED-14732 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:42:27 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:42:27 -0000 Subject: SUSE-RU-2026:21033-1: moderate: Recommended update for cloud-init Message-ID: <177609854762.29674.11745046979106604410@ea440c8e37cc> # Recommended update for cloud-init Announcement ID: SUSE-RU-2026:21033-1 Release Date: 2026-04-07T13:10:14Z Rating: moderate References: Affected Products: * SUSE Linux Micro 6.1 An update that can now be installed. ## Description: This update for cloud-init contains the following fixes: * Fix dependency replace -serial with -pyserial. * Drop unneeded test dependency on httpretty, fixed long ago ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-473=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * cloud-init-25.1.3-slfo.1.1_2.1 * cloud-init-config-suse-25.1.3-slfo.1.1_2.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:42:30 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:42:30 -0000 Subject: SUSE-SU-2026:21032-1: moderate: Security update for polkit Message-ID: <177609855053.29674.4492128056007524066@ea440c8e37cc> # Security update for polkit Announcement ID: SUSE-SU-2026:21032-1 Release Date: 2026-04-07T11:36:42Z Rating: moderate References: * bsc#1260859 Cross-References: * CVE-2026-4897 CVSS scores: * CVE-2026-4897 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4897 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4897 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for polkit fixes the following issue: * CVE-2026-4897: Fixed possible OOM condition via specially crafted input to `polkit-agent-helper-1` (bsc#1260859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-472=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * polkit-121-slfo.1.1_3.1 * libpolkit-agent-1-0-debuginfo-121-slfo.1.1_3.1 * libpolkit-gobject-1-0-debuginfo-121-slfo.1.1_3.1 * libpolkit-gobject-1-0-121-slfo.1.1_3.1 * polkit-debugsource-121-slfo.1.1_3.1 * libpolkit-agent-1-0-121-slfo.1.1_3.1 * polkit-debuginfo-121-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4897.html * https://bugzilla.suse.com/show_bug.cgi?id=1260859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:42:36 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:42:36 -0000 Subject: SUSE-SU-2026:21031-1: important: Security update for expat Message-ID: <177609855627.29674.9502981853753764855@ea440c8e37cc> # Security update for expat Announcement ID: SUSE-SU-2026:21031-1 Release Date: 2026-04-07T11:08:58Z Rating: important References: * bsc#1259711 * bsc#1259726 * bsc#1259729 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves three vulnerabilities can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). * CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). * CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-471=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-slfo.1.1_5.1 * libexpat1-2.7.1-slfo.1.1_5.1 * libexpat1-debuginfo-2.7.1-slfo.1.1_5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259711 * https://bugzilla.suse.com/show_bug.cgi?id=1259726 * https://bugzilla.suse.com/show_bug.cgi?id=1259729 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:42:37 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:42:37 -0000 Subject: SUSE-RU-2026:21030-1: moderate: Recommended update for suse-build-key Message-ID: <177609855757.29674.7775045113714079902@ea440c8e37cc> # Recommended update for suse-build-key Announcement ID: SUSE-RU-2026:21030-1 Release Date: 2026-04-07T09:25:45Z Rating: moderate References: Affected Products: * SUSE Linux Micro 6.1 An update that can now be installed. ## Description: This update for suse-build-key fixes the following issues: \- Add the auto import framework \- Added post quantum cryptographic keys for SLES 15 and SLES 16: * build-pqc-15.pem * build-pqc-16.pem ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-470=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * suse-build-key-12.0-slfo.1.1_5.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:42:41 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:42:41 -0000 Subject: SUSE-RU-2026:21029-1: important: Recommended update for crypto-policies Message-ID: <177609856140.29674.14812659536530100093@ea440c8e37cc> # Recommended update for crypto-policies Announcement ID: SUSE-RU-2026:21029-1 Release Date: 2026-04-02T13:01:52Z Rating: important References: * bsc#1258311 * bsc#1259825 Affected Products: * SUSE Linux Micro 6.1 An update that has two fixes can now be installed. ## Description: This update for crypto-policies fixes the following issues: * Add PQC support for OpenSSH (bsc#1258311, bsc#1259825) * Enable and prioritize sntrup761x25519-sha512 for OpenSSH by default ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-469=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * crypto-policies-scripts-20230920.570ea89-slfo.1.1_2.1 * crypto-policies-20230920.570ea89-slfo.1.1_2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1258311 * https://bugzilla.suse.com/show_bug.cgi?id=1259825 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:42:47 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:42:47 -0000 Subject: SUSE-SU-2026:1294-1: important: Security update for the Linux Kernel (Live Patch 77 for SUSE Linux Enterprise 12 SP5) Message-ID: <177609856711.29674.2316764042266006107@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 77 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1294-1 Release Date: 2026-04-13T09:04:34Z Rating: important References: * bsc#1255235 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.293 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1294=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_293-default-3-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:42:57 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:42:57 -0000 Subject: SUSE-SU-2026:1293-1: important: Security update for the Linux Kernel (Live Patch 75 for SUSE Linux Enterprise 12 SP5) Message-ID: <177609857701.29674.6002206782166002695@ea440c8e37cc> # Security update for the Linux Kernel (Live Patch 75 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1293-1 Release Date: 2026-04-13T08:35:44Z Rating: important References: * bsc#1255235 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.283 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1293=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_283-default-4-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:43:05 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:43:05 -0000 Subject: SUSE-SU-2026:1292-1: important: Security update for python312 Message-ID: <177609858521.29674.7779496834382583652@ea440c8e37cc> # Security update for python312 Announcement ID: SUSE-SU-2026:1292-1 Release Date: 2026-04-13T08:10:53Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves five vulnerabilities can now be installed. ## Description: This update for python312 fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). * CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). * CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). * CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1292=1 openSUSE-SLE-15.6-2026-1292=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1292=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1292=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python312-core-debugsource-3.12.13-150600.3.53.1 * python312-tk-debuginfo-3.12.13-150600.3.53.1 * python312-curses-debuginfo-3.12.13-150600.3.53.1 * python312-tools-3.12.13-150600.3.53.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.53.1 * python312-base-3.12.13-150600.3.53.1 * python312-devel-3.12.13-150600.3.53.1 * python312-dbm-debuginfo-3.12.13-150600.3.53.1 * python312-base-debuginfo-3.12.13-150600.3.53.1 * python312-debugsource-3.12.13-150600.3.53.1 * python312-3.12.13-150600.3.53.1 * python312-debuginfo-3.12.13-150600.3.53.1 * python312-dbm-3.12.13-150600.3.53.1 * python312-doc-3.12.13-150600.3.53.1 * python312-testsuite-3.12.13-150600.3.53.1 * python312-testsuite-debuginfo-3.12.13-150600.3.53.1 * python312-idle-3.12.13-150600.3.53.1 * python312-tk-3.12.13-150600.3.53.1 * python312-doc-devhelp-3.12.13-150600.3.53.1 * python312-curses-3.12.13-150600.3.53.1 * libpython3_12-1_0-3.12.13-150600.3.53.1 * openSUSE Leap 15.6 (x86_64) * python312-32bit-debuginfo-3.12.13-150600.3.53.1 * libpython3_12-1_0-32bit-debuginfo-3.12.13-150600.3.53.1 * python312-32bit-3.12.13-150600.3.53.1 * python312-base-32bit-debuginfo-3.12.13-150600.3.53.1 * libpython3_12-1_0-32bit-3.12.13-150600.3.53.1 * python312-base-32bit-3.12.13-150600.3.53.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libpython3_12-1_0-64bit-3.12.13-150600.3.53.1 * python312-base-64bit-3.12.13-150600.3.53.1 * python312-base-64bit-debuginfo-3.12.13-150600.3.53.1 * python312-64bit-debuginfo-3.12.13-150600.3.53.1 * python312-64bit-3.12.13-150600.3.53.1 * libpython3_12-1_0-64bit-debuginfo-3.12.13-150600.3.53.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * python312-base-debuginfo-3.12.13-150600.3.53.1 * python312-dbm-debuginfo-3.12.13-150600.3.53.1 * python312-curses-debuginfo-3.12.13-150600.3.53.1 * python312-tools-3.12.13-150600.3.53.1 * python312-idle-3.12.13-150600.3.53.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.53.1 * python312-base-3.12.13-150600.3.53.1 * python312-core-debugsource-3.12.13-150600.3.53.1 * python312-tk-3.12.13-150600.3.53.1 * python312-debugsource-3.12.13-150600.3.53.1 * python312-tk-debuginfo-3.12.13-150600.3.53.1 * python312-3.12.13-150600.3.53.1 * python312-dbm-3.12.13-150600.3.53.1 * python312-debuginfo-3.12.13-150600.3.53.1 * python312-devel-3.12.13-150600.3.53.1 * python312-curses-3.12.13-150600.3.53.1 * libpython3_12-1_0-3.12.13-150600.3.53.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * python312-base-debuginfo-3.12.13-150600.3.53.1 * python312-dbm-debuginfo-3.12.13-150600.3.53.1 * python312-curses-debuginfo-3.12.13-150600.3.53.1 * python312-tools-3.12.13-150600.3.53.1 * python312-idle-3.12.13-150600.3.53.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.53.1 * python312-base-3.12.13-150600.3.53.1 * python312-core-debugsource-3.12.13-150600.3.53.1 * python312-tk-3.12.13-150600.3.53.1 * python312-debugsource-3.12.13-150600.3.53.1 * python312-tk-debuginfo-3.12.13-150600.3.53.1 * python312-3.12.13-150600.3.53.1 * python312-dbm-3.12.13-150600.3.53.1 * python312-debuginfo-3.12.13-150600.3.53.1 * python312-devel-3.12.13-150600.3.53.1 * python312-curses-3.12.13-150600.3.53.1 * libpython3_12-1_0-3.12.13-150600.3.53.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:43:14 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:43:14 -0000 Subject: SUSE-SU-2026:1291-1: important: Security update for openssl-1_0_0 Message-ID: <177609859487.29674.9833680669901073863@ea440c8e37cc> # Security update for openssl-1_0_0 Announcement ID: SUSE-SU-2026:1291-1 Release Date: 2026-04-13T08:10:19Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Legacy Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-1_0_0 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Legacy Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2026-1291=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1291=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1291=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1291=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1291=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1291=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1291=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1291=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1291=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1291=1 ## Package List: * Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libopenssl1_0_0-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libopenssl1_0_0-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libopenssl1_0_0-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl1_0_0-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl1_0_0-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl1_0_0-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libopenssl1_0_0-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libopenssl1_0_0-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libopenssl1_0_0-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libopenssl1_0_0-steam-1.0.2p-150000.3.105.1 * openssl-1_0_0-cavs-1.0.2p-150000.3.105.1 * libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.105.1 * libopenssl1_0_0-1.0.2p-150000.3.105.1 * openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-debuginfo-1.0.2p-150000.3.105.1 * libopenssl10-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.105.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openssl-1_0_0-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.105.1 * openssl-1_0_0-debugsource-1.0.2p-150000.3.105.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.105.1 * openSUSE Leap 15.6 (x86_64) * libopenssl1_0_0-32bit-1.0.2p-150000.3.105.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.105.1 * libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.105.1 * libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.105.1 * libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.105.1 * libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.105.1 * openSUSE Leap 15.6 (noarch) * openssl-1_0_0-doc-1.0.2p-150000.3.105.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 16:43:30 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 16:43:30 -0000 Subject: SUSE-SU-2026:1290-1: important: Security update for openssl-1_1 Message-ID: <177609861001.29674.5162212194985767456@ea440c8e37cc> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2026:1290-1 Release Date: 2026-04-13T08:08:55Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-31789 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1290=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1290=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1290=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1290=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1290=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1290=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1 * openssl-1_1-debugsource-1.1.1l-150500.17.51.1 * libopenssl1_1-1.1.1l-150500.17.51.1 * openssl-1_1-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-1.1.1l-150500.17.51.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.51.1 * openSUSE Leap 15.5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-32bit-1.1.1l-150500.17.51.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1 * openSUSE Leap 15.5 (noarch) * openssl-1_1-doc-1.1.1l-150500.17.51.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl1_1-64bit-1.1.1l-150500.17.51.1 * libopenssl1_1-64bit-debuginfo-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-64bit-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-64bit-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1 * openssl-1_1-debugsource-1.1.1l-150500.17.51.1 * libopenssl1_1-1.1.1l-150500.17.51.1 * openssl-1_1-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-1.1.1l-150500.17.51.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1 * openssl-1_1-debugsource-1.1.1l-150500.17.51.1 * libopenssl1_1-1.1.1l-150500.17.51.1 * openssl-1_1-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-1.1.1l-150500.17.51.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.51.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1 * openssl-1_1-debugsource-1.1.1l-150500.17.51.1 * libopenssl1_1-1.1.1l-150500.17.51.1 * openssl-1_1-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-1.1.1l-150500.17.51.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.51.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1 * openssl-1_1-debugsource-1.1.1l-150500.17.51.1 * libopenssl1_1-1.1.1l-150500.17.51.1 * openssl-1_1-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-1.1.1l-150500.17.51.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.51.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.51.1 * openssl-1_1-debugsource-1.1.1l-150500.17.51.1 * libopenssl1_1-1.1.1l-150500.17.51.1 * openssl-1_1-1.1.1l-150500.17.51.1 * libopenssl-1_1-devel-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-1.1.1l-150500.17.51.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.51.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.51.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.51.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.51.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 20:30:15 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 20:30:15 -0000 Subject: SUSE-SU-2026:1298-1: important: Security update for the Linux Kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5) Message-ID: <177611221544.2784.15554055301067924443@7334c935c7bb> # Security update for the Linux Kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1298-1 Release Date: 2026-04-13T15:04:44Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1255235 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.272 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1298=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_272-default-8-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 20:30:19 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 20:30:19 -0000 Subject: SUSE-SU-2026:1300-1: important: Security update for GraphicsMagick Message-ID: <177611221991.2784.15480622286499968315@7334c935c7bb> # Security update for GraphicsMagick Announcement ID: SUSE-SU-2026:1300-1 Release Date: 2026-04-13T15:58:01Z Rating: important References: * bsc#1258765 * bsc#1259456 Cross-References: * CVE-2026-26284 * CVE-2026-28690 CVSS scores: * CVE-2026-26284 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-26284 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-26284 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-26284 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-28690 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28690 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28690 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H * CVE-2026-28690 ( NVD ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for GraphicsMagick fixes the following issues: * CVE-2026-26284: heap overflow in pcd decoder leads to out of bounds read (bsc#1258765). * CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1300=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1300=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * GraphicsMagick-devel-1.3.42-150600.3.18.1 * libGraphicsMagick++-devel-1.3.42-150600.3.18.1 * libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.18.1 * libGraphicsMagick++-Q16-12-1.3.42-150600.3.18.1 * GraphicsMagick-debuginfo-1.3.42-150600.3.18.1 * libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.18.1 * perl-GraphicsMagick-debuginfo-1.3.42-150600.3.18.1 * libGraphicsMagick3-config-1.3.42-150600.3.18.1 * GraphicsMagick-1.3.42-150600.3.18.1 * perl-GraphicsMagick-1.3.42-150600.3.18.1 * GraphicsMagick-debugsource-1.3.42-150600.3.18.1 * libGraphicsMagickWand-Q16-2-1.3.42-150600.3.18.1 * libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.18.1 * libGraphicsMagick-Q16-3-1.3.42-150600.3.18.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * GraphicsMagick-devel-1.3.42-150600.3.18.1 * libGraphicsMagick++-devel-1.3.42-150600.3.18.1 * libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.18.1 * libGraphicsMagick++-Q16-12-1.3.42-150600.3.18.1 * GraphicsMagick-debuginfo-1.3.42-150600.3.18.1 * libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.18.1 * perl-GraphicsMagick-debuginfo-1.3.42-150600.3.18.1 * libGraphicsMagick3-config-1.3.42-150600.3.18.1 * GraphicsMagick-1.3.42-150600.3.18.1 * perl-GraphicsMagick-1.3.42-150600.3.18.1 * GraphicsMagick-debugsource-1.3.42-150600.3.18.1 * libGraphicsMagickWand-Q16-2-1.3.42-150600.3.18.1 * libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.18.1 * libGraphicsMagick-Q16-3-1.3.42-150600.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26284.html * https://www.suse.com/security/cve/CVE-2026-28690.html * https://bugzilla.suse.com/show_bug.cgi?id=1258765 * https://bugzilla.suse.com/show_bug.cgi?id=1259456 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 13 20:30:34 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 13 Apr 2026 20:30:34 -0000 Subject: SUSE-SU-2026:1299-1: important: Security update for nodejs24 Message-ID: <177611223451.2784.6214018309949231015@7334c935c7bb> # Security update for nodejs24 Announcement ID: SUSE-SU-2026:1299-1 Release Date: 2026-04-13T15:54:46Z Rating: important References: * bsc#1256572 * bsc#1256576 * bsc#1260455 * bsc#1260460 * bsc#1260462 * bsc#1260463 * bsc#1260480 * bsc#1260482 * bsc#1260494 Cross-References: * CVE-2025-59464 * CVE-2026-21637 * CVE-2026-21710 * CVE-2026-21712 * CVE-2026-21713 * CVE-2026-21714 * CVE-2026-21715 * CVE-2026-21716 * CVE-2026-21717 CVSS scores: * CVE-2025-59464 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-59464 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-59464 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59464 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-21637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21712 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21712 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-21712 ( NVD ): 5.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-21713 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21714 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21715 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21716 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21716 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21717 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7 An update that solves nine vulnerabilities can now be installed. ## Description: This update for nodejs24 fixes the following issues: * Update to 24.14.1 * CVE-2026-21637: synchronous exceptions thrown during certain callbacks bypass the standard TLS error handling paths and can cause a denial of service (bsc#1256576). * CVE-2026-21710: uncaught TypeError exception can cause a denial of service (bsc#1260455). * CVE-2026-21712: malformed URL format can lead to a crash (bsc#1260460). * CVE-2026-21713: timing side-channel in HMAC verification via memcmp can lead to potential MAC forgery (bsc#1260463). * CVE-2026-21714: WINDOW_UPDATE frames on stream 0 can lead to memory leak (bsc#1260480). * CVE-2026-21715: permission model bypass in realpathSync.native can allow file existence disclosure (bsc#1260482). * CVE-2026-21716: promise-based FileHandle methods can be used to modify file permissions and ownership (bsc#1260462). * CVE-2026-21717: crafted request can lead to trivially predictable hash collisions (bsc#1260494). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-1299=1 ## Package List: * Web and Scripting Module 15-SP7 (aarch64 ppc64le s390x x86_64) * npm24-24.14.1-150700.15.8.1 * nodejs24-debuginfo-24.14.1-150700.15.8.1 * nodejs24-24.14.1-150700.15.8.1 * nodejs24-debugsource-24.14.1-150700.15.8.1 * nodejs24-devel-24.14.1-150700.15.8.1 * Web and Scripting Module 15-SP7 (noarch) * nodejs24-docs-24.14.1-150700.15.8.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59464.html * https://www.suse.com/security/cve/CVE-2026-21637.html * https://www.suse.com/security/cve/CVE-2026-21710.html * https://www.suse.com/security/cve/CVE-2026-21712.html * https://www.suse.com/security/cve/CVE-2026-21713.html * https://www.suse.com/security/cve/CVE-2026-21714.html * https://www.suse.com/security/cve/CVE-2026-21715.html * https://www.suse.com/security/cve/CVE-2026-21716.html * https://www.suse.com/security/cve/CVE-2026-21717.html * https://bugzilla.suse.com/show_bug.cgi?id=1256572 * https://bugzilla.suse.com/show_bug.cgi?id=1256576 * https://bugzilla.suse.com/show_bug.cgi?id=1260455 * https://bugzilla.suse.com/show_bug.cgi?id=1260460 * https://bugzilla.suse.com/show_bug.cgi?id=1260462 * https://bugzilla.suse.com/show_bug.cgi?id=1260463 * https://bugzilla.suse.com/show_bug.cgi?id=1260480 * https://bugzilla.suse.com/show_bug.cgi?id=1260482 * https://bugzilla.suse.com/show_bug.cgi?id=1260494 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 08:30:17 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 08:30:17 -0000 Subject: SUSE-SU-2026:1305-1: important: Security update for the Linux Kernel (Live Patch 76 for SUSE Linux Enterprise 12 SP5) Message-ID: <177615541792.31304.3452462851867286325@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 76 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1305-1 Release Date: 2026-04-13T18:34:02Z Rating: important References: * bsc#1255235 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.290 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1305=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_290-default-4-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 08:30:31 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 08:30:31 -0000 Subject: SUSE-SU-2026:1304-1: important: Security update for the Linux Kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5) Message-ID: <177615543108.31304.11026681006857353090@c2c2e0ac4d9f> # Security update for the Linux Kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1304-1 Release Date: 2026-04-13T16:04:42Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1255235 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258784 Cross-References: * CVE-2023-53794 * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23209 CVSS scores: * CVE-2023-53794 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-53794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.275 fixes various security issues The following security issues were fixed: * CVE-2023-53794: cifs: fix session state check in reconnect to avoid use- after-free issue (bsc#1255235). * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1304=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_275-default-6-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-53794.html * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1255235 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 08:30:35 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 08:30:35 -0000 Subject: SUSE-SU-2026:1303-1: important: Security update for tigervnc Message-ID: <177615543504.31304.10728218137814617568@c2c2e0ac4d9f> # Security update for tigervnc Announcement ID: SUSE-SU-2026:1303-1 Release Date: 2026-04-13T16:03:04Z Rating: important References: * bsc#1260871 Cross-References: * CVE-2026-34352 CVSS scores: * CVE-2026-34352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L * CVE-2026-34352 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34352 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for tigervnc fixes the following issues: * CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1303=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1303=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1303=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1303=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1303=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * tigervnc-debugsource-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-1.10.1-150400.7.15.1 * tigervnc-debuginfo-1.10.1-150400.7.15.1 * tigervnc-1.10.1-150400.7.15.1 * libXvnc-devel-1.10.1-150400.7.15.1 * libXvnc1-debuginfo-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-debuginfo-1.10.1-150400.7.15.1 * libXvnc1-1.10.1-150400.7.15.1 * openSUSE Leap 15.4 (noarch) * tigervnc-x11vnc-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-java-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-novnc-1.10.1-150400.7.15.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64 i586) * xorg-x11-Xvnc-module-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-module-debuginfo-1.10.1-150400.7.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * tigervnc-debugsource-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-1.10.1-150400.7.15.1 * tigervnc-debuginfo-1.10.1-150400.7.15.1 * tigervnc-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-module-1.10.1-150400.7.15.1 * libXvnc-devel-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-module-debuginfo-1.10.1-150400.7.15.1 * libXvnc1-debuginfo-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-debuginfo-1.10.1-150400.7.15.1 * libXvnc1-1.10.1-150400.7.15.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * xorg-x11-Xvnc-novnc-1.10.1-150400.7.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * tigervnc-debugsource-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-1.10.1-150400.7.15.1 * tigervnc-debuginfo-1.10.1-150400.7.15.1 * tigervnc-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-module-1.10.1-150400.7.15.1 * libXvnc-devel-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-module-debuginfo-1.10.1-150400.7.15.1 * libXvnc1-debuginfo-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-debuginfo-1.10.1-150400.7.15.1 * libXvnc1-1.10.1-150400.7.15.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * xorg-x11-Xvnc-novnc-1.10.1-150400.7.15.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * tigervnc-debugsource-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-1.10.1-150400.7.15.1 * tigervnc-debuginfo-1.10.1-150400.7.15.1 * tigervnc-1.10.1-150400.7.15.1 * libXvnc-devel-1.10.1-150400.7.15.1 * libXvnc1-debuginfo-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-debuginfo-1.10.1-150400.7.15.1 * libXvnc1-1.10.1-150400.7.15.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le x86_64) * xorg-x11-Xvnc-module-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-module-debuginfo-1.10.1-150400.7.15.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * xorg-x11-Xvnc-novnc-1.10.1-150400.7.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * tigervnc-debugsource-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-1.10.1-150400.7.15.1 * tigervnc-debuginfo-1.10.1-150400.7.15.1 * tigervnc-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-module-1.10.1-150400.7.15.1 * libXvnc-devel-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-module-debuginfo-1.10.1-150400.7.15.1 * libXvnc1-debuginfo-1.10.1-150400.7.15.1 * xorg-x11-Xvnc-debuginfo-1.10.1-150400.7.15.1 * libXvnc1-1.10.1-150400.7.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * xorg-x11-Xvnc-novnc-1.10.1-150400.7.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34352.html * https://bugzilla.suse.com/show_bug.cgi?id=1260871 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 08:30:38 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 08:30:38 -0000 Subject: SUSE-SU-2026:1302-1: important: Security update for tigervnc Message-ID: <177615543868.31304.6726814738528691633@c2c2e0ac4d9f> # Security update for tigervnc Announcement ID: SUSE-SU-2026:1302-1 Release Date: 2026-04-13T16:02:17Z Rating: important References: * bsc#1260871 Cross-References: * CVE-2026-34352 CVSS scores: * CVE-2026-34352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L * CVE-2026-34352 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34352 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for tigervnc fixes the following issues: * CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1302=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1302=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1302=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1302=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1302=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le x86_64) * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * openSUSE Leap 15.5 (noarch) * xorg-x11-Xvnc-java-1.12.0-150500.4.3.1 * tigervnc-x11vnc-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64 i586) * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * tigervnc-debugsource-1.12.0-150500.4.3.1 * tigervnc-1.12.0-150500.4.3.1 * libXvnc-devel-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-1.12.0-150500.4.3.1 * libXvnc1-debuginfo-1.12.0-150500.4.3.1 * libXvnc1-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-debuginfo-1.12.0-150500.4.3.1 * tigervnc-debuginfo-1.12.0-150500.4.3.1 * xorg-x11-Xvnc-1.12.0-150500.4.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * xorg-x11-Xvnc-novnc-1.12.0-150500.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34352.html * https://bugzilla.suse.com/show_bug.cgi?id=1260871 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 08:30:42 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 08:30:42 -0000 Subject: SUSE-SU-2026:1301-1: important: Security update for tigervnc Message-ID: <177615544215.31304.4254422718307766487@c2c2e0ac4d9f> # Security update for tigervnc Announcement ID: SUSE-SU-2026:1301-1 Release Date: 2026-04-13T16:01:26Z Rating: important References: * bsc#1260871 Cross-References: * CVE-2026-34352 CVSS scores: * CVE-2026-34352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L * CVE-2026-34352 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34352 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for tigervnc fixes the following issues: * CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1301=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1301=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * tigervnc-1.6.0-22.23.1 * libXvnc1-1.6.0-22.23.1 * xorg-x11-Xvnc-debuginfo-1.6.0-22.23.1 * tigervnc-debuginfo-1.6.0-22.23.1 * libXvnc1-debuginfo-1.6.0-22.23.1 * tigervnc-debugsource-1.6.0-22.23.1 * xorg-x11-Xvnc-1.6.0-22.23.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * tigervnc-1.6.0-22.23.1 * libXvnc1-1.6.0-22.23.1 * xorg-x11-Xvnc-debuginfo-1.6.0-22.23.1 * tigervnc-debuginfo-1.6.0-22.23.1 * libXvnc1-debuginfo-1.6.0-22.23.1 * tigervnc-debugsource-1.6.0-22.23.1 * xorg-x11-Xvnc-1.6.0-22.23.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34352.html * https://bugzilla.suse.com/show_bug.cgi?id=1260871 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 12:30:06 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 12:30:06 -0000 Subject: SUSE-SU-2026:1306-1: moderate: Security update for openvswitch Message-ID: <177616980641.74.7182470285406838684@7d0c564dccbc> # Security update for openvswitch Announcement ID: SUSE-SU-2026:1306-1 Release Date: 2026-04-13T20:02:56Z Rating: moderate References: * bsc#1261273 Cross-References: * CVE-2026-34956 CVSS scores: * CVE-2026-34956 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34956 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2026-34956: invalid memory access via crafted FTP payloads in userspace conntrack flows specifying the FTP alg handler (bsc#1261273). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1306=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * ovn-debuginfo-23.03.3-150600.33.12.1 * ovn-vtep-debuginfo-23.03.3-150600.33.12.1 * libovn-23_03-0-debuginfo-23.03.3-150600.33.12.1 * openvswitch-test-debuginfo-3.1.7-150600.33.12.1 * openvswitch-devel-3.1.7-150600.33.12.1 * openvswitch-debugsource-3.1.7-150600.33.12.1 * openvswitch-vtep-debuginfo-3.1.7-150600.33.12.1 * openvswitch-vtep-3.1.7-150600.33.12.1 * libopenvswitch-3_1-0-3.1.7-150600.33.12.1 * libovn-23_03-0-23.03.3-150600.33.12.1 * ovn-devel-23.03.3-150600.33.12.1 * python3-ovs-3.1.7-150600.33.12.1 * ovn-central-debuginfo-23.03.3-150600.33.12.1 * ovn-23.03.3-150600.33.12.1 * openvswitch-ipsec-3.1.7-150600.33.12.1 * openvswitch-test-3.1.7-150600.33.12.1 * ovn-central-23.03.3-150600.33.12.1 * openvswitch-pki-3.1.7-150600.33.12.1 * openvswitch-3.1.7-150600.33.12.1 * ovn-host-debuginfo-23.03.3-150600.33.12.1 * libopenvswitch-3_1-0-debuginfo-3.1.7-150600.33.12.1 * openvswitch-debuginfo-3.1.7-150600.33.12.1 * ovn-host-23.03.3-150600.33.12.1 * ovn-vtep-23.03.3-150600.33.12.1 * ovn-docker-23.03.3-150600.33.12.1 * openSUSE Leap 15.6 (noarch) * openvswitch-doc-3.1.7-150600.33.12.1 * ovn-doc-23.03.3-150600.33.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34956.html * https://bugzilla.suse.com/show_bug.cgi?id=1261273 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 16:30:48 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 16:30:48 -0000 Subject: SUSE-SU-2026:21092-1: important: Security update 5.1.2 for Multi-Linux Manager Client Tools and Salt Bundle Message-ID: <177618424882.121.7611641533421537598@5d6d53449fb2> # Security update 5.1.2 for Multi-Linux Manager Client Tools and Salt Bundle Announcement ID: SUSE-SU-2026:21092-1 Release Date: 2026-03-05T16:40:22Z Rating: important References: * bsc#1227579 * bsc#1247644 * bsc#1247721 * bsc#1248848 * bsc#1249400 * bsc#1249532 * bsc#1250940 * bsc#1250976 * bsc#1250981 * bsc#1251044 * bsc#1251138 * bsc#1251995 * bsc#1253174 * bsc#1253282 * bsc#1253347 * bsc#1253659 * bsc#1253738 * bsc#1253966 * bsc#1254478 * bsc#1254903 * bsc#1254904 * bsc#1254905 * bsc#1255781 Cross-References: * CVE-2024-52804 * CVE-2025-67724 * CVE-2025-67725 * CVE-2025-67726 CVSS scores: * CVE-2024-52804 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-52804 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-52804 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67726 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SLE 16 An update that solves four vulnerabilities and has 19 fixes can now be installed. ## Description: This update fixes the following issues: Changes in spacecmd: * Version 5.1.12-0 * Fix spacecmd binary file upload (bsc#1253659) * Fix typo in spacecmd help ca-cert flag (bsc#1253174) * Convert cached IDs to int (bsc#1251995) * Fix methods in api namespace in spacecmd (bsc#1249532) * Make caching code Py 2.7 compatible * Use JSON instead of pickle for spacecmd cache (bsc#1227579) * Python 2.7 cannot re-raise exceptions Changes in supportutils-plugin-susemanager-client: * Version 5.1.5-0 * Non-customer-facing optimization and update Changes in supportutils-plugin-salt: * New package Changes in uyuni-tools: * Version 5.1.24-0 * Actually use the --dbupgrade-tag parameter when computing the image URL (bsc#1249400) * Handle CA files with symlinks during migration (bsc#1251044) * Adjust traefik exposed configuration for chart v27 (bsc#1247721) * Fix systemd object initialization in server rename. (bsc#1250981) * Add SSL secrets to the db setup container during migration. (bsc#1250976) * Fix images handling in mgrpxy support ptf (bsc#1250940) * Fix helm upgrade parameters (bsc#1253966) * Detect custom apache and squid config in the /etc/uyuni/proxy folder * Add ssh tuning to configure sshd (bsc#1253738) * Move the SSL checks at the begining of the migration * Remove cgroup mount for podman containers (bsc#1253347) * Convert the traefik install time to local time (bsc#1251138) * During migration, krb5.conf.d should be copied in /etc/rhn (bsc#1254478) * Read env var from http conf file (bsc#1253282) * Add --registry-host, --registry-user and --registry-password to pull images from an authenticate registry * Deprecate --registry * Unify backup create and restore dryrun option case * Fix calling of squid -z in mgrpxy cache clear (bsc#1247644) * Always start database container even if enabled * Remove extra ipv6 mapping and nftables workaround (bsc#1248848) * Remove old PostgreSQL exporter environment file before migration * Support config command parse correctly supportconfig output (bsc#1255781) * Version 5.1.23-0 * Update the default tag Changes in venv-salt-minion: * Backported security patches for Salt vendored tornado: * CVE-2025-67724: Fixed missing validation of supplied reason phrase (bsc#1254903) * CVE-2025-67725: Fixed DoS via malicious HTTP request (bsc#1254905) * CVE-2025-67726: Fixed HTTP header parameter parsing algorithm (bsc#1254904) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE 16 zypper in -t patch Multi-Linux-ManagerTools-SLE-16-2=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE 16 (noarch) * supportutils-plugin-susemanager-client-5.1.5-160002.1.1 * mgrctl-zsh-completion-5.1.24-160002.1.1 * spacecmd-5.1.12-160002.1.1 * mgrctl-bash-completion-5.1.24-160002.1.1 * mgrctl-lang-5.1.24-160002.1.1 * supportutils-plugin-salt-1.2.3-160002.1.1 * SUSE Multi-Linux Manager Client Tools for SLE 16 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-160002.4.1 * mgrctl-5.1.24-160002.1.1 * mgrctl-debuginfo-5.1.24-160002.1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-52804.html * https://www.suse.com/security/cve/CVE-2025-67724.html * https://www.suse.com/security/cve/CVE-2025-67725.html * https://www.suse.com/security/cve/CVE-2025-67726.html * https://bugzilla.suse.com/show_bug.cgi?id=1227579 * https://bugzilla.suse.com/show_bug.cgi?id=1247644 * https://bugzilla.suse.com/show_bug.cgi?id=1247721 * https://bugzilla.suse.com/show_bug.cgi?id=1248848 * https://bugzilla.suse.com/show_bug.cgi?id=1249400 * https://bugzilla.suse.com/show_bug.cgi?id=1249532 * https://bugzilla.suse.com/show_bug.cgi?id=1250940 * https://bugzilla.suse.com/show_bug.cgi?id=1250976 * https://bugzilla.suse.com/show_bug.cgi?id=1250981 * https://bugzilla.suse.com/show_bug.cgi?id=1251044 * https://bugzilla.suse.com/show_bug.cgi?id=1251138 * https://bugzilla.suse.com/show_bug.cgi?id=1251995 * https://bugzilla.suse.com/show_bug.cgi?id=1253174 * https://bugzilla.suse.com/show_bug.cgi?id=1253282 * https://bugzilla.suse.com/show_bug.cgi?id=1253347 * https://bugzilla.suse.com/show_bug.cgi?id=1253659 * https://bugzilla.suse.com/show_bug.cgi?id=1253738 * https://bugzilla.suse.com/show_bug.cgi?id=1253966 * https://bugzilla.suse.com/show_bug.cgi?id=1254478 * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254904 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://bugzilla.suse.com/show_bug.cgi?id=1255781 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 16:30:50 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 16:30:50 -0000 Subject: SUSE-OU-2026:1315-1: moderate: Optional update for rsyslog Message-ID: <177618425073.121.18318692479612842549@5d6d53449fb2> # Optional update for rsyslog Announcement ID: SUSE-OU-2026:1315-1 Release Date: 2026-04-14T11:26:47Z Rating: moderate References: * jsc#PED-15910 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains one feature can now be installed. ## Description: This update for rsyslog fixes the following issue: * add the rsyslog-module-ossl (openssl TLS support). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1315=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1315=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1315=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1315=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1315=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1315=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1315=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1315=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1315=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * rsyslog-module-relp-8.2306.0-150400.5.35.1 * rsyslog-module-snmp-8.2306.0-150400.5.35.1 * rsyslog-module-udpspoof-8.2306.0-150400.5.35.1 * rsyslog-module-omamqp1-8.2306.0-150400.5.35.1 * rsyslog-module-omtcl-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-diag-tools-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gtls-8.2306.0-150400.5.35.1 * rsyslog-diag-tools-8.2306.0-150400.5.35.1 * rsyslog-module-mysql-8.2306.0-150400.5.35.1 * rsyslog-module-omhttpfs-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gssapi-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gtls-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-elasticsearch-8.2306.0-150400.5.35.1 * rsyslog-module-snmp-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-mmnormalize-8.2306.0-150400.5.35.1 * rsyslog-module-dbi-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-dbi-8.2306.0-150400.5.35.1 * rsyslog-module-gcrypt-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-omtcl-8.2306.0-150400.5.35.1 * rsyslog-debugsource-8.2306.0-150400.5.35.1 * rsyslog-module-kafka-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-omhttpfs-8.2306.0-150400.5.35.1 * rsyslog-module-ossl-8.2306.0-150400.5.35.1 * rsyslog-module-udpspoof-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-pgsql-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-pgsql-8.2306.0-150400.5.35.1 * rsyslog-module-kafka-8.2306.0-150400.5.35.1 * rsyslog-module-mmnormalize-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gssapi-8.2306.0-150400.5.35.1 * rsyslog-module-omamqp1-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-ossl-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-8.2306.0-150400.5.35.1 * rsyslog-module-relp-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gcrypt-8.2306.0-150400.5.35.1 * rsyslog-doc-8.2306.0-150400.5.35.1 * rsyslog-module-mysql-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-elasticsearch-debuginfo-8.2306.0-150400.5.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * rsyslog-module-relp-8.2306.0-150400.5.35.1 * rsyslog-module-snmp-8.2306.0-150400.5.35.1 * rsyslog-module-udpspoof-8.2306.0-150400.5.35.1 * rsyslog-module-gtls-8.2306.0-150400.5.35.1 * rsyslog-module-mysql-8.2306.0-150400.5.35.1 * rsyslog-module-gssapi-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gtls-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-snmp-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-mmnormalize-8.2306.0-150400.5.35.1 * rsyslog-debugsource-8.2306.0-150400.5.35.1 * rsyslog-module-ossl-8.2306.0-150400.5.35.1 * rsyslog-module-udpspoof-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-pgsql-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-pgsql-8.2306.0-150400.5.35.1 * rsyslog-module-mmnormalize-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gssapi-8.2306.0-150400.5.35.1 * rsyslog-module-ossl-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-8.2306.0-150400.5.35.1 * rsyslog-module-relp-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-mysql-debuginfo-8.2306.0-150400.5.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * rsyslog-module-relp-8.2306.0-150400.5.35.1 * rsyslog-module-snmp-8.2306.0-150400.5.35.1 * rsyslog-module-udpspoof-8.2306.0-150400.5.35.1 * rsyslog-module-gtls-8.2306.0-150400.5.35.1 * rsyslog-module-mysql-8.2306.0-150400.5.35.1 * rsyslog-module-gssapi-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gtls-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-snmp-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-mmnormalize-8.2306.0-150400.5.35.1 * rsyslog-debugsource-8.2306.0-150400.5.35.1 * rsyslog-module-ossl-8.2306.0-150400.5.35.1 * rsyslog-module-udpspoof-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-pgsql-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-pgsql-8.2306.0-150400.5.35.1 * rsyslog-module-mmnormalize-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gssapi-8.2306.0-150400.5.35.1 * rsyslog-module-ossl-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-8.2306.0-150400.5.35.1 * rsyslog-module-relp-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-mysql-debuginfo-8.2306.0-150400.5.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * rsyslog-module-relp-8.2306.0-150400.5.35.1 * rsyslog-module-snmp-8.2306.0-150400.5.35.1 * rsyslog-module-udpspoof-8.2306.0-150400.5.35.1 * rsyslog-module-gtls-8.2306.0-150400.5.35.1 * rsyslog-module-mysql-8.2306.0-150400.5.35.1 * rsyslog-module-gssapi-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gtls-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-snmp-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-mmnormalize-8.2306.0-150400.5.35.1 * rsyslog-debugsource-8.2306.0-150400.5.35.1 * rsyslog-module-ossl-8.2306.0-150400.5.35.1 * rsyslog-module-udpspoof-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-pgsql-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-pgsql-8.2306.0-150400.5.35.1 * rsyslog-module-mmnormalize-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gssapi-8.2306.0-150400.5.35.1 * rsyslog-module-ossl-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-8.2306.0-150400.5.35.1 * rsyslog-module-relp-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-mysql-debuginfo-8.2306.0-150400.5.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * rsyslog-module-relp-8.2306.0-150400.5.35.1 * rsyslog-module-snmp-8.2306.0-150400.5.35.1 * rsyslog-module-udpspoof-8.2306.0-150400.5.35.1 * rsyslog-module-gtls-8.2306.0-150400.5.35.1 * rsyslog-module-mysql-8.2306.0-150400.5.35.1 * rsyslog-module-gssapi-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gtls-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-snmp-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-mmnormalize-8.2306.0-150400.5.35.1 * rsyslog-debugsource-8.2306.0-150400.5.35.1 * rsyslog-module-ossl-8.2306.0-150400.5.35.1 * rsyslog-module-udpspoof-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-pgsql-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-pgsql-8.2306.0-150400.5.35.1 * rsyslog-module-mmnormalize-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gssapi-8.2306.0-150400.5.35.1 * rsyslog-module-ossl-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-8.2306.0-150400.5.35.1 * rsyslog-module-relp-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-mysql-debuginfo-8.2306.0-150400.5.35.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * rsyslog-module-relp-8.2306.0-150400.5.35.1 * rsyslog-module-snmp-8.2306.0-150400.5.35.1 * rsyslog-module-udpspoof-8.2306.0-150400.5.35.1 * rsyslog-module-gtls-8.2306.0-150400.5.35.1 * rsyslog-module-mysql-8.2306.0-150400.5.35.1 * rsyslog-module-gssapi-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gtls-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-snmp-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-mmnormalize-8.2306.0-150400.5.35.1 * rsyslog-debugsource-8.2306.0-150400.5.35.1 * rsyslog-module-ossl-8.2306.0-150400.5.35.1 * rsyslog-module-udpspoof-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-pgsql-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-pgsql-8.2306.0-150400.5.35.1 * rsyslog-module-mmnormalize-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gssapi-8.2306.0-150400.5.35.1 * rsyslog-module-ossl-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-8.2306.0-150400.5.35.1 * rsyslog-module-relp-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-mysql-debuginfo-8.2306.0-150400.5.35.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * rsyslog-module-relp-8.2306.0-150400.5.35.1 * rsyslog-module-snmp-8.2306.0-150400.5.35.1 * rsyslog-module-udpspoof-8.2306.0-150400.5.35.1 * rsyslog-module-gtls-8.2306.0-150400.5.35.1 * rsyslog-module-mysql-8.2306.0-150400.5.35.1 * rsyslog-module-gssapi-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gtls-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-snmp-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-mmnormalize-8.2306.0-150400.5.35.1 * rsyslog-debugsource-8.2306.0-150400.5.35.1 * rsyslog-module-ossl-8.2306.0-150400.5.35.1 * rsyslog-module-udpspoof-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-pgsql-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-pgsql-8.2306.0-150400.5.35.1 * rsyslog-module-mmnormalize-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gssapi-8.2306.0-150400.5.35.1 * rsyslog-module-ossl-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-8.2306.0-150400.5.35.1 * rsyslog-module-relp-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-mysql-debuginfo-8.2306.0-150400.5.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * rsyslog-module-relp-8.2306.0-150400.5.35.1 * rsyslog-module-snmp-8.2306.0-150400.5.35.1 * rsyslog-module-udpspoof-8.2306.0-150400.5.35.1 * rsyslog-module-gtls-8.2306.0-150400.5.35.1 * rsyslog-module-mysql-8.2306.0-150400.5.35.1 * rsyslog-module-gssapi-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gtls-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-snmp-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-mmnormalize-8.2306.0-150400.5.35.1 * rsyslog-debugsource-8.2306.0-150400.5.35.1 * rsyslog-module-ossl-8.2306.0-150400.5.35.1 * rsyslog-module-udpspoof-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-pgsql-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-pgsql-8.2306.0-150400.5.35.1 * rsyslog-module-mmnormalize-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gssapi-8.2306.0-150400.5.35.1 * rsyslog-module-ossl-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-8.2306.0-150400.5.35.1 * rsyslog-module-relp-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-mysql-debuginfo-8.2306.0-150400.5.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * rsyslog-module-relp-8.2306.0-150400.5.35.1 * rsyslog-module-snmp-8.2306.0-150400.5.35.1 * rsyslog-module-udpspoof-8.2306.0-150400.5.35.1 * rsyslog-module-gtls-8.2306.0-150400.5.35.1 * rsyslog-module-mysql-8.2306.0-150400.5.35.1 * rsyslog-module-gssapi-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gtls-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-snmp-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-mmnormalize-8.2306.0-150400.5.35.1 * rsyslog-debugsource-8.2306.0-150400.5.35.1 * rsyslog-module-ossl-8.2306.0-150400.5.35.1 * rsyslog-module-udpspoof-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-pgsql-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-pgsql-8.2306.0-150400.5.35.1 * rsyslog-module-mmnormalize-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-gssapi-8.2306.0-150400.5.35.1 * rsyslog-module-ossl-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-8.2306.0-150400.5.35.1 * rsyslog-module-relp-debuginfo-8.2306.0-150400.5.35.1 * rsyslog-module-mysql-debuginfo-8.2306.0-150400.5.35.1 ## References: * https://jira.suse.com/browse/PED-15910 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 16:30:54 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 16:30:54 -0000 Subject: SUSE-SU-2026:1314-1: important: Security update for ignition Message-ID: <177618425432.121.11633275556158080057@5d6d53449fb2> # Security update for ignition Announcement ID: SUSE-SU-2026:1314-1 Release Date: 2026-04-14T11:07:17Z Rating: important References: * bsc#1260251 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * HPC Module 15-SP7 * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for ignition fixes the following issue: * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 `:path` pseudo-header (bsc#1260251). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1314=1 * HPC Module 15-SP7 zypper in -t patch SUSE-SLE-Module-HPC-15-SP7-2026-1314=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1314=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1314=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * ignition-dracut-grub2-2.14.0-150400.9.15.1 * ignition-2.14.0-150400.9.15.1 * ignition-debuginfo-2.14.0-150400.9.15.1 * HPC Module 15-SP7 (aarch64 x86_64) * ignition-dracut-grub2-2.14.0-150400.9.15.1 * ignition-2.14.0-150400.9.15.1 * ignition-debuginfo-2.14.0-150400.9.15.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 x86_64) * ignition-dracut-grub2-2.14.0-150400.9.15.1 * ignition-2.14.0-150400.9.15.1 * ignition-debuginfo-2.14.0-150400.9.15.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * ignition-dracut-grub2-2.14.0-150400.9.15.1 * ignition-2.14.0-150400.9.15.1 * ignition-debuginfo-2.14.0-150400.9.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 16:30:57 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 16:30:57 -0000 Subject: SUSE-SU-2026:1313-1: important: Security update for freerdp2 Message-ID: <177618425786.121.11496712334964191107@5d6d53449fb2> # Security update for freerdp2 Announcement ID: SUSE-SU-2026:1313-1 Release Date: 2026-04-14T10:47:32Z Rating: important References: * bsc#1257991 Cross-References: * CVE-2026-24684 CVSS scores: * CVE-2026-24684 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-24684 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24684 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-24684 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for freerdp2 fixes the following issues: * Fix the CVE-2026-24684 patch, as the previous version wrongly deleted a check for an error condition (bsc#1257991). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1313=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1313=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * winpr2-devel-2.11.7-150700.3.17.1 * freerdp2-debuginfo-2.11.7-150700.3.17.1 * freerdp2-debugsource-2.11.7-150700.3.17.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * libfreerdp2-2-debuginfo-2.11.7-150700.3.17.1 * libwinpr2-2-2.11.7-150700.3.17.1 * freerdp2-proxy-debuginfo-2.11.7-150700.3.17.1 * freerdp2-2.11.7-150700.3.17.1 * freerdp2-debuginfo-2.11.7-150700.3.17.1 * freerdp2-server-2.11.7-150700.3.17.1 * libfreerdp2-2-2.11.7-150700.3.17.1 * freerdp2-server-debuginfo-2.11.7-150700.3.17.1 * winpr2-devel-2.11.7-150700.3.17.1 * libwinpr2-2-debuginfo-2.11.7-150700.3.17.1 * freerdp2-debugsource-2.11.7-150700.3.17.1 * freerdp2-devel-2.11.7-150700.3.17.1 * freerdp2-proxy-2.11.7-150700.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24684.html * https://bugzilla.suse.com/show_bug.cgi?id=1257991 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 16:31:00 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 16:31:00 -0000 Subject: SUSE-SU-2026:1312-1: important: Security update for bind Message-ID: <177618426092.121.13811496970350794833@5d6d53449fb2> # Security update for bind Announcement ID: SUSE-SU-2026:1312-1 Release Date: 2026-04-14T10:46:38Z Rating: important References: * bsc#1260805 Cross-References: * CVE-2026-1519 CVSS scores: * CVE-2026-1519 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-1519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for bind fixes the following issues: * CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1312=1 openSUSE-SLE-15.6-2026-1312=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1312=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1312=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * bind-debugsource-9.18.33-150600.3.21.1 * bind-utils-9.18.33-150600.3.21.1 * bind-utils-debuginfo-9.18.33-150600.3.21.1 * bind-9.18.33-150600.3.21.1 * bind-debuginfo-9.18.33-150600.3.21.1 * openSUSE Leap 15.6 (noarch) * bind-doc-9.18.33-150600.3.21.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * bind-debugsource-9.18.33-150600.3.21.1 * bind-utils-9.18.33-150600.3.21.1 * bind-utils-debuginfo-9.18.33-150600.3.21.1 * bind-9.18.33-150600.3.21.1 * bind-debuginfo-9.18.33-150600.3.21.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * bind-doc-9.18.33-150600.3.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * bind-debugsource-9.18.33-150600.3.21.1 * bind-utils-9.18.33-150600.3.21.1 * bind-utils-debuginfo-9.18.33-150600.3.21.1 * bind-9.18.33-150600.3.21.1 * bind-debuginfo-9.18.33-150600.3.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * bind-doc-9.18.33-150600.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1519.html * https://bugzilla.suse.com/show_bug.cgi?id=1260805 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 16:31:03 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 16:31:03 -0000 Subject: SUSE-SU-2026:1311-1: important: Security update for libpng16 Message-ID: <177618426393.121.14132194760626452883@5d6d53449fb2> # Security update for libpng16 Announcement ID: SUSE-SU-2026:1311-1 Release Date: 2026-04-14T10:44:55Z Rating: important References: * bsc#1260754 Cross-References: * CVE-2026-33416 CVSS scores: * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libpng16 fixes the following issue: * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1311=1 * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1311=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpng16-compat-devel-1.6.8-15.21.1 * libpng16-16-debuginfo-1.6.8-15.21.1 * libpng16-devel-1.6.8-15.21.1 * libpng16-debugsource-1.6.8-15.21.1 * libpng16-16-1.6.8-15.21.1 * libpng16-16-32bit-1.6.8-15.21.1 * libpng16-16-debuginfo-32bit-1.6.8-15.21.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libpng16-compat-devel-1.6.8-15.21.1 * libpng16-16-debuginfo-1.6.8-15.21.1 * libpng16-devel-1.6.8-15.21.1 * libpng16-debugsource-1.6.8-15.21.1 * libpng16-16-1.6.8-15.21.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libpng16-16-32bit-1.6.8-15.21.1 * libpng16-16-debuginfo-32bit-1.6.8-15.21.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://bugzilla.suse.com/show_bug.cgi?id=1260754 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 16:31:07 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 16:31:07 -0000 Subject: SUSE-SU-2026:1310-1: moderate: Security update for libssh Message-ID: <177618426771.121.6697675279220031700@5d6d53449fb2> # Security update for libssh Announcement ID: SUSE-SU-2026:1310-1 Release Date: 2026-04-14T10:42:17Z Rating: moderate References: * bsc#1259377 Cross-References: * CVE-2026-3731 CVSS scores: * CVE-2026-3731 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-3731 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-3731 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3731 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3731 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for libssh fixes the following issues: * CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler (bsc#1259377). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1310=1 openSUSE-SLE-15.6-2026-1310=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1310=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libssh4-0.9.8-150600.11.12.1 * libssh-debugsource-0.9.8-150600.11.12.1 * libssh-devel-0.9.8-150600.11.12.1 * libssh4-debuginfo-0.9.8-150600.11.12.1 * libssh-config-0.9.8-150600.11.12.1 * openSUSE Leap 15.6 (x86_64) * libssh4-32bit-debuginfo-0.9.8-150600.11.12.1 * libssh4-32bit-0.9.8-150600.11.12.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libssh4-64bit-0.9.8-150600.11.12.1 * libssh4-64bit-debuginfo-0.9.8-150600.11.12.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libssh4-0.9.8-150600.11.12.1 * libssh-debugsource-0.9.8-150600.11.12.1 * libssh-devel-0.9.8-150600.11.12.1 * libssh4-debuginfo-0.9.8-150600.11.12.1 * libssh-config-0.9.8-150600.11.12.1 * Basesystem Module 15-SP7 (x86_64) * libssh4-32bit-debuginfo-0.9.8-150600.11.12.1 * libssh4-32bit-0.9.8-150600.11.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3731.html * https://bugzilla.suse.com/show_bug.cgi?id=1259377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 16:31:10 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 16:31:10 -0000 Subject: SUSE-SU-2026:1309-1: important: Security update for sudo Message-ID: <177618427085.121.17836646860275926073@5d6d53449fb2> # Security update for sudo Announcement ID: SUSE-SU-2026:1309-1 Release Date: 2026-04-14T10:39:43Z Rating: important References: * bsc#1261420 Cross-References: * CVE-2026-35535 CVSS scores: * CVE-2026-35535 ( SUSE ): 7.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-35535 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35535 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for sudo fixes the following issue: * CVE-2026-35535: Fixed potential privilege escalation when running the mailer (bsc#1261420). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1309=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1309=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1309=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1309=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1309=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1309=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1309=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1309=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1309=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * sudo-debuginfo-1.9.9-150400.4.42.1 * sudo-plugin-python-debuginfo-1.9.9-150400.4.42.1 * sudo-debugsource-1.9.9-150400.4.42.1 * sudo-devel-1.9.9-150400.4.42.1 * sudo-1.9.9-150400.4.42.1 * sudo-plugin-python-1.9.9-150400.4.42.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * sudo-debuginfo-1.9.9-150400.4.42.1 * sudo-plugin-python-debuginfo-1.9.9-150400.4.42.1 * sudo-debugsource-1.9.9-150400.4.42.1 * sudo-devel-1.9.9-150400.4.42.1 * sudo-test-1.9.9-150400.4.42.1 * sudo-1.9.9-150400.4.42.1 * sudo-plugin-python-1.9.9-150400.4.42.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * sudo-1.9.9-150400.4.42.1 * sudo-debuginfo-1.9.9-150400.4.42.1 * sudo-debugsource-1.9.9-150400.4.42.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * sudo-1.9.9-150400.4.42.1 * sudo-debuginfo-1.9.9-150400.4.42.1 * sudo-debugsource-1.9.9-150400.4.42.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * sudo-1.9.9-150400.4.42.1 * sudo-debuginfo-1.9.9-150400.4.42.1 * sudo-debugsource-1.9.9-150400.4.42.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * sudo-1.9.9-150400.4.42.1 * sudo-debuginfo-1.9.9-150400.4.42.1 * sudo-debugsource-1.9.9-150400.4.42.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * sudo-debuginfo-1.9.9-150400.4.42.1 * sudo-plugin-python-debuginfo-1.9.9-150400.4.42.1 * sudo-debugsource-1.9.9-150400.4.42.1 * sudo-devel-1.9.9-150400.4.42.1 * sudo-1.9.9-150400.4.42.1 * sudo-plugin-python-1.9.9-150400.4.42.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * sudo-debuginfo-1.9.9-150400.4.42.1 * sudo-plugin-python-debuginfo-1.9.9-150400.4.42.1 * sudo-debugsource-1.9.9-150400.4.42.1 * sudo-devel-1.9.9-150400.4.42.1 * sudo-1.9.9-150400.4.42.1 * sudo-plugin-python-1.9.9-150400.4.42.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * sudo-debuginfo-1.9.9-150400.4.42.1 * sudo-plugin-python-debuginfo-1.9.9-150400.4.42.1 * sudo-debugsource-1.9.9-150400.4.42.1 * sudo-devel-1.9.9-150400.4.42.1 * sudo-1.9.9-150400.4.42.1 * sudo-plugin-python-1.9.9-150400.4.42.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35535.html * https://bugzilla.suse.com/show_bug.cgi?id=1261420 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 16:31:14 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 16:31:14 -0000 Subject: SUSE-SU-2026:1308-1: important: Security update for sudo Message-ID: <177618427406.121.5242025518369926566@5d6d53449fb2> # Security update for sudo Announcement ID: SUSE-SU-2026:1308-1 Release Date: 2026-04-14T10:38:02Z Rating: important References: * bsc#1261420 Cross-References: * CVE-2026-35535 CVSS scores: * CVE-2026-35535 ( SUSE ): 7.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-35535 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35535 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for sudo fixes the following issue: * CVE-2026-35535: Fixed potential privilege escalation when running the mailer (bsc#1261420). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1308=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1308=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1308=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1308=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1308=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1308=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * sudo-plugin-python-debuginfo-1.9.12p1-150500.7.16.1 * sudo-test-1.9.12p1-150500.7.16.1 * sudo-debugsource-1.9.12p1-150500.7.16.1 * sudo-devel-1.9.12p1-150500.7.16.1 * sudo-debuginfo-1.9.12p1-150500.7.16.1 * sudo-1.9.12p1-150500.7.16.1 * sudo-plugin-python-1.9.12p1-150500.7.16.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * sudo-1.9.12p1-150500.7.16.1 * sudo-debuginfo-1.9.12p1-150500.7.16.1 * sudo-debugsource-1.9.12p1-150500.7.16.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * sudo-plugin-python-debuginfo-1.9.12p1-150500.7.16.1 * sudo-debugsource-1.9.12p1-150500.7.16.1 * sudo-devel-1.9.12p1-150500.7.16.1 * sudo-debuginfo-1.9.12p1-150500.7.16.1 * sudo-1.9.12p1-150500.7.16.1 * sudo-plugin-python-1.9.12p1-150500.7.16.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * sudo-plugin-python-debuginfo-1.9.12p1-150500.7.16.1 * sudo-debugsource-1.9.12p1-150500.7.16.1 * sudo-devel-1.9.12p1-150500.7.16.1 * sudo-debuginfo-1.9.12p1-150500.7.16.1 * sudo-1.9.12p1-150500.7.16.1 * sudo-plugin-python-1.9.12p1-150500.7.16.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * sudo-plugin-python-debuginfo-1.9.12p1-150500.7.16.1 * sudo-debugsource-1.9.12p1-150500.7.16.1 * sudo-devel-1.9.12p1-150500.7.16.1 * sudo-debuginfo-1.9.12p1-150500.7.16.1 * sudo-1.9.12p1-150500.7.16.1 * sudo-plugin-python-1.9.12p1-150500.7.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * sudo-plugin-python-debuginfo-1.9.12p1-150500.7.16.1 * sudo-debugsource-1.9.12p1-150500.7.16.1 * sudo-devel-1.9.12p1-150500.7.16.1 * sudo-debuginfo-1.9.12p1-150500.7.16.1 * sudo-1.9.12p1-150500.7.16.1 * sudo-plugin-python-1.9.12p1-150500.7.16.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35535.html * https://bugzilla.suse.com/show_bug.cgi?id=1261420 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 16:31:17 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 16:31:17 -0000 Subject: SUSE-SU-2026:1307-1: important: Security update for strongswan Message-ID: <177618427744.121.15321073896086487870@5d6d53449fb2> # Security update for strongswan Announcement ID: SUSE-SU-2026:1307-1 Release Date: 2026-04-14T10:35:45Z Rating: important References: * bsc#1259472 Cross-References: * CVE-2026-25075 CVSS scores: * CVE-2026-25075 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25075 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25075 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25075 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for strongswan fixes the following issue: * CVE-2026-25075: integer underflow when handling EAP-TTLS AVP (bsc#1259472). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1307=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1307=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * strongswan-libs0-debuginfo-5.1.3-26.32.1 * strongswan-5.1.3-26.32.1 * strongswan-libs0-5.1.3-26.32.1 * strongswan-debugsource-5.1.3-26.32.1 * strongswan-hmac-5.1.3-26.32.1 * strongswan-ipsec-debuginfo-5.1.3-26.32.1 * strongswan-ipsec-5.1.3-26.32.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * strongswan-doc-5.1.3-26.32.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * strongswan-libs0-debuginfo-5.1.3-26.32.1 * strongswan-5.1.3-26.32.1 * strongswan-libs0-5.1.3-26.32.1 * strongswan-debugsource-5.1.3-26.32.1 * strongswan-hmac-5.1.3-26.32.1 * strongswan-ipsec-debuginfo-5.1.3-26.32.1 * strongswan-ipsec-5.1.3-26.32.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * strongswan-doc-5.1.3-26.32.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25075.html * https://bugzilla.suse.com/show_bug.cgi?id=1259472 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 20:30:01 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 20:30:01 -0000 Subject: SUSE-RU-2026:1327-1: moderate: Recommended update for scap-security-guide Message-ID: <177619860185.321.15003452446599094360@5d6d53449fb2> # Recommended update for scap-security-guide Announcement ID: SUSE-RU-2026:1327-1 Release Date: 2026-04-14T13:56:46Z Rating: moderate References: * jsc#ECO-3319 Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 An update that contains one feature can now be installed. ## Description: This update for scap-security-guide fixes the following issues: * Update the SSG package description * Add SLE16 profiles to the build * updated to 0.1.79 (jsc#ECO-3319): * Create SLE16 HIPAA profile * Create SLE16 PCI DSS 4 profile * Use Sequoia in RHEL 10 instead of GPG * New Profile for RHEL10: BSI * Move RHEL Control files to product files * Update RHEL 9 CCN profile * Various updates for SLE 12/15 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-Micro-5-2026-1327=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1327=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2026-1327=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1327=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1327=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1327=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1327=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1327=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1327=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1327=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1327=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1327=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1327=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1327=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1327=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1327=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1327=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1327=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1327=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1327=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1327=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (noarch) * scap-security-guide-0.1.80-150000.1.106.1 * openSUSE Leap 15.6 (noarch) * scap-security-guide-redhat-0.1.80-150000.1.106.1 * scap-security-guide-0.1.80-150000.1.106.1 * scap-security-guide-ubuntu-0.1.80-150000.1.106.1 * scap-security-guide-debian-0.1.80-150000.1.106.1 * SUSE Manager Client Tools for SLE Micro 5 (noarch) * scap-security-guide-0.1.80-150000.1.106.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * scap-security-guide-redhat-0.1.80-150000.1.106.1 * scap-security-guide-0.1.80-150000.1.106.1 * scap-security-guide-ubuntu-0.1.80-150000.1.106.1 * scap-security-guide-debian-0.1.80-150000.1.106.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * scap-security-guide-redhat-0.1.80-150000.1.106.1 * scap-security-guide-0.1.80-150000.1.106.1 * scap-security-guide-ubuntu-0.1.80-150000.1.106.1 * scap-security-guide-debian-0.1.80-150000.1.106.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * scap-security-guide-redhat-0.1.80-150000.1.106.1 * scap-security-guide-0.1.80-150000.1.106.1 * scap-security-guide-ubuntu-0.1.80-150000.1.106.1 * scap-security-guide-debian-0.1.80-150000.1.106.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * scap-security-guide-redhat-0.1.80-150000.1.106.1 * scap-security-guide-0.1.80-150000.1.106.1 * scap-security-guide-ubuntu-0.1.80-150000.1.106.1 * scap-security-guide-debian-0.1.80-150000.1.106.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * scap-security-guide-redhat-0.1.80-150000.1.106.1 * scap-security-guide-0.1.80-150000.1.106.1 * scap-security-guide-ubuntu-0.1.80-150000.1.106.1 * scap-security-guide-debian-0.1.80-150000.1.106.1 * Basesystem Module 15-SP7 (noarch) * scap-security-guide-redhat-0.1.80-150000.1.106.1 * scap-security-guide-0.1.80-150000.1.106.1 * scap-security-guide-ubuntu-0.1.80-150000.1.106.1 * scap-security-guide-debian-0.1.80-150000.1.106.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * scap-security-guide-redhat-0.1.80-150000.1.106.1 * scap-security-guide-0.1.80-150000.1.106.1 * scap-security-guide-ubuntu-0.1.80-150000.1.106.1 * scap-security-guide-debian-0.1.80-150000.1.106.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * scap-security-guide-redhat-0.1.80-150000.1.106.1 * scap-security-guide-0.1.80-150000.1.106.1 * scap-security-guide-ubuntu-0.1.80-150000.1.106.1 * scap-security-guide-debian-0.1.80-150000.1.106.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * scap-security-guide-redhat-0.1.80-150000.1.106.1 * scap-security-guide-0.1.80-150000.1.106.1 * scap-security-guide-ubuntu-0.1.80-150000.1.106.1 * scap-security-guide-debian-0.1.80-150000.1.106.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * scap-security-guide-redhat-0.1.80-150000.1.106.1 * scap-security-guide-0.1.80-150000.1.106.1 * scap-security-guide-ubuntu-0.1.80-150000.1.106.1 * scap-security-guide-debian-0.1.80-150000.1.106.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * scap-security-guide-redhat-0.1.80-150000.1.106.1 * scap-security-guide-0.1.80-150000.1.106.1 * scap-security-guide-ubuntu-0.1.80-150000.1.106.1 * scap-security-guide-debian-0.1.80-150000.1.106.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * scap-security-guide-redhat-0.1.80-150000.1.106.1 * scap-security-guide-0.1.80-150000.1.106.1 * scap-security-guide-ubuntu-0.1.80-150000.1.106.1 * scap-security-guide-debian-0.1.80-150000.1.106.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * scap-security-guide-redhat-0.1.80-150000.1.106.1 * scap-security-guide-0.1.80-150000.1.106.1 * scap-security-guide-ubuntu-0.1.80-150000.1.106.1 * scap-security-guide-debian-0.1.80-150000.1.106.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * scap-security-guide-redhat-0.1.80-150000.1.106.1 * scap-security-guide-0.1.80-150000.1.106.1 * scap-security-guide-ubuntu-0.1.80-150000.1.106.1 * scap-security-guide-debian-0.1.80-150000.1.106.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * scap-security-guide-redhat-0.1.80-150000.1.106.1 * scap-security-guide-0.1.80-150000.1.106.1 * scap-security-guide-ubuntu-0.1.80-150000.1.106.1 * scap-security-guide-debian-0.1.80-150000.1.106.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * scap-security-guide-redhat-0.1.80-150000.1.106.1 * scap-security-guide-0.1.80-150000.1.106.1 * scap-security-guide-ubuntu-0.1.80-150000.1.106.1 * scap-security-guide-debian-0.1.80-150000.1.106.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * scap-security-guide-redhat-0.1.80-150000.1.106.1 * scap-security-guide-0.1.80-150000.1.106.1 * scap-security-guide-ubuntu-0.1.80-150000.1.106.1 * scap-security-guide-debian-0.1.80-150000.1.106.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * scap-security-guide-redhat-0.1.80-150000.1.106.1 * scap-security-guide-0.1.80-150000.1.106.1 * scap-security-guide-ubuntu-0.1.80-150000.1.106.1 * scap-security-guide-debian-0.1.80-150000.1.106.1 ## References: * https://jira.suse.com/browse/ECO-3319 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 20:30:03 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 20:30:03 -0000 Subject: SUSE-RU-2026:1326-1: moderate: Recommended update for apache2-mod_auth_openidc Message-ID: <177619860353.321.9839011637891131138@5d6d53449fb2> # Recommended update for apache2-mod_auth_openidc Announcement ID: SUSE-RU-2026:1326-1 Release Date: 2026-04-14T13:53:00Z Rating: moderate References: * jsc#PED-14130 Affected Products: * openSUSE Leap 15.6 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that contains one feature can now be installed. ## Description: This update for apache2-mod_auth_openidc fixes the following issues: * actually run the testsuite (jsc#PED-14130) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1326=1 openSUSE-SLE-15.6-2026-1326=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1326=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1326=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1326=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * apache2-mod_auth_openidc-2.4.17.1-150600.16.17.1 * apache2-mod_auth_openidc-debugsource-2.4.17.1-150600.16.17.1 * apache2-mod_auth_openidc-debuginfo-2.4.17.1-150600.16.17.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * apache2-mod_auth_openidc-2.4.17.1-150600.16.17.1 * apache2-mod_auth_openidc-debugsource-2.4.17.1-150600.16.17.1 * apache2-mod_auth_openidc-debuginfo-2.4.17.1-150600.16.17.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * apache2-mod_auth_openidc-2.4.17.1-150600.16.17.1 * apache2-mod_auth_openidc-debugsource-2.4.17.1-150600.16.17.1 * apache2-mod_auth_openidc-debuginfo-2.4.17.1-150600.16.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * apache2-mod_auth_openidc-2.4.17.1-150600.16.17.1 * apache2-mod_auth_openidc-debugsource-2.4.17.1-150600.16.17.1 * apache2-mod_auth_openidc-debuginfo-2.4.17.1-150600.16.17.1 ## References: * https://jira.suse.com/browse/PED-14130 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 20:30:11 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 20:30:11 -0000 Subject: SUSE-SU-2026:1325-1: moderate: Security update for clamav Message-ID: <177619861171.321.4993930813892975869@5d6d53449fb2> # Security update for clamav Announcement ID: SUSE-SU-2026:1325-1 Release Date: 2026-04-14T13:15:54Z Rating: moderate References: * bsc#1221954 * bsc#1258072 * bsc#1259207 * jsc#PED-14819 Cross-References: * CVE-2026-20031 CVSS scores: * CVE-2026-20031 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-20031 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-20031 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability, contains one feature and has two security fixes can now be installed. ## Description: This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: * CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file (bsc#1259207). Non security issue: * Support transactional updates (jsc#PED-14819). Changelog: * Fixed a possible infinite loop when scanning some JPEG files by upgrading affected ClamAV dependency, a Rust image library. * The CVD verification process will now ignore certificate files in the CVD certs directory when the user lacks read permissions. * Freshclam: Fix CLD verification bug with PrivateMirror option. * Upgraded the Rust bytes dependency to a newer version to resolve RUSTSEC-2026-0007 advisory. * Fixed a possible crash caused by invalid pointer alignment on some platforms. * Minimal required Rust version is now 1.87. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1325=1 openSUSE-SLE-15.6-2026-1325=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1325=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1325=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1325=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libclamav12-1.5.2-150600.18.25.1 * clamav-debuginfo-1.5.2-150600.18.25.1 * clamav-1.5.2-150600.18.25.1 * clamav-milter-debuginfo-1.5.2-150600.18.25.1 * libclamav12-debuginfo-1.5.2-150600.18.25.1 * clamav-devel-1.5.2-150600.18.25.1 * libclammspack0-debuginfo-1.5.2-150600.18.25.1 * libclammspack0-1.5.2-150600.18.25.1 * clamav-debugsource-1.5.2-150600.18.25.1 * clamav-milter-1.5.2-150600.18.25.1 * libfreshclam4-1.5.2-150600.18.25.1 * libfreshclam4-debuginfo-1.5.2-150600.18.25.1 * openSUSE Leap 15.6 (noarch) * clamav-docs-html-1.5.2-150600.18.25.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libclamav12-1.5.2-150600.18.25.1 * clamav-debuginfo-1.5.2-150600.18.25.1 * clamav-1.5.2-150600.18.25.1 * clamav-milter-debuginfo-1.5.2-150600.18.25.1 * libclamav12-debuginfo-1.5.2-150600.18.25.1 * clamav-devel-1.5.2-150600.18.25.1 * libclammspack0-debuginfo-1.5.2-150600.18.25.1 * libclammspack0-1.5.2-150600.18.25.1 * clamav-debugsource-1.5.2-150600.18.25.1 * clamav-milter-1.5.2-150600.18.25.1 * libfreshclam4-1.5.2-150600.18.25.1 * libfreshclam4-debuginfo-1.5.2-150600.18.25.1 * Basesystem Module 15-SP7 (noarch) * clamav-docs-html-1.5.2-150600.18.25.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libclamav12-1.5.2-150600.18.25.1 * clamav-debuginfo-1.5.2-150600.18.25.1 * clamav-1.5.2-150600.18.25.1 * clamav-milter-debuginfo-1.5.2-150600.18.25.1 * libclamav12-debuginfo-1.5.2-150600.18.25.1 * clamav-devel-1.5.2-150600.18.25.1 * libclammspack0-debuginfo-1.5.2-150600.18.25.1 * libclammspack0-1.5.2-150600.18.25.1 * clamav-debugsource-1.5.2-150600.18.25.1 * clamav-milter-1.5.2-150600.18.25.1 * libfreshclam4-1.5.2-150600.18.25.1 * libfreshclam4-debuginfo-1.5.2-150600.18.25.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * clamav-docs-html-1.5.2-150600.18.25.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libclamav12-1.5.2-150600.18.25.1 * clamav-debuginfo-1.5.2-150600.18.25.1 * clamav-1.5.2-150600.18.25.1 * clamav-milter-debuginfo-1.5.2-150600.18.25.1 * libclamav12-debuginfo-1.5.2-150600.18.25.1 * clamav-devel-1.5.2-150600.18.25.1 * libclammspack0-debuginfo-1.5.2-150600.18.25.1 * libclammspack0-1.5.2-150600.18.25.1 * clamav-debugsource-1.5.2-150600.18.25.1 * clamav-milter-1.5.2-150600.18.25.1 * libfreshclam4-1.5.2-150600.18.25.1 * libfreshclam4-debuginfo-1.5.2-150600.18.25.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * clamav-docs-html-1.5.2-150600.18.25.1 ## References: * https://www.suse.com/security/cve/CVE-2026-20031.html * https://bugzilla.suse.com/show_bug.cgi?id=1221954 * https://bugzilla.suse.com/show_bug.cgi?id=1258072 * https://bugzilla.suse.com/show_bug.cgi?id=1259207 * https://jira.suse.com/browse/PED-14819 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 20:30:17 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 20:30:17 -0000 Subject: SUSE-SU-2026:1324-1: moderate: Security update for clamav Message-ID: <177619861795.321.3123279143429511389@5d6d53449fb2> # Security update for clamav Announcement ID: SUSE-SU-2026:1324-1 Release Date: 2026-04-14T13:15:34Z Rating: moderate References: * bsc#1221954 * bsc#1258072 * bsc#1259207 * jsc#PED-14819 Cross-References: * CVE-2026-20031 CVSS scores: * CVE-2026-20031 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-20031 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-20031 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability, contains one feature and has two security fixes can now be installed. ## Description: This update for clamav fixes the following issues: Update to clamav 1.5.2: * CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file (bsc#1259207). Non security issue: * Support transactional updates (jsc#PED-14819). * Require main and library packages to be of the same version and release (bsc#1258072). Changelog: * Fixed a possible infinite loop when scanning some JPEG files by upgrading affected ClamAV dependency, a Rust image library. * The CVD verification process will now ignore certificate files in the CVD certs directory when the user lacks read permissions. * Freshclam: Fix CLD verification bug with PrivateMirror option. * Upgraded the Rust bytes dependency to a newer version to resolve RUSTSEC-2026-0007 advisory. * Fixed a possible crash caused by invalid pointer alignment on some platforms. * Minimal required Rust version is now 1.87. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1324=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1324=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * clamav-debuginfo-1.5.2-3.53.1 * clamav-milter-1.5.2-3.53.1 * libclammspack0-1.5.2-3.53.1 * clamav-1.5.2-3.53.1 * clamav-debugsource-1.5.2-3.53.1 * libfreshclam4-1.5.2-3.53.1 * libclamav12-debuginfo-1.5.2-3.53.1 * libfreshclam4-debuginfo-1.5.2-3.53.1 * libclamav12-1.5.2-3.53.1 * libclammspack0-debuginfo-1.5.2-3.53.1 * clamav-devel-1.5.2-3.53.1 * clamav-milter-debuginfo-1.5.2-3.53.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * clamav-docs-html-1.5.2-3.53.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * clamav-debuginfo-1.5.2-3.53.1 * clamav-milter-1.5.2-3.53.1 * libclammspack0-1.5.2-3.53.1 * clamav-1.5.2-3.53.1 * clamav-debugsource-1.5.2-3.53.1 * libfreshclam4-1.5.2-3.53.1 * libclamav12-debuginfo-1.5.2-3.53.1 * libfreshclam4-debuginfo-1.5.2-3.53.1 * libclamav12-1.5.2-3.53.1 * libclammspack0-debuginfo-1.5.2-3.53.1 * clamav-devel-1.5.2-3.53.1 * clamav-milter-debuginfo-1.5.2-3.53.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * clamav-docs-html-1.5.2-3.53.1 ## References: * https://www.suse.com/security/cve/CVE-2026-20031.html * https://bugzilla.suse.com/show_bug.cgi?id=1221954 * https://bugzilla.suse.com/show_bug.cgi?id=1258072 * https://bugzilla.suse.com/show_bug.cgi?id=1259207 * https://jira.suse.com/browse/PED-14819 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 20:30:21 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 20:30:21 -0000 Subject: SUSE-SU-2026:1323-1: important: Security update for libpng16 Message-ID: <177619862135.321.622029208807095101@5d6d53449fb2> # Security update for libpng16 Announcement ID: SUSE-SU-2026:1323-1 Release Date: 2026-04-14T13:12:33Z Rating: important References: * bsc#1260754 Cross-References: * CVE-2026-33416 CVSS scores: * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libpng16 fixes the following issues: * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1323=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1323=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1323=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1323=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1323=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1323=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1323=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1323=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1323=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1323=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1323=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1323=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1323=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1323=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1323=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libpng16-compat-devel-1.6.34-150000.3.22.1 * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * libpng16-devel-1.6.34-150000.3.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libpng16-16-32bit-1.6.34-150000.3.22.1 * libpng16-16-32bit-debuginfo-1.6.34-150000.3.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libpng16-compat-devel-1.6.34-150000.3.22.1 * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * libpng16-devel-1.6.34-150000.3.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libpng16-16-32bit-1.6.34-150000.3.22.1 * libpng16-16-32bit-debuginfo-1.6.34-150000.3.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libpng16-compat-devel-1.6.34-150000.3.22.1 * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * libpng16-devel-1.6.34-150000.3.22.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libpng16-16-32bit-1.6.34-150000.3.22.1 * libpng16-16-32bit-debuginfo-1.6.34-150000.3.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libpng16-compat-devel-1.6.34-150000.3.22.1 * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * libpng16-devel-1.6.34-150000.3.22.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libpng16-16-32bit-1.6.34-150000.3.22.1 * libpng16-16-32bit-debuginfo-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libpng16-compat-devel-1.6.34-150000.3.22.1 * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * libpng16-devel-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libpng16-16-32bit-1.6.34-150000.3.22.1 * libpng16-16-32bit-debuginfo-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libpng16-compat-devel-1.6.34-150000.3.22.1 * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * libpng16-devel-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libpng16-16-32bit-1.6.34-150000.3.22.1 * libpng16-16-32bit-debuginfo-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libpng16-compat-devel-1.6.34-150000.3.22.1 * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * libpng16-devel-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libpng16-16-32bit-1.6.34-150000.3.22.1 * libpng16-16-32bit-debuginfo-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libpng16-compat-devel-1.6.34-150000.3.22.1 * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * libpng16-devel-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libpng16-16-32bit-1.6.34-150000.3.22.1 * libpng16-16-32bit-debuginfo-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libpng16-16-debuginfo-1.6.34-150000.3.22.1 * libpng16-16-1.6.34-150000.3.22.1 * libpng16-debugsource-1.6.34-150000.3.22.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://bugzilla.suse.com/show_bug.cgi?id=1260754 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 20:30:24 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 20:30:24 -0000 Subject: SUSE-SU-2026:1322-1: important: Security update for MozillaFirefox Message-ID: <177619862441.321.17998916399371525463@5d6d53449fb2> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2026:1322-1 Release Date: 2026-04-14T12:42:13Z Rating: important References: * bsc#1261663 * jsc#PED-15778 Cross-References: * CVE-2026-5731 * CVE-2026-5732 * CVE-2026-5734 CVSS scores: * CVE-2026-5731 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5731 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5732 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5732 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5734 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5734 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5734 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities and contains one feature can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Update to 149.0.2 and 140.9.1esr (bsc#1261663). * CVE-2026-5731: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. * CVE-2026-5732: Incorrect boundary conditions, integer overflow in the Graphics: Text component. * CVE-2026-5734: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1322=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1322=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1322=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1322=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1322=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1322=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1322=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1322=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1322=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1322=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1322=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-140.9.1-150200.152.228.1 * MozillaFirefox-translations-common-140.9.1-150200.152.228.1 * MozillaFirefox-debuginfo-140.9.1-150200.152.228.1 * MozillaFirefox-translations-other-140.9.1-150200.152.228.1 * MozillaFirefox-140.9.1-150200.152.228.1 * Desktop Applications Module 15-SP7 (noarch) * MozillaFirefox-devel-140.9.1-150200.152.228.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5731.html * https://www.suse.com/security/cve/CVE-2026-5732.html * https://www.suse.com/security/cve/CVE-2026-5734.html * https://bugzilla.suse.com/show_bug.cgi?id=1261663 * https://jira.suse.com/browse/PED-15778 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 20:30:40 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 20:30:40 -0000 Subject: SUSE-SU-2026:1321-1: important: Security update for go1.25 Message-ID: <177619864018.321.10362195122432350190@5d6d53449fb2> # Security update for go1.25 Announcement ID: SUSE-SU-2026:1321-1 Release Date: 2026-04-14T12:40:54Z Rating: important References: * bsc#1244485 * bsc#1261653 * bsc#1261654 * bsc#1261655 * bsc#1261656 * bsc#1261657 * bsc#1261658 * bsc#1261659 * bsc#1261660 * bsc#1261661 Cross-References: * CVE-2026-27140 * CVE-2026-27143 * CVE-2026-27144 * CVE-2026-32280 * CVE-2026-32281 * CVE-2026-32282 * CVE-2026-32283 * CVE-2026-32288 * CVE-2026-32289 CVSS scores: * CVE-2026-27140 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27140 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27143 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-27143 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27144 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-27144 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32280 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32280 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32282 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32283 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32283 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32288 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-32288 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-32289 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-32289 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves nine vulnerabilities and has one security fix can now be installed. ## Description: This update for go1.25 fixes the following issues: * Update to go1.25.9 (bsc#1244485). * CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653). * CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654). * CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655). * CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656). * CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657). * CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658). * CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock (bsc#1261659). * CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660). * CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1321=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1321=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1321=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1321=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1321=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1321=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1321=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1321=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1321=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1321=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1321=1 ## Package List: * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * go1.25-doc-1.25.9-150000.1.35.1 * go1.25-race-1.25.9-150000.1.35.1 * go1.25-1.25.9-150000.1.35.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27140.html * https://www.suse.com/security/cve/CVE-2026-27143.html * https://www.suse.com/security/cve/CVE-2026-27144.html * https://www.suse.com/security/cve/CVE-2026-32280.html * https://www.suse.com/security/cve/CVE-2026-32281.html * https://www.suse.com/security/cve/CVE-2026-32282.html * https://www.suse.com/security/cve/CVE-2026-32283.html * https://www.suse.com/security/cve/CVE-2026-32288.html * https://www.suse.com/security/cve/CVE-2026-32289.html * https://bugzilla.suse.com/show_bug.cgi?id=1244485 * https://bugzilla.suse.com/show_bug.cgi?id=1261653 * https://bugzilla.suse.com/show_bug.cgi?id=1261654 * https://bugzilla.suse.com/show_bug.cgi?id=1261655 * https://bugzilla.suse.com/show_bug.cgi?id=1261656 * https://bugzilla.suse.com/show_bug.cgi?id=1261657 * https://bugzilla.suse.com/show_bug.cgi?id=1261658 * https://bugzilla.suse.com/show_bug.cgi?id=1261659 * https://bugzilla.suse.com/show_bug.cgi?id=1261660 * https://bugzilla.suse.com/show_bug.cgi?id=1261661 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 20:30:57 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 20:30:57 -0000 Subject: SUSE-SU-2026:1320-1: important: Security update for go1.26 Message-ID: <177619865789.321.13666963790748260402@5d6d53449fb2> # Security update for go1.26 Announcement ID: SUSE-SU-2026:1320-1 Release Date: 2026-04-14T12:39:44Z Rating: important References: * bsc#1255111 * bsc#1261653 * bsc#1261654 * bsc#1261655 * bsc#1261656 * bsc#1261657 * bsc#1261658 * bsc#1261659 * bsc#1261660 * bsc#1261661 * bsc#1261662 Cross-References: * CVE-2026-27140 * CVE-2026-27143 * CVE-2026-27144 * CVE-2026-32280 * CVE-2026-32281 * CVE-2026-32282 * CVE-2026-32283 * CVE-2026-32288 * CVE-2026-32289 * CVE-2026-33810 CVSS scores: * CVE-2026-27140 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27140 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27143 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-27143 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27144 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-27144 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32280 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32280 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32281 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32282 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-32283 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32283 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32288 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-32288 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-32289 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-32289 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-33810 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-33810 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 10 vulnerabilities and has one security fix can now be installed. ## Description: This update for go1.26 fixes the following issues: * Update to go1.26.2 (bsc#1255111). * CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653). * CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654). * CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655). * CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656). * CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657). * CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658). * CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock (bsc#1261659). * CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660). * CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661). * CVE-2026-33810: crypto/x509: excluded DNS constraints not properly applied to wildcard domains (bsc#1261662). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1320=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1320=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1320=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1320=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1320=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1320=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1320=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1320=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1320=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1320=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1320=1 ## Package List: * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * go1.26-race-1.26.2-150000.1.9.1 * go1.26-1.26.2-150000.1.9.1 * go1.26-doc-1.26.2-150000.1.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27140.html * https://www.suse.com/security/cve/CVE-2026-27143.html * https://www.suse.com/security/cve/CVE-2026-27144.html * https://www.suse.com/security/cve/CVE-2026-32280.html * https://www.suse.com/security/cve/CVE-2026-32281.html * https://www.suse.com/security/cve/CVE-2026-32282.html * https://www.suse.com/security/cve/CVE-2026-32283.html * https://www.suse.com/security/cve/CVE-2026-32288.html * https://www.suse.com/security/cve/CVE-2026-32289.html * https://www.suse.com/security/cve/CVE-2026-33810.html * https://bugzilla.suse.com/show_bug.cgi?id=1255111 * https://bugzilla.suse.com/show_bug.cgi?id=1261653 * https://bugzilla.suse.com/show_bug.cgi?id=1261654 * https://bugzilla.suse.com/show_bug.cgi?id=1261655 * https://bugzilla.suse.com/show_bug.cgi?id=1261656 * https://bugzilla.suse.com/show_bug.cgi?id=1261657 * https://bugzilla.suse.com/show_bug.cgi?id=1261658 * https://bugzilla.suse.com/show_bug.cgi?id=1261659 * https://bugzilla.suse.com/show_bug.cgi?id=1261660 * https://bugzilla.suse.com/show_bug.cgi?id=1261661 * https://bugzilla.suse.com/show_bug.cgi?id=1261662 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 20:30:59 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 20:30:59 -0000 Subject: SUSE-RU-2026:1318-1: moderate: Recommended update for saphana-checks Message-ID: <177619865940.321.9408051430431659255@5d6d53449fb2> # Recommended update for saphana-checks Announcement ID: SUSE-RU-2026:1318-1 Release Date: 2026-04-14T12:20:55Z Rating: moderate References: Affected Products: * openSUSE Leap 15.6 * SAP Applications Module 15-SP6 * SAP Applications Module 15-SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for saphana-checks fixes the following issues: * Checks: * add check 5550 - Azure Premium SSD v1 Write Accelerator * SLES 15.3 - end of support - remove from checks, framework and unit tests * Add RC=99 detection to prevent silent check failures * Fix OS validation to return uncertain (RC=3) for unknown versions * OS/Hyperscaler: * Google Cloud's Agent for SAP version 3.12 * Azure azcopy new version * GPFS versions - update to latest recommended; Error message for 5.1 which is at end of support * Power11 - new hardware certified * SLES saptune - new version, hotfix THP defrag * Skip hyperthreading check on hyperscalers * Check 3301: validate AAN paired with synthetic interfaces on Azure * check 0102: warn on previous generation AWS EC2 instances; add missing, remove wrong * SLES kernel - minimal versions less than 1y; THP defrag fixes * IBM Power EnergyScale settings - Maximum Performance recommended * GCP - minimal linux kernel requirements * OS HANA support - SLES - Azure, IBM Power(10|11) - new SAP Note reference * SAPHanaSR-angi 1.3.0 * SAP Host Agent 7.22 PL70 * Google Cloud's Agent for SAP Version 3.11 * HANA: * HANA infra issue - landscapeHostConfiguration.py reports "unkown" status after "partial" and before "starting" * HANA infra issue - Long running Savepoints - replace issue number by new SAP Note * HANA infra - adjust affected releases, Note title, add new LSS * HANA client version 2.28.19 * Code Quality and Refactoring * new bashunit version 0.34.1 (perf improvments, tap output, bugfixes) * remove shunit2 test framework and migrate to bashunit * refactor: Extract tcp_window_scaling check from network parameters * Unit tests - OS validation - override adjust valid OSses * Some Checks - cleaner unittest tweaks * add missing unit test files for checks 7xxx - adjust check for tweaking * CI - bashunit junit xml output; upload-artifact test-results * fix artifact upload file paths * Documentation: * add guidelines and template to prevent bashunit test interference ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SAP Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP7-2026-1318=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1318=1 * SAP Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP6-2026-1318=1 ## Package List: * SAP Applications Module 15-SP7 (noarch) * saphana-checks-2603+1.gc8f2ff9-150600.13.32.1 * openSUSE Leap 15.6 (noarch) * saphana-checks-2603+1.gc8f2ff9-150600.13.32.1 * SAP Applications Module 15-SP6 (noarch) * saphana-checks-2603+1.gc8f2ff9-150600.13.32.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 20:31:02 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 20:31:02 -0000 Subject: SUSE-RU-2026:1317-1: important: Recommended update for resource-agents Message-ID: <177619866233.321.884768506399984169@5d6d53449fb2> # Recommended update for resource-agents Announcement ID: SUSE-RU-2026:1317-1 Release Date: 2026-04-14T12:20:27Z Rating: important References: * bsc#1260984 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise High Availability Extension 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that has one fix can now be installed. ## Description: This update for resource-agents fixes the following issues: * aws-vpc-move-ip: add awscli_timeout option (bsc#1260984) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1317=1 openSUSE-SLE-15.6-2026-1317=1 * SUSE Linux Enterprise High Availability Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-1317=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * resource-agents-debugsource-4.13.0+git6.ae50f94f-150600.4.22.1 * resource-agents-4.13.0+git6.ae50f94f-150600.4.22.1 * resource-agents-zfs-4.13.0+git6.ae50f94f-150600.4.22.1 * resource-agents-debuginfo-4.13.0+git6.ae50f94f-150600.4.22.1 * ldirectord-4.13.0+git6.ae50f94f-150600.4.22.1 * openSUSE Leap 15.6 (noarch) * monitoring-plugins-metadata-4.13.0+git6.ae50f94f-150600.4.22.1 * SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le s390x x86_64) * ldirectord-4.13.0+git6.ae50f94f-150600.4.22.1 * resource-agents-debugsource-4.13.0+git6.ae50f94f-150600.4.22.1 * resource-agents-4.13.0+git6.ae50f94f-150600.4.22.1 * resource-agents-debuginfo-4.13.0+git6.ae50f94f-150600.4.22.1 * SUSE Linux Enterprise High Availability Extension 15 SP6 (noarch) * monitoring-plugins-metadata-4.13.0+git6.ae50f94f-150600.4.22.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1260984 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 14 20:31:06 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 14 Apr 2026 20:31:06 -0000 Subject: SUSE-RU-2026:1316-1: important: Recommended update for resource-agents Message-ID: <177619866682.321.11231560634761471147@5d6d53449fb2> # Recommended update for resource-agents Announcement ID: SUSE-RU-2026:1316-1 Release Date: 2026-04-14T12:19:49Z Rating: important References: * bsc#1251836 * bsc#1260984 Affected Products: * SUSE Linux Enterprise High Availability Extension 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has two fixes can now be installed. ## Description: This update for resource-agents fixes the following issues: * aws-vpc-move-ip: add awscli_timeout option (bsc#1260984) * fix: ec2 and awsvip resource agent's retry mechanism for AWS monitoring (bsc#1251836) * add auth_type parameter and AWS Policy based authentication type ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2026-1316=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le s390x x86_64) * ldirectord-4.13.0+git6.ae50f94f-150700.7.6.1 * resource-agents-4.13.0+git6.ae50f94f-150700.7.6.1 * resource-agents-debugsource-4.13.0+git6.ae50f94f-150700.7.6.1 * resource-agents-debuginfo-4.13.0+git6.ae50f94f-150700.7.6.1 * SUSE Linux Enterprise High Availability Extension 15 SP7 (noarch) * monitoring-plugins-metadata-4.13.0+git6.ae50f94f-150700.7.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1251836 * https://bugzilla.suse.com/show_bug.cgi?id=1260984 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 08:30:15 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 08:30:15 -0000 Subject: SUSE-SU-2026:1335-1: important: Security update for xorg-x11-server Message-ID: <177624181585.1114.3183848376633245723@5d6d53449fb2> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2026:1335-1 Release Date: 2026-04-14T17:28:43Z Rating: important References: * bsc#1260922 * bsc#1260923 * bsc#1260924 * bsc#1260925 * bsc#1260926 Cross-References: * CVE-2026-33999 * CVE-2026-34000 * CVE-2026-34001 * CVE-2026-34002 * CVE-2026-34003 CVSS scores: * CVE-2026-33999 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34000 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34001 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34002 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922). * CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923). * CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924). * CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925). * CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1335=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1335=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1335=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1335=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1335=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * xorg-x11-server-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-source-21.1.4-150500.7.46.1 * xorg-x11-server-extra-21.1.4-150500.7.46.1 * xorg-x11-server-sdk-21.1.4-150500.7.46.1 * xorg-x11-server-21.1.4-150500.7.46.1 * xorg-x11-server-debugsource-21.1.4-150500.7.46.1 * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * xorg-x11-server-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-extra-21.1.4-150500.7.46.1 * xorg-x11-server-sdk-21.1.4-150500.7.46.1 * xorg-x11-server-21.1.4-150500.7.46.1 * xorg-x11-server-debugsource-21.1.4-150500.7.46.1 * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * xorg-x11-server-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-extra-21.1.4-150500.7.46.1 * xorg-x11-server-sdk-21.1.4-150500.7.46.1 * xorg-x11-server-21.1.4-150500.7.46.1 * xorg-x11-server-debugsource-21.1.4-150500.7.46.1 * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.46.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-extra-21.1.4-150500.7.46.1 * xorg-x11-server-sdk-21.1.4-150500.7.46.1 * xorg-x11-server-21.1.4-150500.7.46.1 * xorg-x11-server-debugsource-21.1.4-150500.7.46.1 * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * xorg-x11-server-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-extra-21.1.4-150500.7.46.1 * xorg-x11-server-sdk-21.1.4-150500.7.46.1 * xorg-x11-server-21.1.4-150500.7.46.1 * xorg-x11-server-debugsource-21.1.4-150500.7.46.1 * xorg-x11-server-extra-debuginfo-21.1.4-150500.7.46.1 * xorg-x11-server-Xvfb-21.1.4-150500.7.46.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33999.html * https://www.suse.com/security/cve/CVE-2026-34000.html * https://www.suse.com/security/cve/CVE-2026-34001.html * https://www.suse.com/security/cve/CVE-2026-34002.html * https://www.suse.com/security/cve/CVE-2026-34003.html * https://bugzilla.suse.com/show_bug.cgi?id=1260922 * https://bugzilla.suse.com/show_bug.cgi?id=1260923 * https://bugzilla.suse.com/show_bug.cgi?id=1260924 * https://bugzilla.suse.com/show_bug.cgi?id=1260925 * https://bugzilla.suse.com/show_bug.cgi?id=1260926 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 08:30:25 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 08:30:25 -0000 Subject: SUSE-SU-2026:1333-1: important: Security update for xorg-x11-server Message-ID: <177624182565.1114.9834245768771731005@5d6d53449fb2> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2026:1333-1 Release Date: 2026-04-14T17:19:03Z Rating: important References: * bsc#1260922 * bsc#1260923 * bsc#1260924 * bsc#1260925 * bsc#1260926 Cross-References: * CVE-2026-33999 * CVE-2026-34000 * CVE-2026-34001 * CVE-2026-34002 * CVE-2026-34003 CVSS scores: * CVE-2026-33999 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34000 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34001 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34002 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922). * CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923). * CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924). * CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925). * CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1333=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1333=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1333=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1333=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1333=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * xorg-x11-server-extra-1.20.3-150400.38.68.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debugsource-1.20.3-150400.38.68.1 * xorg-x11-server-source-1.20.3-150400.38.68.1 * xorg-x11-server-1.20.3-150400.38.68.1 * xorg-x11-server-sdk-1.20.3-150400.38.68.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * xorg-x11-server-extra-1.20.3-150400.38.68.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debugsource-1.20.3-150400.38.68.1 * xorg-x11-server-1.20.3-150400.38.68.1 * xorg-x11-server-sdk-1.20.3-150400.38.68.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * xorg-x11-server-extra-1.20.3-150400.38.68.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debugsource-1.20.3-150400.38.68.1 * xorg-x11-server-1.20.3-150400.38.68.1 * xorg-x11-server-sdk-1.20.3-150400.38.68.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-1.20.3-150400.38.68.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debugsource-1.20.3-150400.38.68.1 * xorg-x11-server-1.20.3-150400.38.68.1 * xorg-x11-server-sdk-1.20.3-150400.38.68.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * xorg-x11-server-extra-1.20.3-150400.38.68.1 * xorg-x11-server-extra-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debuginfo-1.20.3-150400.38.68.1 * xorg-x11-server-debugsource-1.20.3-150400.38.68.1 * xorg-x11-server-1.20.3-150400.38.68.1 * xorg-x11-server-sdk-1.20.3-150400.38.68.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33999.html * https://www.suse.com/security/cve/CVE-2026-34000.html * https://www.suse.com/security/cve/CVE-2026-34001.html * https://www.suse.com/security/cve/CVE-2026-34002.html * https://www.suse.com/security/cve/CVE-2026-34003.html * https://bugzilla.suse.com/show_bug.cgi?id=1260922 * https://bugzilla.suse.com/show_bug.cgi?id=1260923 * https://bugzilla.suse.com/show_bug.cgi?id=1260924 * https://bugzilla.suse.com/show_bug.cgi?id=1260925 * https://bugzilla.suse.com/show_bug.cgi?id=1260926 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 08:30:34 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 08:30:34 -0000 Subject: SUSE-SU-2026:1332-1: important: Security update for xorg-x11-server Message-ID: <177624183478.1114.6749202672162594811@5d6d53449fb2> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2026:1332-1 Release Date: 2026-04-14T17:15:09Z Rating: important References: * bsc#1260922 * bsc#1260923 * bsc#1260924 * bsc#1260925 * bsc#1260926 Cross-References: * CVE-2026-33999 * CVE-2026-34000 * CVE-2026-34001 * CVE-2026-34002 * CVE-2026-34003 CVSS scores: * CVE-2026-33999 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34000 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34001 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34002 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922). * CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923). * CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924). * CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925). * CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1332=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1332=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-1.19.6-10.99.1 * xorg-x11-server-debuginfo-1.19.6-10.99.1 * xorg-x11-server-1.19.6-10.99.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.99.1 * xorg-x11-server-debugsource-1.19.6-10.99.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * xorg-x11-server-extra-1.19.6-10.99.1 * xorg-x11-server-debuginfo-1.19.6-10.99.1 * xorg-x11-server-1.19.6-10.99.1 * xorg-x11-server-extra-debuginfo-1.19.6-10.99.1 * xorg-x11-server-debugsource-1.19.6-10.99.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33999.html * https://www.suse.com/security/cve/CVE-2026-34000.html * https://www.suse.com/security/cve/CVE-2026-34001.html * https://www.suse.com/security/cve/CVE-2026-34002.html * https://www.suse.com/security/cve/CVE-2026-34003.html * https://bugzilla.suse.com/show_bug.cgi?id=1260922 * https://bugzilla.suse.com/show_bug.cgi?id=1260923 * https://bugzilla.suse.com/show_bug.cgi?id=1260924 * https://bugzilla.suse.com/show_bug.cgi?id=1260925 * https://bugzilla.suse.com/show_bug.cgi?id=1260926 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 08:30:44 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 08:30:44 -0000 Subject: SUSE-SU-2026:1331-1: important: Security update for xorg-x11-server Message-ID: <177624184415.1114.15267645747979953170@5d6d53449fb2> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2026:1331-1 Release Date: 2026-04-14T17:11:42Z Rating: important References: * bsc#1260922 * bsc#1260923 * bsc#1260924 * bsc#1260925 * bsc#1260926 Cross-References: * CVE-2026-33999 * CVE-2026-34000 * CVE-2026-34001 * CVE-2026-34002 * CVE-2026-34003 CVSS scores: * CVE-2026-33999 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34000 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34001 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34002 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves five vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922). * CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923). * CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924). * CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925). * CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1331=1 openSUSE-SLE-15.6-2026-1331=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1331=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1331=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * xorg-x11-server-sdk-21.1.11-150600.5.25.1 * xorg-x11-server-source-21.1.11-150600.5.25.1 * xorg-x11-server-21.1.11-150600.5.25.1 * xorg-x11-server-debugsource-21.1.11-150600.5.25.1 * xorg-x11-server-Xvfb-21.1.11-150600.5.25.1 * xorg-x11-server-Xvfb-debuginfo-21.1.11-150600.5.25.1 * xorg-x11-server-extra-21.1.11-150600.5.25.1 * xorg-x11-server-extra-debuginfo-21.1.11-150600.5.25.1 * xorg-x11-server-debuginfo-21.1.11-150600.5.25.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * xorg-x11-server-sdk-21.1.11-150600.5.25.1 * xorg-x11-server-21.1.11-150600.5.25.1 * xorg-x11-server-debugsource-21.1.11-150600.5.25.1 * xorg-x11-server-Xvfb-21.1.11-150600.5.25.1 * xorg-x11-server-Xvfb-debuginfo-21.1.11-150600.5.25.1 * xorg-x11-server-extra-21.1.11-150600.5.25.1 * xorg-x11-server-extra-debuginfo-21.1.11-150600.5.25.1 * xorg-x11-server-debuginfo-21.1.11-150600.5.25.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * xorg-x11-server-sdk-21.1.11-150600.5.25.1 * xorg-x11-server-21.1.11-150600.5.25.1 * xorg-x11-server-debugsource-21.1.11-150600.5.25.1 * xorg-x11-server-Xvfb-21.1.11-150600.5.25.1 * xorg-x11-server-Xvfb-debuginfo-21.1.11-150600.5.25.1 * xorg-x11-server-extra-21.1.11-150600.5.25.1 * xorg-x11-server-extra-debuginfo-21.1.11-150600.5.25.1 * xorg-x11-server-debuginfo-21.1.11-150600.5.25.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33999.html * https://www.suse.com/security/cve/CVE-2026-34000.html * https://www.suse.com/security/cve/CVE-2026-34001.html * https://www.suse.com/security/cve/CVE-2026-34002.html * https://www.suse.com/security/cve/CVE-2026-34003.html * https://bugzilla.suse.com/show_bug.cgi?id=1260922 * https://bugzilla.suse.com/show_bug.cgi?id=1260923 * https://bugzilla.suse.com/show_bug.cgi?id=1260924 * https://bugzilla.suse.com/show_bug.cgi?id=1260925 * https://bugzilla.suse.com/show_bug.cgi?id=1260926 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 08:30:53 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 08:30:53 -0000 Subject: SUSE-SU-2026:1330-1: important: Security update for xorg-x11-server Message-ID: <177624185363.1114.1387670675790950393@5d6d53449fb2> # Security update for xorg-x11-server Announcement ID: SUSE-SU-2026:1330-1 Release Date: 2026-04-14T17:09:03Z Rating: important References: * bsc#1260922 * bsc#1260923 * bsc#1260924 * bsc#1260925 * bsc#1260926 Cross-References: * CVE-2026-33999 * CVE-2026-34000 * CVE-2026-34001 * CVE-2026-34002 * CVE-2026-34003 CVSS scores: * CVE-2026-33999 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34000 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34001 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34002 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for xorg-x11-server fixes the following issues: * CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922). * CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923). * CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924). * CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925). * CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1330=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1330=1 ## Package List: * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-debuginfo-21.1.15-150700.5.16.1 * xorg-x11-server-sdk-21.1.15-150700.5.16.1 * xorg-x11-server-debugsource-21.1.15-150700.5.16.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * xorg-x11-server-extra-debuginfo-21.1.15-150700.5.16.1 * xorg-x11-server-debugsource-21.1.15-150700.5.16.1 * xorg-x11-server-extra-21.1.15-150700.5.16.1 * xorg-x11-server-debuginfo-21.1.15-150700.5.16.1 * xorg-x11-server-Xvfb-debuginfo-21.1.15-150700.5.16.1 * xorg-x11-server-21.1.15-150700.5.16.1 * xorg-x11-server-Xvfb-21.1.15-150700.5.16.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33999.html * https://www.suse.com/security/cve/CVE-2026-34000.html * https://www.suse.com/security/cve/CVE-2026-34001.html * https://www.suse.com/security/cve/CVE-2026-34002.html * https://www.suse.com/security/cve/CVE-2026-34003.html * https://bugzilla.suse.com/show_bug.cgi?id=1260922 * https://bugzilla.suse.com/show_bug.cgi?id=1260923 * https://bugzilla.suse.com/show_bug.cgi?id=1260924 * https://bugzilla.suse.com/show_bug.cgi?id=1260925 * https://bugzilla.suse.com/show_bug.cgi?id=1260926 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 08:31:03 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 08:31:03 -0000 Subject: SUSE-SU-2026:1329-1: important: Security update for xwayland Message-ID: <177624186300.1114.6247102972396681816@5d6d53449fb2> # Security update for xwayland Announcement ID: SUSE-SU-2026:1329-1 Release Date: 2026-04-14T17:06:21Z Rating: important References: * bsc#1260922 * bsc#1260923 * bsc#1260924 * bsc#1260925 * bsc#1260926 Cross-References: * CVE-2026-33999 * CVE-2026-34000 * CVE-2026-34001 * CVE-2026-34002 * CVE-2026-34003 CVSS scores: * CVE-2026-33999 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34000 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34001 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34002 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.6 An update that solves five vulnerabilities can now be installed. ## Description: This update for xwayland fixes the following issues: * CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922). * CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923). * CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924). * CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925). * CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1329=1 openSUSE-SLE-15.6-2026-1329=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * xwayland-debuginfo-24.1.1-150600.5.23.1 * xwayland-24.1.1-150600.5.23.1 * xwayland-debugsource-24.1.1-150600.5.23.1 * xwayland-devel-24.1.1-150600.5.23.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33999.html * https://www.suse.com/security/cve/CVE-2026-34000.html * https://www.suse.com/security/cve/CVE-2026-34001.html * https://www.suse.com/security/cve/CVE-2026-34002.html * https://www.suse.com/security/cve/CVE-2026-34003.html * https://bugzilla.suse.com/show_bug.cgi?id=1260922 * https://bugzilla.suse.com/show_bug.cgi?id=1260923 * https://bugzilla.suse.com/show_bug.cgi?id=1260924 * https://bugzilla.suse.com/show_bug.cgi?id=1260925 * https://bugzilla.suse.com/show_bug.cgi?id=1260926 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 08:31:11 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 08:31:11 -0000 Subject: SUSE-SU-2026:1328-1: important: Security update for xwayland Message-ID: <177624187198.1114.14564546175152770942@5d6d53449fb2> # Security update for xwayland Announcement ID: SUSE-SU-2026:1328-1 Release Date: 2026-04-14T17:04:47Z Rating: important References: * bsc#1260922 * bsc#1260923 * bsc#1260924 * bsc#1260925 * bsc#1260926 Cross-References: * CVE-2026-33999 * CVE-2026-34000 * CVE-2026-34001 * CVE-2026-34002 * CVE-2026-34003 CVSS scores: * CVE-2026-33999 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34000 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34001 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34002 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for xwayland fixes the following issues: * CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922). * CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923). * CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924). * CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925). * CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1328=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * xwayland-debuginfo-24.1.5-150700.3.14.1 * xwayland-debugsource-24.1.5-150700.3.14.1 * xwayland-24.1.5-150700.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33999.html * https://www.suse.com/security/cve/CVE-2026-34000.html * https://www.suse.com/security/cve/CVE-2026-34001.html * https://www.suse.com/security/cve/CVE-2026-34002.html * https://www.suse.com/security/cve/CVE-2026-34003.html * https://bugzilla.suse.com/show_bug.cgi?id=1260922 * https://bugzilla.suse.com/show_bug.cgi?id=1260923 * https://bugzilla.suse.com/show_bug.cgi?id=1260924 * https://bugzilla.suse.com/show_bug.cgi?id=1260925 * https://bugzilla.suse.com/show_bug.cgi?id=1260926 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 12:30:05 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 12:30:05 -0000 Subject: SUSE-RU-2026:1339-1: moderate: Recommended update for aliyun-cli Message-ID: <177625620520.1445.3159503808911631794@2ec35c3f4c39> # Recommended update for aliyun-cli Announcement ID: SUSE-RU-2026:1339-1 Release Date: 2026-04-15T07:40:50Z Rating: moderate References: * bsc#1259227 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Public Cloud Module 15-SP5 * Public Cloud Module 15-SP6 * Public Cloud Module 15-SP7 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has one fix can now be installed. ## Description: This update for aliyun-cli fixes the following issues: * Fix version reported by command line utility (bsc#1259227) * Update to version 3.3.2: * Update Aliyun OpenAPI meta data * from version 3.3.1: * {Core}: Add custom User-Agent support and enable duplicate flag for plugin commands * Update Aliyun OpenAPI meta data * from version 3.3.0: * {Core}: Add plugin management by @AllyW in (#1284) * Update Aliyun OpenAPI meta data * from version 3.2.13: * Update Aliyun OpenAPI meta data * from version 3.2.12: * Update Aliyun OpenAPI meta data * from version 3.2.11: * Update Aliyun OpenAPI meta data * from version 3.2.10: * {Mcp-proxy}: Add access control for MCP servers * Update Aliyun OpenAPI meta data * Update to version 3.2.9: * Update Aliyun OpenAPI meta data * from version 3.2.8: * Update Aliyun OpenAPI meta data * Update to version 3.2.7: * Update Aliyun OpenAPI meta data * Update to version 3.2.6: * Update Aliyun OpenAPI meta data * Update to version 3.2.5: * {Core} Add --cli-query filter for response * {Core} Re-enable --force for restful api calling * Update Aliyun OpenAPI meta data * from version 3.2.4: * Update Aliyun OpenAPI meta data * Update to version 3.2.2: * {mcp} Improve MCP Proxy OAuth Token Refresh Reliability and Profile Reuse * Update Aliyun OpenAPI meta data * from version 3.2.1: * {Utils} Update mac runner by @AllyW in (#1283) * Update Aliyun OpenAPI meta data * Update to version 3.2.0: * {mcp} Add MCP Proxy Server with OAuth Authentication * Update Aliyun OpenAPI meta data * Update to version 3.1.7: * Update Aliyun OpenAPI meta data * from version 3.1.6: * Update Aliyun OpenAPI meta data * Update to version 3.1.5: * Update Aliyun OpenAPI meta data * Update to version 3.1.4: * {otsutil} Add otsutil for tablestore management * Update Aliyun OpenAPI meta data * from version 3.1.3: * {configure} Add --endpoint-type profile configuration * Update Aliyun OpenAPI meta data * from version 3.1.2: * Update Aliyun OpenAPI meta data ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1339=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1339=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2026-1339=1 * Public Cloud Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2026-1339=1 * Public Cloud Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2026-1339=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * aliyun-cli-3.3.2-150400.9.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le x86_64) * aliyun-cli-3.3.2-150400.9.6.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le x86_64) * aliyun-cli-3.3.2-150400.9.6.1 * Public Cloud Module 15-SP6 (aarch64 ppc64le x86_64) * aliyun-cli-3.3.2-150400.9.6.1 * Public Cloud Module 15-SP7 (aarch64 ppc64le x86_64) * aliyun-cli-3.3.2-150400.9.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1259227 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 12:30:09 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 12:30:09 -0000 Subject: SUSE-SU-2026:1338-1: moderate: Security update for giflib Message-ID: <177625620990.1445.5410255124961133455@2ec35c3f4c39> # Security update for giflib Announcement ID: SUSE-SU-2026:1338-1 Release Date: 2026-04-15T07:34:01Z Rating: moderate References: * bsc#1259502 Cross-References: * CVE-2026-23868 CVSS scores: * CVE-2026-23868 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-23868 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2026-23868 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for giflib fixes the following issue: * CVE-2026-23868: double-free result of a shallow copy can lead to memory corruption (bsc#1259502). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1338=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1338=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * giflib-progs-debuginfo-5.2.2-150000.4.19.1 * libgif7-5.2.2-150000.4.19.1 * giflib-debugsource-5.2.2-150000.4.19.1 * libgif7-debuginfo-5.2.2-150000.4.19.1 * giflib-progs-5.2.2-150000.4.19.1 * giflib-devel-5.2.2-150000.4.19.1 * openSUSE Leap 15.6 (x86_64) * libgif7-32bit-5.2.2-150000.4.19.1 * libgif7-32bit-debuginfo-5.2.2-150000.4.19.1 * giflib-devel-32bit-5.2.2-150000.4.19.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libgif7-5.2.2-150000.4.19.1 * giflib-debugsource-5.2.2-150000.4.19.1 * libgif7-debuginfo-5.2.2-150000.4.19.1 * giflib-devel-5.2.2-150000.4.19.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23868.html * https://bugzilla.suse.com/show_bug.cgi?id=1259502 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 12:30:13 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 12:30:13 -0000 Subject: SUSE-SU-2026:1337-1: moderate: Security update for rust1.92 Message-ID: <177625621318.1445.8930328111938994544@2ec35c3f4c39> # Security update for rust1.92 Announcement ID: SUSE-SU-2026:1337-1 Release Date: 2026-04-15T07:33:35Z Rating: moderate References: * bsc#1259623 Cross-References: * CVE-2026-31812 CVSS scores: * CVE-2026-31812 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31812 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31812 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Development Tools Module 15-SP7 * openSUSE Leap 15.3 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for rust1.92 fixes the following issues: * CVE-2026-31812: Denial of service via crafted QUIC initial packet (bsc#1259623). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1337=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1337=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1337=1 ## Package List: * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * cargo1.92-1.92.0-150300.7.6.1 * rust1.92-debuginfo-1.92.0-150300.7.6.1 * cargo1.92-debuginfo-1.92.0-150300.7.6.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.92-1.92.0-150300.7.6.1 * Development Tools Module 15-SP7 (noarch) * rust1.92-src-1.92.0-150300.7.6.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * cargo1.92-1.92.0-150300.7.6.1 * rust1.92-debuginfo-1.92.0-150300.7.6.1 * cargo1.92-debuginfo-1.92.0-150300.7.6.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586 nosrc) * rust1.92-1.92.0-150300.7.6.1 * openSUSE Leap 15.3 (noarch) * rust1.92-src-1.92.0-150300.7.6.1 * openSUSE Leap 15.3 (nosrc) * rust1.92-test-1.92.0-150300.7.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * cargo1.92-1.92.0-150300.7.6.1 * rust1.92-debuginfo-1.92.0-150300.7.6.1 * cargo1.92-debuginfo-1.92.0-150300.7.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.92-1.92.0-150300.7.6.1 * openSUSE Leap 15.6 (noarch) * rust1.92-src-1.92.0-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31812.html * https://bugzilla.suse.com/show_bug.cgi?id=1259623 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 16:30:17 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 16:30:17 -0000 Subject: SUSE-SU-2026:1344-1: moderate: Security update for libssh Message-ID: <177627061780.2041.10987176916102018662@6fd1d05cebf0> # Security update for libssh Announcement ID: SUSE-SU-2026:1344-1 Release Date: 2026-04-15T10:21:31Z Rating: moderate References: * bsc#1258045 * bsc#1258049 * bsc#1258054 * bsc#1258080 * bsc#1258081 * bsc#1259377 Cross-References: * CVE-2026-0964 * CVE-2026-0965 * CVE-2026-0966 * CVE-2026-0967 * CVE-2026-0968 * CVE-2026-3731 CVSS scores: * CVE-2026-0964 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-0964 ( NVD ): 5.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2026-0965 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-0965 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-0966 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-0966 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-0967 ( SUSE ): 1.0 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-0967 ( SUSE ): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2026-0967 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-0967 ( NVD ): 2.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2026-0968 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-0968 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L * CVE-2026-0968 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-0968 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-0968 ( NVD ): 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-3731 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-3731 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-3731 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3731 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-3731 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for libssh fixes the following issues: * CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler (bsc#1259377). * CVE-2026-0964: SCP protocol path traversal in `ssh_scp_pull_request()` (bsc#1258049). * CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045). * CVE-2026-0966: buffer underflow in `ssh_get_hexa()` on invalid input (bsc#1258054). * CVE-2026-0967: specially crafted patterns could cause a denial of service (bsc#1258081). * CVE-2026-0968: out-of-bounds read in `sftp_parse_longname()` (bsc#1258080). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1344=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libssh-devel-doc-0.6.3-12.28.1 ## References: * https://www.suse.com/security/cve/CVE-2026-0964.html * https://www.suse.com/security/cve/CVE-2026-0965.html * https://www.suse.com/security/cve/CVE-2026-0966.html * https://www.suse.com/security/cve/CVE-2026-0967.html * https://www.suse.com/security/cve/CVE-2026-0968.html * https://www.suse.com/security/cve/CVE-2026-3731.html * https://bugzilla.suse.com/show_bug.cgi?id=1258045 * https://bugzilla.suse.com/show_bug.cgi?id=1258049 * https://bugzilla.suse.com/show_bug.cgi?id=1258054 * https://bugzilla.suse.com/show_bug.cgi?id=1258080 * https://bugzilla.suse.com/show_bug.cgi?id=1258081 * https://bugzilla.suse.com/show_bug.cgi?id=1259377 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 16:30:21 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 16:30:21 -0000 Subject: SUSE-SU-2026:1343-1: moderate: Security update for Mesa Message-ID: <177627062136.2041.8871774456986777640@6fd1d05cebf0> # Security update for Mesa Announcement ID: SUSE-SU-2026:1343-1 Release Date: 2026-04-15T10:18:56Z Rating: moderate References: * bsc#1261998 Cross-References: * CVE-2026-40393 CVSS scores: * CVE-2026-40393 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-40393 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for Mesa fixes the following issue: * CVE-2026-40393: out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party (bsc#1261998). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1343=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1343=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1343=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * Mesa-libGL1-20.2.4-150300.59.12.1 * Mesa-libEGL1-debuginfo-20.2.4-150300.59.12.1 * Mesa-libEGL-devel-20.2.4-150300.59.12.1 * Mesa-libGL-devel-20.2.4-150300.59.12.1 * libOSMesa-devel-20.2.4-150300.59.12.1 * Mesa-libGLESv1_CM-devel-20.2.4-150300.59.12.1 * libgbm1-20.2.4-150300.59.12.1 * Mesa-drivers-debugsource-20.2.4-150300.59.12.1 * Mesa-libGLESv2-devel-20.2.4-150300.59.12.1 * libgbm-devel-20.2.4-150300.59.12.1 * Mesa-dri-20.2.4-150300.59.12.1 * libOSMesa8-debuginfo-20.2.4-150300.59.12.1 * Mesa-KHR-devel-20.2.4-150300.59.12.1 * Mesa-libglapi-devel-20.2.4-150300.59.12.1 * Mesa-devel-20.2.4-150300.59.12.1 * Mesa-dri-devel-20.2.4-150300.59.12.1 * libOSMesa8-20.2.4-150300.59.12.1 * Mesa-libGLESv3-devel-20.2.4-150300.59.12.1 * Mesa-20.2.4-150300.59.12.1 * Mesa-debugsource-20.2.4-150300.59.12.1 * Mesa-dri-debuginfo-20.2.4-150300.59.12.1 * Mesa-libglapi0-20.2.4-150300.59.12.1 * Mesa-libEGL1-20.2.4-150300.59.12.1 * Mesa-libglapi0-debuginfo-20.2.4-150300.59.12.1 * Mesa-libGL1-debuginfo-20.2.4-150300.59.12.1 * libgbm1-debuginfo-20.2.4-150300.59.12.1 * openSUSE Leap 15.3 (x86_64) * libXvMC_nouveau-32bit-20.2.4-150300.59.12.1 * Mesa-libd3d-32bit-debuginfo-20.2.4-150300.59.12.1 * libvulkan_radeon-32bit-20.2.4-150300.59.12.1 * libgbm1-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-libEGL1-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-gallium-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-libd3d-32bit-20.2.4-150300.59.12.1 * Mesa-gallium-32bit-20.2.4-150300.59.12.1 * Mesa-32bit-20.2.4-150300.59.12.1 * Mesa-libglapi-devel-32bit-20.2.4-150300.59.12.1 * Mesa-vulkan-device-select-32bit-20.2.4-150300.59.12.1 * libgbm1-32bit-20.2.4-150300.59.12.1 * Mesa-dri-32bit-20.2.4-150300.59.12.1 * Mesa-libGLESv2-devel-32bit-20.2.4-150300.59.12.1 * libOSMesa8-32bit-20.2.4-150300.59.12.1 * libOSMesa8-32bit-debuginfo-20.2.4-150300.59.12.1 * libgbm-devel-32bit-20.2.4-150300.59.12.1 * libXvMC_nouveau-32bit-debuginfo-20.2.4-150300.59.12.1 * libvulkan_intel-32bit-20.2.4-150300.59.12.1 * Mesa-libglapi0-32bit-20.2.4-150300.59.12.1 * libvdpau_nouveau-32bit-debuginfo-20.2.4-150300.59.12.1 * libvdpau_r600-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-libGL1-32bit-20.2.4-150300.59.12.1 * libvdpau_radeonsi-32bit-20.2.4-150300.59.12.1 * libXvMC_r600-32bit-20.2.4-150300.59.12.1 * Mesa-libGL1-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-vulkan-overlay-32bit-debuginfo-20.2.4-150300.59.12.1 * libvdpau_r300-32bit-20.2.4-150300.59.12.1 * libvdpau_radeonsi-32bit-debuginfo-20.2.4-150300.59.12.1 * libXvMC_r600-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-dri-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-libd3d-devel-32bit-20.2.4-150300.59.12.1 * Mesa-libEGL1-32bit-20.2.4-150300.59.12.1 * libvdpau_r600-32bit-20.2.4-150300.59.12.1 * Mesa-dri-nouveau-32bit-20.2.4-150300.59.12.1 * Mesa-libGL-devel-32bit-20.2.4-150300.59.12.1 * libOSMesa-devel-32bit-20.2.4-150300.59.12.1 * Mesa-libGLESv1_CM-devel-32bit-20.2.4-150300.59.12.1 * libvdpau_r300-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-libglapi0-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-vulkan-overlay-32bit-20.2.4-150300.59.12.1 * libvulkan_radeon-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-dri-nouveau-32bit-debuginfo-20.2.4-150300.59.12.1 * libvdpau_nouveau-32bit-20.2.4-150300.59.12.1 * Mesa-libEGL-devel-32bit-20.2.4-150300.59.12.1 * libvulkan_intel-32bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-vulkan-device-select-32bit-debuginfo-20.2.4-150300.59.12.1 * openSUSE Leap 15.3 (aarch64 ppc64le x86_64 i586) * Mesa-gallium-20.2.4-150300.59.12.1 * libvdpau_r600-20.2.4-150300.59.12.1 * libXvMC_nouveau-20.2.4-150300.59.12.1 * libXvMC_r600-debuginfo-20.2.4-150300.59.12.1 * Mesa-dri-nouveau-20.2.4-150300.59.12.1 * libvdpau_radeonsi-20.2.4-150300.59.12.1 * libxatracker2-1.0.0-150300.59.12.1 * libvdpau_radeonsi-debuginfo-20.2.4-150300.59.12.1 * libvdpau_r300-debuginfo-20.2.4-150300.59.12.1 * libvdpau_r300-20.2.4-150300.59.12.1 * Mesa-gallium-debuginfo-20.2.4-150300.59.12.1 * libxatracker2-debuginfo-1.0.0-150300.59.12.1 * Mesa-libva-20.2.4-150300.59.12.1 * libvdpau_nouveau-20.2.4-150300.59.12.1 * libXvMC_r600-20.2.4-150300.59.12.1 * Mesa-libva-debuginfo-20.2.4-150300.59.12.1 * Mesa-dri-nouveau-debuginfo-20.2.4-150300.59.12.1 * Mesa-libOpenCL-debuginfo-20.2.4-150300.59.12.1 * libvdpau_r600-debuginfo-20.2.4-150300.59.12.1 * libxatracker-devel-1.0.0-150300.59.12.1 * libvdpau_nouveau-debuginfo-20.2.4-150300.59.12.1 * libXvMC_nouveau-debuginfo-20.2.4-150300.59.12.1 * Mesa-libOpenCL-20.2.4-150300.59.12.1 * openSUSE Leap 15.3 (x86_64 i586) * Mesa-vulkan-device-select-debuginfo-20.2.4-150300.59.12.1 * libvulkan_radeon-debuginfo-20.2.4-150300.59.12.1 * Mesa-vulkan-device-select-20.2.4-150300.59.12.1 * libvulkan_intel-debuginfo-20.2.4-150300.59.12.1 * libvulkan_radeon-20.2.4-150300.59.12.1 * Mesa-vulkan-overlay-debuginfo-20.2.4-150300.59.12.1 * Mesa-vulkan-overlay-20.2.4-150300.59.12.1 * Mesa-libVulkan-devel-20.2.4-150300.59.12.1 * libvulkan_intel-20.2.4-150300.59.12.1 * openSUSE Leap 15.3 (aarch64 x86_64 i586) * Mesa-libd3d-devel-20.2.4-150300.59.12.1 * Mesa-libd3d-debuginfo-20.2.4-150300.59.12.1 * Mesa-libd3d-20.2.4-150300.59.12.1 * openSUSE Leap 15.3 (aarch64_ilp32) * Mesa-libEGL1-64bit-debuginfo-20.2.4-150300.59.12.1 * libvdpau_r300-64bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-dri-vc4-64bit-20.2.4-150300.59.12.1 * Mesa-libglapi0-64bit-20.2.4-150300.59.12.1 * libvdpau_radeonsi-64bit-20.2.4-150300.59.12.1 * Mesa-libGLESv2-devel-64bit-20.2.4-150300.59.12.1 * Mesa-gallium-64bit-20.2.4-150300.59.12.1 * Mesa-dri-nouveau-64bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-libEGL-devel-64bit-20.2.4-150300.59.12.1 * libvdpau_r600-64bit-debuginfo-20.2.4-150300.59.12.1 * libvdpau_nouveau-64bit-20.2.4-150300.59.12.1 * Mesa-libd3d-64bit-20.2.4-150300.59.12.1 * Mesa-libglapi-devel-64bit-20.2.4-150300.59.12.1 * libvdpau_r300-64bit-20.2.4-150300.59.12.1 * Mesa-dri-vc4-64bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-libGLESv1_CM-devel-64bit-20.2.4-150300.59.12.1 * Mesa-dri-nouveau-64bit-20.2.4-150300.59.12.1 * Mesa-libGL1-64bit-20.2.4-150300.59.12.1 * Mesa-libGL1-64bit-debuginfo-20.2.4-150300.59.12.1 * libgbm1-64bit-20.2.4-150300.59.12.1 * Mesa-libEGL1-64bit-20.2.4-150300.59.12.1 * libvdpau_nouveau-64bit-debuginfo-20.2.4-150300.59.12.1 * libXvMC_nouveau-64bit-debuginfo-20.2.4-150300.59.12.1 * libgbm-devel-64bit-20.2.4-150300.59.12.1 * libgbm1-64bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-64bit-20.2.4-150300.59.12.1 * libXvMC_nouveau-64bit-20.2.4-150300.59.12.1 * libOSMesa-devel-64bit-20.2.4-150300.59.12.1 * Mesa-dri-64bit-20.2.4-150300.59.12.1 * libOSMesa8-64bit-debuginfo-20.2.4-150300.59.12.1 * libvdpau_radeonsi-64bit-debuginfo-20.2.4-150300.59.12.1 * libOSMesa8-64bit-20.2.4-150300.59.12.1 * Mesa-libGL-devel-64bit-20.2.4-150300.59.12.1 * libXvMC_r600-64bit-20.2.4-150300.59.12.1 * Mesa-libd3d-64bit-debuginfo-20.2.4-150300.59.12.1 * libXvMC_r600-64bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-libglapi0-64bit-debuginfo-20.2.4-150300.59.12.1 * Mesa-dri-64bit-debuginfo-20.2.4-150300.59.12.1 * libvdpau_r600-64bit-20.2.4-150300.59.12.1 * Mesa-libd3d-devel-64bit-20.2.4-150300.59.12.1 * Mesa-gallium-64bit-debuginfo-20.2.4-150300.59.12.1 * openSUSE Leap 15.3 (aarch64) * Mesa-dri-vc4-20.2.4-150300.59.12.1 * Mesa-dri-vc4-debuginfo-20.2.4-150300.59.12.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * Mesa-debugsource-20.2.4-150300.59.12.1 * libgbm1-20.2.4-150300.59.12.1 * libgbm1-debuginfo-20.2.4-150300.59.12.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * Mesa-debugsource-20.2.4-150300.59.12.1 * libgbm1-20.2.4-150300.59.12.1 * libgbm1-debuginfo-20.2.4-150300.59.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40393.html * https://bugzilla.suse.com/show_bug.cgi?id=1261998 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 16:30:33 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 16:30:33 -0000 Subject: SUSE-SU-2026:1342-1: important: Security update for the Linux Kernel Message-ID: <177627063350.2041.8450431351759336750@6fd1d05cebf0> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:1342-1 Release Date: 2026-04-15T10:15:56Z Rating: important References: * bsc#1246057 * bsc#1257773 * bsc#1259797 * bsc#1260005 * bsc#1260009 * bsc#1260486 * bsc#1260730 Cross-References: * CVE-2025-38234 * CVE-2026-23103 * CVE-2026-23243 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23293 * CVE-2026-23398 CVSS scores: * CVE-2025-38234 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-38234 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-38234 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves seven vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security issues. The following security issues were fixed: * CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1342=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1342=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1342=1 ## Package List: * openSUSE Leap 15.3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (noarch) * kernel-devel-5.3.18-150300.59.241.1 * kernel-source-5.3.18-150300.59.241.1 * kernel-source-vanilla-5.3.18-150300.59.241.1 * kernel-docs-html-5.3.18-150300.59.241.1 * kernel-macros-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.241.1 * kernel-obs-build-debugsource-5.3.18-150300.59.241.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.241.1 * kernel-default-optional-5.3.18-150300.59.241.1 * cluster-md-kmp-default-5.3.18-150300.59.241.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.241.1 * kselftests-kmp-default-5.3.18-150300.59.241.1 * reiserfs-kmp-default-5.3.18-150300.59.241.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.241.1 * kernel-default-devel-5.3.18-150300.59.241.1 * ocfs2-kmp-default-5.3.18-150300.59.241.1 * kernel-default-extra-5.3.18-150300.59.241.1 * kernel-default-debuginfo-5.3.18-150300.59.241.1 * kernel-default-livepatch-5.3.18-150300.59.241.1 * dlm-kmp-default-5.3.18-150300.59.241.1 * kernel-default-base-rebuild-5.3.18-150300.59.241.1.150300.18.144.1 * kernel-obs-build-5.3.18-150300.59.241.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.241.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.241.1 * kernel-syms-5.3.18-150300.59.241.1 * gfs2-kmp-default-5.3.18-150300.59.241.1 * kernel-default-extra-debuginfo-5.3.18-150300.59.241.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.241.1 * kernel-default-base-5.3.18-150300.59.241.1.150300.18.144.1 * kernel-default-optional-debuginfo-5.3.18-150300.59.241.1 * kernel-obs-qa-5.3.18-150300.59.241.1 * kselftests-kmp-default-debuginfo-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-default-livepatch-devel-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (nosrc ppc64le x86_64) * kernel-kvmsmall-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (ppc64le x86_64) * kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.241.1 * kernel-kvmsmall-debugsource-5.3.18-150300.59.241.1 * kernel-kvmsmall-debuginfo-5.3.18-150300.59.241.1 * kernel-kvmsmall-devel-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (aarch64 x86_64) * dlm-kmp-preempt-debuginfo-5.3.18-150300.59.241.1 * kselftests-kmp-preempt-5.3.18-150300.59.241.1 * ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.241.1 * gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.241.1 * kernel-preempt-extra-debuginfo-5.3.18-150300.59.241.1 * reiserfs-kmp-preempt-5.3.18-150300.59.241.1 * kernel-preempt-optional-debuginfo-5.3.18-150300.59.241.1 * cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.241.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.241.1 * reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.241.1 * dlm-kmp-preempt-5.3.18-150300.59.241.1 * kernel-preempt-optional-5.3.18-150300.59.241.1 * kernel-preempt-debuginfo-5.3.18-150300.59.241.1 * kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.241.1 * gfs2-kmp-preempt-5.3.18-150300.59.241.1 * ocfs2-kmp-preempt-5.3.18-150300.59.241.1 * kernel-preempt-devel-5.3.18-150300.59.241.1 * kernel-preempt-extra-5.3.18-150300.59.241.1 * kernel-preempt-debugsource-5.3.18-150300.59.241.1 * cluster-md-kmp-preempt-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.241.1 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (nosrc) * dtb-aarch64-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (aarch64) * dtb-altera-5.3.18-150300.59.241.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.241.1 * reiserfs-kmp-64kb-5.3.18-150300.59.241.1 * dtb-arm-5.3.18-150300.59.241.1 * dtb-renesas-5.3.18-150300.59.241.1 * dtb-sprd-5.3.18-150300.59.241.1 * dtb-rockchip-5.3.18-150300.59.241.1 * dtb-exynos-5.3.18-150300.59.241.1 * dtb-zte-5.3.18-150300.59.241.1 * reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.241.1 * kernel-64kb-extra-5.3.18-150300.59.241.1 * dtb-hisilicon-5.3.18-150300.59.241.1 * dtb-nvidia-5.3.18-150300.59.241.1 * kernel-64kb-debugsource-5.3.18-150300.59.241.1 * dtb-amlogic-5.3.18-150300.59.241.1 * dtb-mediatek-5.3.18-150300.59.241.1 * dtb-amd-5.3.18-150300.59.241.1 * kernel-64kb-optional-debuginfo-5.3.18-150300.59.241.1 * dtb-qcom-5.3.18-150300.59.241.1 * dtb-socionext-5.3.18-150300.59.241.1 * dlm-kmp-64kb-debuginfo-5.3.18-150300.59.241.1 * cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.241.1 * dlm-kmp-64kb-5.3.18-150300.59.241.1 * kernel-64kb-extra-debuginfo-5.3.18-150300.59.241.1 * dtb-freescale-5.3.18-150300.59.241.1 * kernel-64kb-devel-5.3.18-150300.59.241.1 * gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.241.1 * ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.241.1 * kernel-64kb-debuginfo-5.3.18-150300.59.241.1 * dtb-cavium-5.3.18-150300.59.241.1 * dtb-lg-5.3.18-150300.59.241.1 * cluster-md-kmp-64kb-5.3.18-150300.59.241.1 * kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.241.1 * dtb-al-5.3.18-150300.59.241.1 * dtb-marvell-5.3.18-150300.59.241.1 * ocfs2-kmp-64kb-5.3.18-150300.59.241.1 * gfs2-kmp-64kb-5.3.18-150300.59.241.1 * dtb-broadcom-5.3.18-150300.59.241.1 * kselftests-kmp-64kb-5.3.18-150300.59.241.1 * dtb-allwinner-5.3.18-150300.59.241.1 * dtb-xilinx-5.3.18-150300.59.241.1 * kernel-64kb-optional-5.3.18-150300.59.241.1 * dtb-apm-5.3.18-150300.59.241.1 * openSUSE Leap 15.3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.241.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.241.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.241.1.150300.18.144.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.241.1 * kernel-default-debuginfo-5.3.18-150300.59.241.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * kernel-macros-5.3.18-150300.59.241.1 * kernel-source-5.3.18-150300.59.241.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.241.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.241.1.150300.18.144.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.241.1 * kernel-default-debuginfo-5.3.18-150300.59.241.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * kernel-macros-5.3.18-150300.59.241.1 * kernel-source-5.3.18-150300.59.241.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38234.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://bugzilla.suse.com/show_bug.cgi?id=1246057 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 16:30:36 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 16:30:36 -0000 Subject: SUSE-RU-2026:1341-1: moderate: Recommended update for wxWidgets-3_0 Message-ID: <177627063691.2041.8073066811722172981@6fd1d05cebf0> # Recommended update for wxWidgets-3_0 Announcement ID: SUSE-RU-2026:1341-1 Release Date: 2026-04-15T08:18:23Z Rating: moderate References: * bsc#1260578 Affected Products: * openSUSE Leap 15.6 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that has one fix can now be installed. ## Description: This update for wxWidgets-3_0 fixes the following issues: * Included wxWidgets-lang and libwx_baseu-suse3_0_5 in PackageHub (no source changes) (bsc#1260578) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1341=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1341=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1341=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libwx_baseu-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_gl-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_qa-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_html-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_aui-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_gl-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_richtext-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_baseu_net-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_stc-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_ribbon-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_core-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_baseu-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * wxWidgets-3_0-devel-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_propgrid-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * wxWidgets-3_0-plugin-sound_sdlu-3_0-debuginfo-3.0.5.1-150200.11.9.1 * wxWidgets-3_0-devel-3.0.5.1-150200.11.9.1 * wxWidgets-3_0-plugin-sound_sdlu-3_0-3.0.5.1-150200.11.9.1 * libwx_gtk2u_adv-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_baseu_xml-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_media-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_qa-suse3_0_5-3.0.5.1-150200.11.9.1 * wxWidgets-3_0-debugsource-3.0.5.1-150200.11.9.1 * libwx_gtk2u_adv-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_ribbon-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_stc-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_aui-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_baseu_net-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_propgrid-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_richtext-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_baseu_xml-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_media-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_html-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_xrc-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_xrc-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_core-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * openSUSE Leap 15.6 (x86_64) * libwx_baseu_xml-suse3_0_5-32bit-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_richtext-suse3_0_5-32bit-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_propgrid-suse3_0_5-32bit-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_qa-suse3_0_5-32bit-3.0.5.1-150200.11.9.1 * libwx_gtk2u_adv-suse3_0_5-32bit-3.0.5.1-150200.11.9.1 * libwx_gtk2u_qa-suse3_0_5-32bit-debuginfo-3.0.5.1-150200.11.9.1 * libwx_baseu_net-suse3_0_5-32bit-3.0.5.1-150200.11.9.1 * libwx_gtk2u_aui-suse3_0_5-32bit-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_ribbon-suse3_0_5-32bit-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_richtext-suse3_0_5-32bit-3.0.5.1-150200.11.9.1 * libwx_baseu-suse3_0_5-32bit-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_stc-suse3_0_5-32bit-3.0.5.1-150200.11.9.1 * libwx_gtk2u_xrc-suse3_0_5-32bit-3.0.5.1-150200.11.9.1 * wxWidgets-3_0-plugin-sound_sdlu-3_0-32bit-3.0.5.1-150200.11.9.1 * wxWidgets-3_0-plugin-sound_sdlu-3_0-32bit-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_stc-suse3_0_5-32bit-debuginfo-3.0.5.1-150200.11.9.1 * libwx_baseu-suse3_0_5-32bit-3.0.5.1-150200.11.9.1 * libwx_gtk2u_ribbon-suse3_0_5-32bit-3.0.5.1-150200.11.9.1 * libwx_gtk2u_html-suse3_0_5-32bit-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_aui-suse3_0_5-32bit-3.0.5.1-150200.11.9.1 * libwx_gtk2u_core-suse3_0_5-32bit-3.0.5.1-150200.11.9.1 * libwx_gtk2u_html-suse3_0_5-32bit-3.0.5.1-150200.11.9.1 * wxWidgets-3_0-devel-32bit-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_adv-suse3_0_5-32bit-debuginfo-3.0.5.1-150200.11.9.1 * wxWidgets-3_0-devel-32bit-3.0.5.1-150200.11.9.1 * libwx_gtk2u_xrc-suse3_0_5-32bit-debuginfo-3.0.5.1-150200.11.9.1 * libwx_baseu_net-suse3_0_5-32bit-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_media-suse3_0_5-32bit-3.0.5.1-150200.11.9.1 * libwx_gtk2u_media-suse3_0_5-32bit-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_gl-suse3_0_5-32bit-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_propgrid-suse3_0_5-32bit-3.0.5.1-150200.11.9.1 * libwx_baseu_xml-suse3_0_5-32bit-3.0.5.1-150200.11.9.1 * libwx_gtk2u_gl-suse3_0_5-32bit-3.0.5.1-150200.11.9.1 * libwx_gtk2u_core-suse3_0_5-32bit-debuginfo-3.0.5.1-150200.11.9.1 * openSUSE Leap 15.6 (noarch) * wxWidgets-lang-3.0.5.1-150200.11.9.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * libwx_baseu-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_gl-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_html-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_aui-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_gl-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_baseu_net-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_stc-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_core-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_adv-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_baseu_xml-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_media-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * wxWidgets-3_0-debugsource-3.0.5.1-150200.11.9.1 * libwx_gtk2u_adv-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_stc-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_aui-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_baseu_net-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_baseu_xml-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_media-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_html-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_xrc-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_xrc-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * libwx_gtk2u_core-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * SUSE Package Hub 15 15-SP7 (noarch) * wxWidgets-lang-3.0.5.1-150200.11.9.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libwx_baseu-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_gtk2u_core-suse3_0_5-3.0.5.1-150200.11.9.1 * libwx_baseu-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 * wxWidgets-3_0-debugsource-3.0.5.1-150200.11.9.1 * libwx_gtk2u_core-suse3_0_5-debuginfo-3.0.5.1-150200.11.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1260578 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 16:30:41 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 16:30:41 -0000 Subject: SUSE-RU-2026:1340-1: moderate: Recommended update for release-notes-sles Message-ID: <177627064104.2041.8924468842457484248@6fd1d05cebf0> # Recommended update for release-notes-sles Announcement ID: SUSE-RU-2026:1340-1 Release Date: 2026-04-15T08:01:40Z Rating: moderate References: * bsc#1212186 * bsc#933411 * jsc#PED-10574 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains one feature and has two fixes can now be installed. ## Description: This update for release-notes-sles fixes the following issues: * Update to version 15.5.20260227 (bsc#933411) * Added note about libmfx being removed (jsc#PED-10574) * Updated note to say that AArch64 supports both 4K and 64K block sizes (bsc#1212186) * Updated image filenames (jsc#DOCTEAM-1068) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1340=1 * SUSE Linux Enterprise High Performance Computing 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-1340=1 * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-1340=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-1340=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2026-1340=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1340=1 ## Package List: * openSUSE Leap 15.5 (noarch) * release-notes-sles-15.5.20260227-150500.3.32.1 * SUSE Linux Enterprise High Performance Computing 15 SP5 (noarch) * release-notes-sles-15.5.20260227-150500.3.32.1 * SUSE Linux Enterprise Server 15 SP5 (noarch) * release-notes-sles-15.5.20260227-150500.3.32.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * release-notes-sles-15.5.20260227-150500.3.32.1 * SUSE Linux Enterprise Desktop 15 SP5 (noarch) * release-notes-sles-15.5.20260227-150500.3.32.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * release-notes-sles-15.5.20260227-150500.3.32.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212186 * https://bugzilla.suse.com/show_bug.cgi?id=933411 * https://jira.suse.com/browse/PED-10574 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:30:16 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:30:16 -0000 Subject: SUSE-SU-2026:1371-1: important: Security update for nodejs20 Message-ID: <177628501686.2815.13508267319191784085@6fd1d05cebf0> # Security update for nodejs20 Announcement ID: SUSE-SU-2026:1371-1 Release Date: 2026-04-15T14:46:55Z Rating: important References: * bsc#1256576 * bsc#1260455 * bsc#1260462 * bsc#1260463 * bsc#1260480 * bsc#1260482 * bsc#1260494 Cross-References: * CVE-2026-21637 * CVE-2026-21710 * CVE-2026-21713 * CVE-2026-21714 * CVE-2026-21715 * CVE-2026-21716 * CVE-2026-21717 CVSS scores: * CVE-2026-21637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21713 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21714 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21715 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21716 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21716 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21717 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for nodejs20 fixes the following issues: Update to version 20.20.2. * CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request (bsc#1260494). * CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file permissions and ownership on already-open file descriptors (bsc#1260462). * CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482). * CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480). * CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and potential MAC forgery (bsc#1260463). * CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455). * CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1371=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1371=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1371=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1371=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1371=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * corepack20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * openSUSE Leap 15.5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21637.html * https://www.suse.com/security/cve/CVE-2026-21710.html * https://www.suse.com/security/cve/CVE-2026-21713.html * https://www.suse.com/security/cve/CVE-2026-21714.html * https://www.suse.com/security/cve/CVE-2026-21715.html * https://www.suse.com/security/cve/CVE-2026-21716.html * https://www.suse.com/security/cve/CVE-2026-21717.html * https://bugzilla.suse.com/show_bug.cgi?id=1256576 * https://bugzilla.suse.com/show_bug.cgi?id=1260455 * https://bugzilla.suse.com/show_bug.cgi?id=1260462 * https://bugzilla.suse.com/show_bug.cgi?id=1260463 * https://bugzilla.suse.com/show_bug.cgi?id=1260480 * https://bugzilla.suse.com/show_bug.cgi?id=1260482 * https://bugzilla.suse.com/show_bug.cgi?id=1260494 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:30:37 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:30:37 -0000 Subject: SUSE-SU-2026:1370-1: moderate: Security update for util-linux Message-ID: <177628503704.2815.375972675018131910@6fd1d05cebf0> # Security update for util-linux Announcement ID: SUSE-SU-2026:1370-1 Release Date: 2026-04-15T14:44:53Z Rating: moderate References: * bsc#1258859 Cross-References: * CVE-2026-3184 CVSS scores: * CVE-2026-3184 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-3184 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-3184 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for util-linux fixes the following issues: * CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for "login -h" (bsc#1258859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1370=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libuuid1-32bit-2.33.2-4.51.1 * libmount-devel-2.33.2-4.51.1 * libblkid1-debuginfo-2.33.2-4.51.1 * libuuid1-2.33.2-4.51.1 * libuuid-devel-2.33.2-4.51.1 * uuidd-2.33.2-4.51.1 * util-linux-2.33.2-4.51.1 * libblkid1-2.33.2-4.51.1 * python-libmount-debuginfo-2.33.2-4.51.2 * libmount1-debuginfo-32bit-2.33.2-4.51.1 * util-linux-debugsource-2.33.2-4.51.1 * uuidd-debuginfo-2.33.2-4.51.1 * libblkid1-32bit-2.33.2-4.51.1 * libblkid1-debuginfo-32bit-2.33.2-4.51.1 * libfdisk1-debuginfo-2.33.2-4.51.1 * libmount1-32bit-2.33.2-4.51.1 * util-linux-debuginfo-2.33.2-4.51.1 * libuuid1-debuginfo-2.33.2-4.51.1 * libblkid-devel-2.33.2-4.51.1 * python-libmount-2.33.2-4.51.2 * python-libmount-debugsource-2.33.2-4.51.2 * libuuid1-debuginfo-32bit-2.33.2-4.51.1 * libmount1-2.33.2-4.51.1 * libmount1-debuginfo-2.33.2-4.51.1 * util-linux-systemd-2.33.2-4.51.1 * libsmartcols-devel-2.33.2-4.51.1 * libsmartcols1-2.33.2-4.51.1 * libfdisk1-2.33.2-4.51.1 * util-linux-systemd-debugsource-2.33.2-4.51.1 * util-linux-systemd-debuginfo-2.33.2-4.51.1 * libsmartcols1-debuginfo-2.33.2-4.51.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * util-linux-lang-2.33.2-4.51.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3184.html * https://bugzilla.suse.com/show_bug.cgi?id=1258859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:30:41 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:30:41 -0000 Subject: SUSE-SU-2026:1369-1: moderate: Security update for glibc Message-ID: <177628504172.2815.14983998309055038677@6fd1d05cebf0> # Security update for glibc Announcement ID: SUSE-SU-2026:1369-1 Release Date: 2026-04-15T14:43:10Z Rating: moderate References: * bsc#1260078 * bsc#1260082 Cross-References: * CVE-2026-4437 * CVE-2026-4438 CVSS scores: * CVE-2026-4437 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4437 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4437 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4438 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4438 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for glibc fixes the following issues: * CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). * CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1369=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1369=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1369=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1369=1 openSUSE-SLE-15.6-2026-1369=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1369=1 ## Package List: * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * glibc-utils-2.38-150600.14.46.1 * glibc-devel-static-2.38-150600.14.46.1 * glibc-debuginfo-2.38-150600.14.46.1 * glibc-utils-src-debugsource-2.38-150600.14.46.1 * glibc-debugsource-2.38-150600.14.46.1 * glibc-utils-debuginfo-2.38-150600.14.46.1 * Development Tools Module 15-SP7 (x86_64) * glibc-32bit-debuginfo-2.38-150600.14.46.1 * glibc-devel-32bit-2.38-150600.14.46.1 * glibc-devel-32bit-debuginfo-2.38-150600.14.46.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libnsl1-debuginfo-2.38-150600.14.46.1 * glibc-utils-2.38-150600.14.46.1 * glibc-2.38-150600.14.46.1 * glibc-extra-2.38-150600.14.46.1 * glibc-devel-static-2.38-150600.14.46.1 * nscd-2.38-150600.14.46.1 * glibc-debuginfo-2.38-150600.14.46.1 * glibc-extra-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-2.38-150600.14.46.1 * glibc-utils-src-debugsource-2.38-150600.14.46.1 * glibc-devel-2.38-150600.14.46.1 * glibc-profile-2.38-150600.14.46.1 * libnsl1-2.38-150600.14.46.1 * nscd-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-debuginfo-2.38-150600.14.46.1 * glibc-locale-2.38-150600.14.46.1 * glibc-debugsource-2.38-150600.14.46.1 * glibc-devel-debuginfo-2.38-150600.14.46.1 * glibc-utils-debuginfo-2.38-150600.14.46.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * glibc-info-2.38-150600.14.46.1 * glibc-i18ndata-2.38-150600.14.46.1 * glibc-lang-2.38-150600.14.46.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libnsl1-32bit-debuginfo-2.38-150600.14.46.1 * libnsl1-32bit-2.38-150600.14.46.1 * glibc-locale-base-32bit-2.38-150600.14.46.1 * glibc-devel-32bit-2.38-150600.14.46.1 * glibc-locale-base-32bit-debuginfo-2.38-150600.14.46.1 * glibc-devel-32bit-debuginfo-2.38-150600.14.46.1 * glibc-32bit-2.38-150600.14.46.1 * glibc-32bit-debuginfo-2.38-150600.14.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libnsl1-debuginfo-2.38-150600.14.46.1 * glibc-utils-2.38-150600.14.46.1 * glibc-2.38-150600.14.46.1 * glibc-extra-2.38-150600.14.46.1 * glibc-devel-static-2.38-150600.14.46.1 * nscd-2.38-150600.14.46.1 * glibc-debuginfo-2.38-150600.14.46.1 * glibc-extra-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-2.38-150600.14.46.1 * glibc-utils-src-debugsource-2.38-150600.14.46.1 * glibc-devel-2.38-150600.14.46.1 * glibc-profile-2.38-150600.14.46.1 * libnsl1-2.38-150600.14.46.1 * nscd-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-debuginfo-2.38-150600.14.46.1 * glibc-locale-2.38-150600.14.46.1 * glibc-debugsource-2.38-150600.14.46.1 * glibc-devel-debuginfo-2.38-150600.14.46.1 * glibc-utils-debuginfo-2.38-150600.14.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * glibc-info-2.38-150600.14.46.1 * glibc-i18ndata-2.38-150600.14.46.1 * glibc-lang-2.38-150600.14.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libnsl1-32bit-debuginfo-2.38-150600.14.46.1 * libnsl1-32bit-2.38-150600.14.46.1 * glibc-locale-base-32bit-2.38-150600.14.46.1 * glibc-devel-32bit-2.38-150600.14.46.1 * glibc-locale-base-32bit-debuginfo-2.38-150600.14.46.1 * glibc-devel-32bit-debuginfo-2.38-150600.14.46.1 * glibc-32bit-2.38-150600.14.46.1 * glibc-32bit-debuginfo-2.38-150600.14.46.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586 i686) * libnsl1-debuginfo-2.38-150600.14.46.1 * glibc-2.38-150600.14.46.1 * glibc-devel-static-2.38-150600.14.46.1 * glibc-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-2.38-150600.14.46.1 * libnsl1-2.38-150600.14.46.1 * glibc-devel-2.38-150600.14.46.1 * glibc-profile-2.38-150600.14.46.1 * glibc-locale-base-debuginfo-2.38-150600.14.46.1 * glibc-locale-2.38-150600.14.46.1 * glibc-debugsource-2.38-150600.14.46.1 * glibc-devel-debuginfo-2.38-150600.14.46.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * glibc-utils-2.38-150600.14.46.1 * glibc-extra-2.38-150600.14.46.1 * nscd-2.38-150600.14.46.1 * glibc-extra-debuginfo-2.38-150600.14.46.1 * nscd-debuginfo-2.38-150600.14.46.1 * glibc-utils-src-debugsource-2.38-150600.14.46.1 * glibc-utils-debuginfo-2.38-150600.14.46.1 * openSUSE Leap 15.6 (noarch) * glibc-lang-2.38-150600.14.46.1 * glibc-info-2.38-150600.14.46.1 * glibc-i18ndata-2.38-150600.14.46.1 * glibc-html-2.38-150600.14.46.1 * openSUSE Leap 15.6 (x86_64) * libnsl1-32bit-debuginfo-2.38-150600.14.46.1 * libnsl1-32bit-2.38-150600.14.46.1 * glibc-utils-32bit-2.38-150600.14.46.1 * glibc-profile-32bit-2.38-150600.14.46.1 * glibc-locale-base-32bit-2.38-150600.14.46.1 * glibc-utils-32bit-debuginfo-2.38-150600.14.46.1 * glibc-devel-32bit-2.38-150600.14.46.1 * glibc-devel-static-32bit-2.38-150600.14.46.1 * glibc-devel-32bit-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-32bit-debuginfo-2.38-150600.14.46.1 * glibc-32bit-2.38-150600.14.46.1 * glibc-32bit-debuginfo-2.38-150600.14.46.1 * openSUSE Leap 15.6 (aarch64_ilp32) * glibc-profile-64bit-2.38-150600.14.46.1 * glibc-64bit-debuginfo-2.38-150600.14.46.1 * glibc-devel-64bit-2.38-150600.14.46.1 * libnsl1-64bit-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-64bit-debuginfo-2.38-150600.14.46.1 * glibc-utils-64bit-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-64bit-2.38-150600.14.46.1 * glibc-devel-static-64bit-2.38-150600.14.46.1 * glibc-devel-64bit-debuginfo-2.38-150600.14.46.1 * glibc-64bit-2.38-150600.14.46.1 * libnsl1-64bit-2.38-150600.14.46.1 * glibc-utils-64bit-2.38-150600.14.46.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libnsl1-debuginfo-2.38-150600.14.46.1 * glibc-2.38-150600.14.46.1 * glibc-extra-2.38-150600.14.46.1 * nscd-2.38-150600.14.46.1 * glibc-debuginfo-2.38-150600.14.46.1 * glibc-extra-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-2.38-150600.14.46.1 * libnsl1-2.38-150600.14.46.1 * glibc-devel-2.38-150600.14.46.1 * glibc-profile-2.38-150600.14.46.1 * nscd-debuginfo-2.38-150600.14.46.1 * glibc-locale-base-debuginfo-2.38-150600.14.46.1 * glibc-locale-2.38-150600.14.46.1 * glibc-debugsource-2.38-150600.14.46.1 * glibc-devel-debuginfo-2.38-150600.14.46.1 * Basesystem Module 15-SP7 (noarch) * glibc-info-2.38-150600.14.46.1 * glibc-i18ndata-2.38-150600.14.46.1 * glibc-lang-2.38-150600.14.46.1 * Basesystem Module 15-SP7 (x86_64) * libnsl1-32bit-debuginfo-2.38-150600.14.46.1 * libnsl1-32bit-2.38-150600.14.46.1 * glibc-locale-base-32bit-2.38-150600.14.46.1 * glibc-locale-base-32bit-debuginfo-2.38-150600.14.46.1 * glibc-32bit-2.38-150600.14.46.1 * glibc-32bit-debuginfo-2.38-150600.14.46.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4437.html * https://www.suse.com/security/cve/CVE-2026-4438.html * https://bugzilla.suse.com/show_bug.cgi?id=1260078 * https://bugzilla.suse.com/show_bug.cgi?id=1260082 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:30:46 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:30:46 -0000 Subject: SUSE-SU-2026:1368-1: important: Security update for libpng16 Message-ID: <177628504625.2815.2622360768519777018@6fd1d05cebf0> # Security update for libpng16 Announcement ID: SUSE-SU-2026:1368-1 Release Date: 2026-04-15T14:35:40Z Rating: important References: * bsc#1260754 * bsc#1260755 Cross-References: * CVE-2026-33416 * CVE-2026-33636 CVSS scores: * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-33636 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-33636 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-33636 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for libpng16 fixes the following issues: * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). * CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1368=1 openSUSE-SLE-15.6-2026-1368=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1368=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1368=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1368=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libpng16-compat-devel-1.6.40-150600.3.17.1 * libpng16-devel-1.6.40-150600.3.17.1 * libpng16-debugsource-1.6.40-150600.3.17.1 * libpng16-16-debuginfo-1.6.40-150600.3.17.1 * libpng16-tools-1.6.40-150600.3.17.1 * libpng16-tools-debuginfo-1.6.40-150600.3.17.1 * libpng16-16-1.6.40-150600.3.17.1 * openSUSE Leap 15.6 (x86_64) * libpng16-16-32bit-1.6.40-150600.3.17.1 * libpng16-compat-devel-32bit-1.6.40-150600.3.17.1 * libpng16-devel-32bit-1.6.40-150600.3.17.1 * libpng16-16-32bit-debuginfo-1.6.40-150600.3.17.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libpng16-16-64bit-debuginfo-1.6.40-150600.3.17.1 * libpng16-16-64bit-1.6.40-150600.3.17.1 * libpng16-compat-devel-64bit-1.6.40-150600.3.17.1 * libpng16-devel-64bit-1.6.40-150600.3.17.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libpng16-compat-devel-1.6.40-150600.3.17.1 * libpng16-devel-1.6.40-150600.3.17.1 * libpng16-debugsource-1.6.40-150600.3.17.1 * libpng16-16-debuginfo-1.6.40-150600.3.17.1 * libpng16-16-1.6.40-150600.3.17.1 * Basesystem Module 15-SP7 (x86_64) * libpng16-16-32bit-1.6.40-150600.3.17.1 * libpng16-16-32bit-debuginfo-1.6.40-150600.3.17.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libpng16-compat-devel-1.6.40-150600.3.17.1 * libpng16-devel-1.6.40-150600.3.17.1 * libpng16-debugsource-1.6.40-150600.3.17.1 * libpng16-16-debuginfo-1.6.40-150600.3.17.1 * libpng16-16-1.6.40-150600.3.17.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libpng16-16-32bit-1.6.40-150600.3.17.1 * libpng16-16-32bit-debuginfo-1.6.40-150600.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libpng16-compat-devel-1.6.40-150600.3.17.1 * libpng16-devel-1.6.40-150600.3.17.1 * libpng16-debugsource-1.6.40-150600.3.17.1 * libpng16-16-debuginfo-1.6.40-150600.3.17.1 * libpng16-16-1.6.40-150600.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libpng16-16-32bit-1.6.40-150600.3.17.1 * libpng16-16-32bit-debuginfo-1.6.40-150600.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://www.suse.com/security/cve/CVE-2026-33636.html * https://bugzilla.suse.com/show_bug.cgi?id=1260754 * https://bugzilla.suse.com/show_bug.cgi?id=1260755 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:30:51 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:30:51 -0000 Subject: SUSE-SU-2026:1367-1: important: Security update for mariadb Message-ID: <177628505177.2815.3062392447888095934@6fd1d05cebf0> # Security update for mariadb Announcement ID: SUSE-SU-2026:1367-1 Release Date: 2026-04-15T14:34:12Z Rating: important References: * bsc#1260081 Cross-References: * CVE-2026-32710 CVSS scores: * CVE-2026-32710 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-32710 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-32710 ( NVD ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-32710 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * Galera for Ericsson 15 SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for mariadb fixes the following issues: Update to version 11.8.6. * https://mariadb.com/docs/release-notes/community-server/11.8/11.8.6 * https://mariadb.com/docs/release-notes/community- server/changelogs/11.8/11.8.6 Security issues fixed: * CVE-2026-32710: heap-based buffer overflow via `JSON_SCHEMA_VALID()` can lead to crash or remote code execution (bsc#1260081). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1367=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1367=1 * Galera for Ericsson 15 SP7 zypper in -t patch SUSE-SLE-Product-SLES-15-SP7-ERICSSON-2026-1367=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * mariadb-debugsource-11.8.6-150700.3.12.1 * mariadb-debuginfo-11.8.6-150700.3.12.1 * mariadb-galera-11.8.6-150700.3.12.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libmariadbd-devel-11.8.6-150700.3.12.1 * mariadb-client-11.8.6-150700.3.12.1 * mariadb-debugsource-11.8.6-150700.3.12.1 * mariadb-debuginfo-11.8.6-150700.3.12.1 * mariadb-11.8.6-150700.3.12.1 * libmariadbd19-11.8.6-150700.3.12.1 * mariadb-client-debuginfo-11.8.6-150700.3.12.1 * mariadb-tools-11.8.6-150700.3.12.1 * mariadb-tools-debuginfo-11.8.6-150700.3.12.1 * libmariadbd19-debuginfo-11.8.6-150700.3.12.1 * Server Applications Module 15-SP7 (noarch) * mariadb-errormessages-11.8.6-150700.3.12.1 * Galera for Ericsson 15 SP7 (x86_64) * mariadb-debugsource-11.8.6-150700.3.12.1 * mariadb-debuginfo-11.8.6-150700.3.12.1 * mariadb-galera-11.8.6-150700.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32710.html * https://bugzilla.suse.com/show_bug.cgi?id=1260081 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:30:54 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:30:54 -0000 Subject: SUSE-SU-2026:1366-1: important: Security update for bind Message-ID: <177628505495.2815.4804297387577965119@6fd1d05cebf0> # Security update for bind Announcement ID: SUSE-SU-2026:1366-1 Release Date: 2026-04-15T14:33:07Z Rating: important References: * bsc#1260805 Cross-References: * CVE-2026-1519 CVSS scores: * CVE-2026-1519 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-1519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.3 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for bind fixes the following issues: * CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1366=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1366=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1366=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1366=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * libirs-devel-9.16.6-150300.22.56.1 * libns1604-debuginfo-9.16.6-150300.22.56.1 * libisccfg1600-debuginfo-9.16.6-150300.22.56.1 * libns1604-9.16.6-150300.22.56.1 * libirs1601-debuginfo-9.16.6-150300.22.56.1 * libisccfg1600-9.16.6-150300.22.56.1 * libisc1606-9.16.6-150300.22.56.1 * bind-9.16.6-150300.22.56.1 * bind-devel-9.16.6-150300.22.56.1 * libisccc1600-9.16.6-150300.22.56.1 * libisccc1600-debuginfo-9.16.6-150300.22.56.1 * libirs1601-9.16.6-150300.22.56.1 * libisc1606-debuginfo-9.16.6-150300.22.56.1 * libdns1605-debuginfo-9.16.6-150300.22.56.1 * libdns1605-9.16.6-150300.22.56.1 * libbind9-1600-debuginfo-9.16.6-150300.22.56.1 * bind-chrootenv-9.16.6-150300.22.56.1 * bind-utils-9.16.6-150300.22.56.1 * bind-debuginfo-9.16.6-150300.22.56.1 * bind-debugsource-9.16.6-150300.22.56.1 * bind-utils-debuginfo-9.16.6-150300.22.56.1 * libbind9-1600-9.16.6-150300.22.56.1 * openSUSE Leap 15.3 (noarch) * python3-bind-9.16.6-150300.22.56.1 * bind-doc-9.16.6-150300.22.56.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libdns1605-debuginfo-9.16.6-150300.22.56.1 * libirs-devel-9.16.6-150300.22.56.1 * bind-debugsource-9.16.6-150300.22.56.1 * libisccfg1600-debuginfo-9.16.6-150300.22.56.1 * libdns1605-9.16.6-150300.22.56.1 * libirs1601-debuginfo-9.16.6-150300.22.56.1 * libisccfg1600-9.16.6-150300.22.56.1 * libirs1601-9.16.6-150300.22.56.1 * libisc1606-debuginfo-9.16.6-150300.22.56.1 * libisc1606-9.16.6-150300.22.56.1 * bind-debuginfo-9.16.6-150300.22.56.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libdns1605-debuginfo-9.16.6-150300.22.56.1 * libirs-devel-9.16.6-150300.22.56.1 * bind-debugsource-9.16.6-150300.22.56.1 * libisccfg1600-debuginfo-9.16.6-150300.22.56.1 * libdns1605-9.16.6-150300.22.56.1 * libirs1601-debuginfo-9.16.6-150300.22.56.1 * libisccfg1600-9.16.6-150300.22.56.1 * libirs1601-9.16.6-150300.22.56.1 * libisc1606-debuginfo-9.16.6-150300.22.56.1 * libisc1606-9.16.6-150300.22.56.1 * bind-debuginfo-9.16.6-150300.22.56.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libdns1605-debuginfo-9.16.6-150300.22.56.1 * libirs-devel-9.16.6-150300.22.56.1 * bind-debugsource-9.16.6-150300.22.56.1 * libisccfg1600-debuginfo-9.16.6-150300.22.56.1 * libdns1605-9.16.6-150300.22.56.1 * libirs1601-debuginfo-9.16.6-150300.22.56.1 * libisccfg1600-9.16.6-150300.22.56.1 * libirs1601-9.16.6-150300.22.56.1 * libisc1606-debuginfo-9.16.6-150300.22.56.1 * libisc1606-9.16.6-150300.22.56.1 * bind-debuginfo-9.16.6-150300.22.56.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1519.html * https://bugzilla.suse.com/show_bug.cgi?id=1260805 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:30:58 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:30:58 -0000 Subject: SUSE-SU-2026:1365-1: low: Security update for python Message-ID: <177628505826.2815.17751056167978978289@6fd1d05cebf0> # Security update for python Announcement ID: SUSE-SU-2026:1365-1 Release Date: 2026-04-15T14:30:36Z Rating: low References: * bsc#1259989 Cross-References: * CVE-2026-3479 CVSS scores: * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python fixes the following issues: * CVE-2026-3479: improper resource argument validation in `pkgutil.get_data` can allow path traversal (bsc#1259989). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1365=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * python-2.7.18-150000.114.1 * python-base-debuginfo-2.7.18-150000.114.1 * python-debugsource-2.7.18-150000.114.1 * python-base-2.7.18-150000.114.1 * python-xml-debuginfo-2.7.18-150000.114.1 * python-curses-debuginfo-2.7.18-150000.114.1 * libpython2_7-1_0-2.7.18-150000.114.1 * python-gdbm-debuginfo-2.7.18-150000.114.1 * python-xml-2.7.18-150000.114.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.114.1 * python-debuginfo-2.7.18-150000.114.1 * python-gdbm-2.7.18-150000.114.1 * python-base-debugsource-2.7.18-150000.114.1 * python-curses-2.7.18-150000.114.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3479.html * https://bugzilla.suse.com/show_bug.cgi?id=1259989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:31:35 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:31:35 -0000 Subject: SUSE-SU-2026:1364-1: important: Security update for webkit2gtk3 Message-ID: <177628509513.2815.6570206683917166785@6fd1d05cebf0> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2026:1364-1 Release Date: 2026-04-15T14:28:23Z Rating: important References: * bsc#1259934 * bsc#1259935 * bsc#1259936 * bsc#1259937 * bsc#1259938 * bsc#1259939 * bsc#1259940 * bsc#1259941 * bsc#1259942 * bsc#1259943 * bsc#1259944 * bsc#1259945 * bsc#1259946 * bsc#1259947 * bsc#1259948 * bsc#1259949 * bsc#1259950 * bsc#1261172 * bsc#1261173 * bsc#1261174 * bsc#1261175 * bsc#1261176 * bsc#1261177 * bsc#1261178 * bsc#1261179 Cross-References: * CVE-2023-43010 * CVE-2025-31223 * CVE-2025-31277 * CVE-2025-43213 * CVE-2025-43214 * CVE-2025-43433 * CVE-2025-43438 * CVE-2025-43441 * CVE-2025-43457 * CVE-2025-43511 * CVE-2025-46299 * CVE-2026-20608 * CVE-2026-20635 * CVE-2026-20636 * CVE-2026-20643 * CVE-2026-20644 * CVE-2026-20652 * CVE-2026-20664 * CVE-2026-20665 * CVE-2026-20676 * CVE-2026-20691 * CVE-2026-28857 * CVE-2026-28859 * CVE-2026-28861 * CVE-2026-28871 CVSS scores: * CVE-2023-43010 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-43010 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-43010 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31223 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-31223 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31223 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31277 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-31277 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31277 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43213 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43213 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43214 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43214 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43214 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43433 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43433 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43433 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43438 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43438 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43438 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43441 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-43441 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43441 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43457 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43457 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43457 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43511 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43511 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43511 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-46299 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-46299 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-46299 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-20608 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20608 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20608 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20635 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20635 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20635 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-20636 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20636 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20636 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20643 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-20643 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-20644 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20644 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20652 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20652 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20652 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20652 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20664 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20664 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-20665 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-20665 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-20676 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-20676 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-20676 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-20676 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-20691 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-20691 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28857 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28857 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28859 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-28859 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28861 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-28861 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28871 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28871 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 25 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.52.1. Security issues fixed: * CVE-2023-43010: processing maliciously crafted web content may lead to memory corruption (bsc#1259950). * CVE-2025-31223: processing maliciously crafted web content may lead to memory corruption (bsc#1259949). * CVE-2025-31277: processing maliciously crafted web content may lead to memory corruption (bsc#1259948). * CVE-2025-43213: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259947). * CVE-2025-43214: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259946). * CVE-2025-43433: processing maliciously crafted web content may lead to memory corruption (bsc#1259945). * CVE-2025-43438: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259944). * CVE-2025-43441: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259943). * CVE-2025-43457: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259942). * CVE-2025-43511: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259941). * CVE-2025-46299: processing maliciously crafted web content may disclose internal states of an app (bsc#1259940). * CVE-2026-20608: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259939). * CVE-2026-20635: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259938). * CVE-2026-20636: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259937). * CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy (bsc#1261172). * CVE-2026-20644: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259936). * CVE-2026-20652: a remote attacker may be able to cause a denial-of-service (bsc#1259935). * CVE-2026-20664: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1261173). * CVE-2026-20665: processing maliciously crafted web content may prevent Content Security Policy from being enforced (bsc#1261174). * CVE-2026-20676: a website may be able to track users through web extensions (bsc#1259934). * CVE-2026-20691: a maliciously crafted webpage may be able to fingerprint the user (bsc#1261175). * CVE-2026-28857: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1261176). * CVE-2026-28859: a malicious website may be able to process restricted web content outside the sandbox (bsc#1261177). * CVE-2026-28861: a malicious website may be able to access script message handlers intended for other origins (bsc#1261178). * CVE-2026-28871: visiting a maliciously crafted website may lead to a cross- site scripting attack (bsc#1261179). Other updates and bugfixes: * Make scrolling with touch input smoother for small movements. * Fix estimated load progress of downloads when Content-Length value is wrong. * Ensure that "scrollend" events are correctly emitted after scroll animations. * Reduce the amount of useless MPRIS notifications produced by MediaSession when the information about media being played is incomplete. * Support turning off USE_GSTREAMER to configure the build with all multimedia features disabled. * Add Sysprof marks for mouse events. * Fix MediaSession icon for iheart.com not being displayed. * Fix the build with USE_GSTREAMER_GL disabled. * Fix the build with librice version 0.3.0 or newer. * Fix several crashes and rendering issues. * Translation updates: Georgian. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1364=1 openSUSE-SLE-15.6-2026-1364=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1364=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1364=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1364=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1364=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1364=1 ## Package List: * openSUSE Leap 15.6 (noarch) * WebKitGTK-4.0-lang-2.52.1-150600.12.63.1 * WebKitGTK-6.0-lang-2.52.1-150600.12.63.1 * WebKitGTK-4.1-lang-2.52.1-150600.12.63.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * webkit2gtk4-minibrowser-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-debuginfo-2.52.1-150600.12.63.1 * webkit-jsc-6.0-debuginfo-2.52.1-150600.12.63.1 * libwebkitgtk-6_0-4-2.52.1-150600.12.63.1 * webkit2gtk3-soup2-minibrowser-2.52.1-150600.12.63.1 * webkit2gtk4-devel-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-2.52.1-150600.12.63.1 * libjavascriptcoregtk-6_0-1-2.52.1-150600.12.63.1 * webkit2gtk-4_1-injected-bundles-2.52.1-150600.12.63.1 * webkit2gtk-4_0-injected-bundles-2.52.1-150600.12.63.1 * webkit2gtk3-soup2-devel-2.52.1-150600.12.63.1 * webkit2gtk4-debugsource-2.52.1-150600.12.63.1 * webkit-jsc-4-2.52.1-150600.12.63.1 * webkit-jsc-6.0-2.52.1-150600.12.63.1 * webkit2gtk3-soup2-minibrowser-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-2.52.1-150600.12.63.1 * webkit2gtk3-soup2-debugsource-2.52.1-150600.12.63.1 * webkit2gtk3-devel-2.52.1-150600.12.63.1 * webkit2gtk4-minibrowser-2.52.1-150600.12.63.1 * webkit-jsc-4.1-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2-4_1-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.1-150600.12.63.1 * webkit-jsc-4-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-WebKit-6_0-2.52.1-150600.12.63.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-150600.12.63.1 * webkit-jsc-4.1-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-6_0-2.52.1-150600.12.63.1 * webkitgtk-6_0-injected-bundles-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.1-150600.12.63.1 * webkit2gtk3-minibrowser-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2WebExtension-4_0-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2-4_0-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-4_1-2.52.1-150600.12.63.1 * libwebkitgtk-6_0-4-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-4_0-2.52.1-150600.12.63.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-150600.12.63.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-2.52.1-150600.12.63.1 * webkit2gtk3-debugsource-2.52.1-150600.12.63.1 * webkit2gtk3-minibrowser-debuginfo-2.52.1-150600.12.63.1 * openSUSE Leap 15.6 (x86_64) * libwebkit2gtk-4_1-0-32bit-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-32bit-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-32bit-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-32bit-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.52.1-150600.12.63.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libwebkit2gtk-4_0-37-64bit-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-64bit-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-64bit-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-64bit-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-64bit-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.52.1-150600.12.63.1 * Basesystem Module 15-SP7 (noarch) * WebKitGTK-4.0-lang-2.52.1-150600.12.63.1 * WebKitGTK-6.0-lang-2.52.1-150600.12.63.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-soup2-devel-2.52.1-150600.12.63.1 * libwebkitgtk-6_0-4-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-2.52.1-150600.12.63.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-debuginfo-2.52.1-150600.12.63.1 * webkit2gtk4-debugsource-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-4_0-2.52.1-150600.12.63.1 * webkitgtk-6_0-injected-bundles-2.52.1-150600.12.63.1 * libwebkitgtk-6_0-4-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-2.52.1-150600.12.63.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-150600.12.63.1 * webkit2gtk3-soup2-debugsource-2.52.1-150600.12.63.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-6_0-1-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.1-150600.12.63.1 * webkit2gtk-4_0-injected-bundles-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2WebExtension-4_0-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2-4_0-2.52.1-150600.12.63.1 * Desktop Applications Module 15-SP7 (noarch) * WebKitGTK-4.1-lang-2.52.1-150600.12.63.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * typelib-1_0-JavaScriptCore-4_1-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.1-150600.12.63.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-2.52.1-150600.12.63.1 * webkit2gtk3-debugsource-2.52.1-150600.12.63.1 * webkit2gtk3-devel-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2-4_1-2.52.1-150600.12.63.1 * webkit2gtk-4_1-injected-bundles-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.1-150600.12.63.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit-6_0-2.52.1-150600.12.63.1 * webkit2gtk4-debugsource-2.52.1-150600.12.63.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-6_0-2.52.1-150600.12.63.1 * webkit2gtk4-devel-2.52.1-150600.12.63.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * WebKitGTK-4.0-lang-2.52.1-150600.12.63.1 * WebKitGTK-6.0-lang-2.52.1-150600.12.63.1 * WebKitGTK-4.1-lang-2.52.1-150600.12.63.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-debuginfo-2.52.1-150600.12.63.1 * libwebkitgtk-6_0-4-2.52.1-150600.12.63.1 * webkit2gtk4-devel-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-2.52.1-150600.12.63.1 * libjavascriptcoregtk-6_0-1-2.52.1-150600.12.63.1 * webkit2gtk-4_0-injected-bundles-2.52.1-150600.12.63.1 * webkit2gtk-4_1-injected-bundles-2.52.1-150600.12.63.1 * webkit2gtk3-soup2-devel-2.52.1-150600.12.63.1 * webkit2gtk4-debugsource-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-2.52.1-150600.12.63.1 * webkit2gtk3-soup2-debugsource-2.52.1-150600.12.63.1 * webkit2gtk3-devel-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2-4_1-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-WebKit-6_0-2.52.1-150600.12.63.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-6_0-2.52.1-150600.12.63.1 * webkitgtk-6_0-injected-bundles-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2WebExtension-4_0-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2-4_0-2.52.1-150600.12.63.1 * libwebkitgtk-6_0-4-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-4_1-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-4_0-2.52.1-150600.12.63.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-150600.12.63.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-2.52.1-150600.12.63.1 * webkit2gtk3-debugsource-2.52.1-150600.12.63.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * WebKitGTK-4.0-lang-2.52.1-150600.12.63.1 * WebKitGTK-6.0-lang-2.52.1-150600.12.63.1 * WebKitGTK-4.1-lang-2.52.1-150600.12.63.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-debuginfo-2.52.1-150600.12.63.1 * libwebkitgtk-6_0-4-2.52.1-150600.12.63.1 * webkit2gtk4-devel-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-2.52.1-150600.12.63.1 * libjavascriptcoregtk-6_0-1-2.52.1-150600.12.63.1 * webkit2gtk-4_0-injected-bundles-2.52.1-150600.12.63.1 * webkit2gtk-4_1-injected-bundles-2.52.1-150600.12.63.1 * webkit2gtk3-soup2-devel-2.52.1-150600.12.63.1 * webkit2gtk4-debugsource-2.52.1-150600.12.63.1 * libwebkit2gtk-4_0-37-2.52.1-150600.12.63.1 * webkit2gtk3-soup2-debugsource-2.52.1-150600.12.63.1 * webkit2gtk3-devel-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2-4_1-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-WebKit-6_0-2.52.1-150600.12.63.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-6_0-2.52.1-150600.12.63.1 * webkitgtk-6_0-injected-bundles-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2WebExtension-4_0-2.52.1-150600.12.63.1 * typelib-1_0-WebKit2-4_0-2.52.1-150600.12.63.1 * libwebkitgtk-6_0-4-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-4_1-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_0-18-2.52.1-150600.12.63.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-150600.12.63.1 * typelib-1_0-JavaScriptCore-4_0-2.52.1-150600.12.63.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-150600.12.63.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-150600.12.63.1 * libwebkit2gtk-4_1-0-2.52.1-150600.12.63.1 * webkit2gtk3-debugsource-2.52.1-150600.12.63.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43010.html * https://www.suse.com/security/cve/CVE-2025-31223.html * https://www.suse.com/security/cve/CVE-2025-31277.html * https://www.suse.com/security/cve/CVE-2025-43213.html * https://www.suse.com/security/cve/CVE-2025-43214.html * https://www.suse.com/security/cve/CVE-2025-43433.html * https://www.suse.com/security/cve/CVE-2025-43438.html * https://www.suse.com/security/cve/CVE-2025-43441.html * https://www.suse.com/security/cve/CVE-2025-43457.html * https://www.suse.com/security/cve/CVE-2025-43511.html * https://www.suse.com/security/cve/CVE-2025-46299.html * https://www.suse.com/security/cve/CVE-2026-20608.html * https://www.suse.com/security/cve/CVE-2026-20635.html * https://www.suse.com/security/cve/CVE-2026-20636.html * https://www.suse.com/security/cve/CVE-2026-20643.html * https://www.suse.com/security/cve/CVE-2026-20644.html * https://www.suse.com/security/cve/CVE-2026-20652.html * https://www.suse.com/security/cve/CVE-2026-20664.html * https://www.suse.com/security/cve/CVE-2026-20665.html * https://www.suse.com/security/cve/CVE-2026-20676.html * https://www.suse.com/security/cve/CVE-2026-20691.html * https://www.suse.com/security/cve/CVE-2026-28857.html * https://www.suse.com/security/cve/CVE-2026-28859.html * https://www.suse.com/security/cve/CVE-2026-28861.html * https://www.suse.com/security/cve/CVE-2026-28871.html * https://bugzilla.suse.com/show_bug.cgi?id=1259934 * https://bugzilla.suse.com/show_bug.cgi?id=1259935 * https://bugzilla.suse.com/show_bug.cgi?id=1259936 * https://bugzilla.suse.com/show_bug.cgi?id=1259937 * https://bugzilla.suse.com/show_bug.cgi?id=1259938 * https://bugzilla.suse.com/show_bug.cgi?id=1259939 * https://bugzilla.suse.com/show_bug.cgi?id=1259940 * https://bugzilla.suse.com/show_bug.cgi?id=1259941 * https://bugzilla.suse.com/show_bug.cgi?id=1259942 * https://bugzilla.suse.com/show_bug.cgi?id=1259943 * https://bugzilla.suse.com/show_bug.cgi?id=1259944 * https://bugzilla.suse.com/show_bug.cgi?id=1259945 * https://bugzilla.suse.com/show_bug.cgi?id=1259946 * https://bugzilla.suse.com/show_bug.cgi?id=1259947 * https://bugzilla.suse.com/show_bug.cgi?id=1259948 * https://bugzilla.suse.com/show_bug.cgi?id=1259949 * https://bugzilla.suse.com/show_bug.cgi?id=1259950 * https://bugzilla.suse.com/show_bug.cgi?id=1261172 * https://bugzilla.suse.com/show_bug.cgi?id=1261173 * https://bugzilla.suse.com/show_bug.cgi?id=1261174 * https://bugzilla.suse.com/show_bug.cgi?id=1261175 * https://bugzilla.suse.com/show_bug.cgi?id=1261176 * https://bugzilla.suse.com/show_bug.cgi?id=1261177 * https://bugzilla.suse.com/show_bug.cgi?id=1261178 * https://bugzilla.suse.com/show_bug.cgi?id=1261179 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:31:56 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:31:56 -0000 Subject: SUSE-SU-2026:1363-1: important: Security update for nodejs20 Message-ID: <177628511676.2815.16769540827696252090@6fd1d05cebf0> # Security update for nodejs20 Announcement ID: SUSE-SU-2026:1363-1 Release Date: 2026-04-15T14:16:21Z Rating: important References: * bsc#1256576 * bsc#1260455 * bsc#1260462 * bsc#1260463 * bsc#1260480 * bsc#1260482 * bsc#1260494 Cross-References: * CVE-2026-21637 * CVE-2026-21710 * CVE-2026-21713 * CVE-2026-21714 * CVE-2026-21715 * CVE-2026-21716 * CVE-2026-21717 CVSS scores: * CVE-2026-21637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21713 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21714 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21715 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21716 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21716 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21717 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves seven vulnerabilities can now be installed. ## Description: This update for nodejs20 fixes the following issues: Update to version 20.20.2. * CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request (bsc#1260494). * CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file permissions and ownership on already-open file descriptors (bsc#1260462). * CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482). * CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480). * CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and potential MAC forgery (bsc#1260463). * CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455). * CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1363=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1363=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1363=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * nodejs20-20.20.2-150600.3.18.1 * nodejs20-debugsource-20.20.2-150600.3.18.1 * npm20-20.20.2-150600.3.18.1 * nodejs20-debuginfo-20.20.2-150600.3.18.1 * nodejs20-devel-20.20.2-150600.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * nodejs20-docs-20.20.2-150600.3.18.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * nodejs20-20.20.2-150600.3.18.1 * nodejs20-debugsource-20.20.2-150600.3.18.1 * npm20-20.20.2-150600.3.18.1 * nodejs20-debuginfo-20.20.2-150600.3.18.1 * nodejs20-devel-20.20.2-150600.3.18.1 * corepack20-20.20.2-150600.3.18.1 * openSUSE Leap 15.6 (noarch) * nodejs20-docs-20.20.2-150600.3.18.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * nodejs20-20.20.2-150600.3.18.1 * nodejs20-debugsource-20.20.2-150600.3.18.1 * npm20-20.20.2-150600.3.18.1 * nodejs20-debuginfo-20.20.2-150600.3.18.1 * nodejs20-devel-20.20.2-150600.3.18.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * nodejs20-docs-20.20.2-150600.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21637.html * https://www.suse.com/security/cve/CVE-2026-21710.html * https://www.suse.com/security/cve/CVE-2026-21713.html * https://www.suse.com/security/cve/CVE-2026-21714.html * https://www.suse.com/security/cve/CVE-2026-21715.html * https://www.suse.com/security/cve/CVE-2026-21716.html * https://www.suse.com/security/cve/CVE-2026-21717.html * https://bugzilla.suse.com/show_bug.cgi?id=1256576 * https://bugzilla.suse.com/show_bug.cgi?id=1260455 * https://bugzilla.suse.com/show_bug.cgi?id=1260462 * https://bugzilla.suse.com/show_bug.cgi?id=1260463 * https://bugzilla.suse.com/show_bug.cgi?id=1260480 * https://bugzilla.suse.com/show_bug.cgi?id=1260482 * https://bugzilla.suse.com/show_bug.cgi?id=1260494 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:32:18 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:32:18 -0000 Subject: SUSE-SU-2026:1361-1: important: Security update for himmelblau Message-ID: <177628513832.2815.8069068463097287142@6fd1d05cebf0> # Security update for himmelblau Announcement ID: SUSE-SU-2026:1361-1 Release Date: 2026-04-15T14:14:01Z Rating: important References: * bsc#1233949 * bsc#1245437 * bsc#1247735 * bsc#1249013 * bsc#1257904 * bsc#1258236 * bsc#1259548 * bsc#1261324 * jsc#PED-14511 Cross-References: * CVE-2024-11738 * CVE-2025-53013 * CVE-2025-54882 * CVE-2025-58160 * CVE-2026-25727 * CVE-2026-31979 * CVE-2026-34397 CVSS scores: * CVE-2024-11738 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-11738 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-11738 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-11738 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-53013 ( SUSE ): 4.3 CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-53013 ( SUSE ): 5.2 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2025-53013 ( NVD ): 5.2 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2025-54882 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-54882 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-54882 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-58160 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-58160 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2025-58160 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25727 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-31979 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-31979 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34397 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34397 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-34397 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-34397 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves seven vulnerabilities, contains one feature and has one security fix can now be installed. ## Description: This update for himmelblau fixes the following issues: Update to version 2.3.9+git0.a9fd29b; (jsc#PED-14511): * CVE-2026-34397: Fix LPE due to name collision during NSS fake-primary group lookup (bsc#1261324). * CVE-2026-31979: Fix race condition when accessiung /tmp/krb5cc_uid (bsc#1259548). * CVE-2026-25727: deps(rust): Bump the `all-cargo-updates` group with 8 updates (bsc#1257904). * CVE-2025-58160: deps(rust): Bump `tracing-subscriber` in the cargo group (bsc#1249013). * CVE-2025-54882: Fix Kerberos credential cache permissions (bsc#1247735). * CVE-2025-53013: Fix permitted authentication with invalid Hello PIN (bsc#1245437). * CVE-2024-11738: Fix `rustls` network-reachable panic in `Acceptor::accept` (bsc#1233949). Other bug fixes: * Fix SELinux module packaging to use standard policy macros (bsc#1258236). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1361=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 x86_64) * himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1 * himmelblau-debuginfo-2.3.9+git0.a9fd29b-150700.3.15.1 * libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1 * pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1 * Basesystem Module 15-SP7 (noarch) * himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2024-11738.html * https://www.suse.com/security/cve/CVE-2025-53013.html * https://www.suse.com/security/cve/CVE-2025-54882.html * https://www.suse.com/security/cve/CVE-2025-58160.html * https://www.suse.com/security/cve/CVE-2026-25727.html * https://www.suse.com/security/cve/CVE-2026-31979.html * https://www.suse.com/security/cve/CVE-2026-34397.html * https://bugzilla.suse.com/show_bug.cgi?id=1233949 * https://bugzilla.suse.com/show_bug.cgi?id=1245437 * https://bugzilla.suse.com/show_bug.cgi?id=1247735 * https://bugzilla.suse.com/show_bug.cgi?id=1249013 * https://bugzilla.suse.com/show_bug.cgi?id=1257904 * https://bugzilla.suse.com/show_bug.cgi?id=1258236 * https://bugzilla.suse.com/show_bug.cgi?id=1259548 * https://bugzilla.suse.com/show_bug.cgi?id=1261324 * https://jira.suse.com/browse/PED-14511 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:32:21 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:32:21 -0000 Subject: SUSE-SU-2026:1360-1: important: Security update for tigervnc Message-ID: <177628514135.2815.12798123110572935392@6fd1d05cebf0> # Security update for tigervnc Announcement ID: SUSE-SU-2026:1360-1 Release Date: 2026-04-15T14:10:53Z Rating: important References: * bsc#1260871 Cross-References: * CVE-2026-34352 CVSS scores: * CVE-2026-34352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L * CVE-2026-34352 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34352 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for tigervnc fixes the following issues: * CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1360=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1360=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libXvnc1-1.14.1-150700.4.3.1 * xorg-x11-Xvnc-1.14.1-150700.4.3.1 * xorg-x11-Xvnc-debuginfo-1.14.1-150700.4.3.1 * tigervnc-1.14.1-150700.4.3.1 * tigervnc-debugsource-1.14.1-150700.4.3.1 * tigervnc-debuginfo-1.14.1-150700.4.3.1 * libXvnc1-debuginfo-1.14.1-150700.4.3.1 * Basesystem Module 15-SP7 (aarch64 ppc64le x86_64) * xorg-x11-Xvnc-module-1.14.1-150700.4.3.1 * xorg-x11-Xvnc-module-debuginfo-1.14.1-150700.4.3.1 * Basesystem Module 15-SP7 (noarch) * xorg-x11-Xvnc-novnc-1.14.1-150700.4.3.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libXvnc-devel-1.14.1-150700.4.3.1 * tigervnc-debugsource-1.14.1-150700.4.3.1 * tigervnc-debuginfo-1.14.1-150700.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34352.html * https://bugzilla.suse.com/show_bug.cgi?id=1260871 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:32:24 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:32:24 -0000 Subject: SUSE-SU-2026:1359-1: important: Security update for sudo Message-ID: <177628514429.2815.9675424874381580221@6fd1d05cebf0> # Security update for sudo Announcement ID: SUSE-SU-2026:1359-1 Release Date: 2026-04-15T14:07:04Z Rating: important References: * bsc#1261420 Cross-References: * CVE-2026-35535 CVSS scores: * CVE-2026-35535 ( SUSE ): 7.5 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-35535 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-35535 ( NVD ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for sudo fixes the following issue: * CVE-2026-35535: Fixed potential privilege escalation when running the mailer (bsc#1261420). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1359=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1359=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1359=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1359=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * sudo-debugsource-1.9.15p5-150600.3.15.1 * sudo-devel-1.9.15p5-150600.3.15.1 * system-group-sudo-1.9.15p5-150600.3.15.1 * sudo-policy-sudo-auth-self-1.9.15p5-150600.3.15.1 * sudo-debuginfo-1.9.15p5-150600.3.15.1 * sudo-plugin-python-debuginfo-1.9.15p5-150600.3.15.1 * sudo-plugin-python-1.9.15p5-150600.3.15.1 * sudo-1.9.15p5-150600.3.15.1 * sudo-policy-wheel-auth-self-1.9.15p5-150600.3.15.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * sudo-debugsource-1.9.15p5-150600.3.15.1 * sudo-devel-1.9.15p5-150600.3.15.1 * system-group-sudo-1.9.15p5-150600.3.15.1 * sudo-policy-sudo-auth-self-1.9.15p5-150600.3.15.1 * sudo-debuginfo-1.9.15p5-150600.3.15.1 * sudo-plugin-python-debuginfo-1.9.15p5-150600.3.15.1 * sudo-plugin-python-1.9.15p5-150600.3.15.1 * sudo-1.9.15p5-150600.3.15.1 * sudo-policy-wheel-auth-self-1.9.15p5-150600.3.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * sudo-debugsource-1.9.15p5-150600.3.15.1 * sudo-devel-1.9.15p5-150600.3.15.1 * system-group-sudo-1.9.15p5-150600.3.15.1 * sudo-policy-sudo-auth-self-1.9.15p5-150600.3.15.1 * sudo-debuginfo-1.9.15p5-150600.3.15.1 * sudo-plugin-python-debuginfo-1.9.15p5-150600.3.15.1 * sudo-plugin-python-1.9.15p5-150600.3.15.1 * sudo-1.9.15p5-150600.3.15.1 * sudo-policy-wheel-auth-self-1.9.15p5-150600.3.15.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * sudo-test-1.9.15p5-150600.3.15.1 * sudo-debugsource-1.9.15p5-150600.3.15.1 * sudo-devel-1.9.15p5-150600.3.15.1 * system-group-sudo-1.9.15p5-150600.3.15.1 * sudo-policy-sudo-auth-self-1.9.15p5-150600.3.15.1 * sudo-debuginfo-1.9.15p5-150600.3.15.1 * sudo-plugin-python-debuginfo-1.9.15p5-150600.3.15.1 * sudo-plugin-python-1.9.15p5-150600.3.15.1 * sudo-1.9.15p5-150600.3.15.1 * sudo-policy-wheel-auth-self-1.9.15p5-150600.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35535.html * https://bugzilla.suse.com/show_bug.cgi?id=1261420 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:32:33 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:32:33 -0000 Subject: SUSE-RU-2026:1358-1: important: Recommended update for sssd Message-ID: <177628515340.2815.7845640995935955515@6fd1d05cebf0> # Recommended update for sssd Announcement ID: SUSE-RU-2026:1358-1 Release Date: 2026-04-15T13:46:10Z Rating: important References: * bsc#1259253 * bsc#1259436 * bsc#1259545 * bsc#1260409 * bsc#1260413 Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has five fixes can now be installed. ## Description: This update for sssd fixes the following issues: * Do not package capabilities, will be applied by %set_permissions rpm macro (bsc#1259436); * Silence noisy warning from sss_cache if run prior starting the daemon and config.ldb does not exist (bsc#1259545); * Fix ldap_child process started by the backend process ending in defunc state. * Create the secrets directory for the KCM service; (bsc#1259253); * Fix missing nss library in 32bit package; (bsc#1260409); * Fix packaging wrong permissions for /usr/share/polkit-1/rules.d (bsc#1260413); ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1358=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * sssd-winbind-idmap-2.10.2-150700.9.25.1 * sssd-kcm-2.10.2-150700.9.25.1 * libsss_nss_idmap-devel-2.10.2-150700.9.25.1 * python3-sssd-config-debuginfo-2.10.2-150700.9.25.1 * sssd-krb5-common-debuginfo-2.10.2-150700.9.25.1 * libsss_certmap0-2.10.2-150700.9.25.1 * libsss_idmap0-2.10.2-150700.9.25.1 * sssd-krb5-debuginfo-2.10.2-150700.9.25.1 * libsss_simpleifp-devel-2.10.2-150700.9.25.1 * sssd-krb5-2.10.2-150700.9.25.1 * libipa_hbac0-2.10.2-150700.9.25.1 * libsss_certmap-devel-2.10.2-150700.9.25.1 * sssd-proxy-debuginfo-2.10.2-150700.9.25.1 * sssd-tools-debuginfo-2.10.2-150700.9.25.1 * libsss_simpleifp0-debuginfo-2.10.2-150700.9.25.1 * libipa_hbac0-debuginfo-2.10.2-150700.9.25.1 * libsss_simpleifp0-2.10.2-150700.9.25.1 * sssd-dbus-debuginfo-2.10.2-150700.9.25.1 * libsss_nss_idmap0-2.10.2-150700.9.25.1 * sssd-kcm-debuginfo-2.10.2-150700.9.25.1 * sssd-proxy-2.10.2-150700.9.25.1 * libsss_certmap0-debuginfo-2.10.2-150700.9.25.1 * libipa_hbac-devel-2.10.2-150700.9.25.1 * libsss_nss_idmap0-debuginfo-2.10.2-150700.9.25.1 * sssd-debuginfo-2.10.2-150700.9.25.1 * sssd-ldap-2.10.2-150700.9.25.1 * python3-sssd-config-2.10.2-150700.9.25.1 * sssd-ldap-debuginfo-2.10.2-150700.9.25.1 * sssd-tools-2.10.2-150700.9.25.1 * sssd-ad-2.10.2-150700.9.25.1 * sssd-ipa-debuginfo-2.10.2-150700.9.25.1 * sssd-ipa-2.10.2-150700.9.25.1 * sssd-ad-debuginfo-2.10.2-150700.9.25.1 * sssd-krb5-common-2.10.2-150700.9.25.1 * libsss_idmap-devel-2.10.2-150700.9.25.1 * sssd-2.10.2-150700.9.25.1 * sssd-debugsource-2.10.2-150700.9.25.1 * sssd-winbind-idmap-debuginfo-2.10.2-150700.9.25.1 * libsss_idmap0-debuginfo-2.10.2-150700.9.25.1 * sssd-dbus-2.10.2-150700.9.25.1 * Basesystem Module 15-SP7 (x86_64) * sssd-32bit-debuginfo-2.10.2-150700.9.25.1 * sssd-32bit-2.10.2-150700.9.25.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1259253 * https://bugzilla.suse.com/show_bug.cgi?id=1259436 * https://bugzilla.suse.com/show_bug.cgi?id=1259545 * https://bugzilla.suse.com/show_bug.cgi?id=1260409 * https://bugzilla.suse.com/show_bug.cgi?id=1260413 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:32:37 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:32:37 -0000 Subject: SUSE-RU-2026:1357-1: important: Recommended update for gdb Message-ID: <177628515722.2815.11544310511620702003@6fd1d05cebf0> # Recommended update for gdb Announcement ID: SUSE-RU-2026:1357-1 Release Date: 2026-04-15T13:44:33Z Rating: important References: * bsc#1249147 * bsc#1257111 Affected Products: * Development Tools Module 15-SP7 * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has two fixes can now be installed. ## Description: This update for gdb fixes the following issues: * Testsuite fixes: * Add proc subst_vars, an alias of subst -nobackslashes -nocommands * gdb/testsuite: Fix printf regexp for ppc64le with glibc * gdb/testsuite: Fix another timeout in gdb.mi/mi-multi-commands.exp * gdb/testsuite: Remove guile "test byte at sp, before flush" test * gdb: Fix gdb.base/inline-frame-cycle-unwind.exp for s390x * Re-enable ptype /o for flexible array member types (bsc#1249147): * gdb: Minor refactoring of is_dynamic_type_internal * gdb: Simplify is_dynamic_type_internal by factoring out is_dynamic_type_internal_1, leaving only the handling of the top_level parameter in is_dynamic_type_internal. * gdb: Enable ptype /o for some dynamic types * Fix TUI crash when encountering a debuginfod query while entering TUI * gdb: Simplify debuginfod_is_enabled * gdb: Add debuginfod_enabled_ask_p * gdb: Add defaulted_query_auto_answers_p * gdb/tui: Don't enter TUI if debuginfod enabled == ask * Fix a case on x86_64/-m32 where displaced stepping steps out of the displaced stepping buffer * gdb/tdep: Fix unrelocated pc in i386_displaced_step_fixup * Fix generation of core files using gcore for glibc 2.42 * gcore: Handle unreadable pages within readable memory regions * gcore: Query auxv for AT_PAGESZ in gcore_copy_callback * Maintenance script qa.sh cleanup: * Remove kfail_s390 and kfail_sle11. * Remove gdb.reverse/{solib-precsave,solib-reverse}.exp kfail. * Remove gdb.base/gdb-rhbz1156192-recursive-dlopen.exp kfail. * Fix slow symbol lookup with dwz-compressed debuginfo (bsc#1257111): * gdb/symtab: Fix slow symbol lookup with dwz * Fix failure to list source file with dwz-compressed debuginfo (brc#2403580): * fix rhbz2403580 - misplaced symtabs due to dwz * gdb: Test for misplaced symtab causing file not found * gdb/testsuite: Add missing require in gdb.debuginfod/solib-with-dwz.exp * gdb/testsuite: Launch debuginfod without -vvvv * Fix slow symbol table reading with dwz-compressed debuginfo: * gdb/symtab: Cache dw2_get_file_names result for dummy CU * Fix heap-use-after-free, reported by TSAN: * gdb/symtab: Handle zero opcode_base in line number program header * Fix backtrace through signal trampoline on s390x: * gdb/tdep: Fix gdb.base/siginfo.exp on s390x-linux ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1357=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1357=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1357=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gdbserver-16.3-150400.15.29.1 * gdb-debuginfo-16.3-150400.15.29.1 * gdbserver-debuginfo-16.3-150400.15.29.1 * gdb-debugsource-16.3-150400.15.29.1 * gdb-16.3-150400.15.29.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586 nosrc) * gdb-testresults-16.3-150400.15.29.1 * openSUSE Leap 15.4 (aarch64_ilp32) * gdbserver-64bit-16.3-150400.15.29.1 * gdb-64bit-debuginfo-16.3-150400.15.29.1 * gdb-64bit-16.3-150400.15.29.1 * gdbserver-64bit-debuginfo-16.3-150400.15.29.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * gdbserver-16.3-150400.15.29.1 * gdb-debuginfo-16.3-150400.15.29.1 * gdbserver-debuginfo-16.3-150400.15.29.1 * gdb-debugsource-16.3-150400.15.29.1 * gdb-16.3-150400.15.29.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc) * gdb-testresults-16.3-150400.15.29.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * gdbserver-16.3-150400.15.29.1 * gdb-debuginfo-16.3-150400.15.29.1 * gdbserver-debuginfo-16.3-150400.15.29.1 * gdb-debugsource-16.3-150400.15.29.1 * gdb-16.3-150400.15.29.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1249147 * https://bugzilla.suse.com/show_bug.cgi?id=1257111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:32:41 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:32:41 -0000 Subject: SUSE-SU-2026:1356-1: moderate: Security update for nfs-utils Message-ID: <177628516149.2815.10908333285979412326@6fd1d05cebf0> # Security update for nfs-utils Announcement ID: SUSE-SU-2026:1356-1 Release Date: 2026-04-15T13:43:53Z Rating: moderate References: * bsc#1246505 * bsc#1259204 Cross-References: * CVE-2025-12801 CVSS scores: * CVE-2025-12801 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-12801 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-12801 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for nfs-utils fixes the following issue: Security fixes: * CVE-2025-12801: rpc.mountd allows a NFSv3 client to escalate their privileges and access subdirectories and subtrees of an exported directory (bsc#1259204). Other fixes: * Split from nfs-utils into its own spec and changelog file (bsc#1246505). * Split legacy libnfsidmap0 into a separate spec file (bsc#1246505). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1356=1 openSUSE-SLE-15.6-2026-1356=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1356=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1356=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1356=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * nfs-kernel-server-debuginfo-2.6.4-150600.28.19.1 * libnfsidmap0-0.26-150600.28.19.1 * nfs-doc-2.6.4-150600.28.19.1 * nfs-client-2.6.4-150600.28.19.1 * nfs-kernel-server-2.6.4-150600.28.19.1 * nfs-utils-debugsource-2.6.4-150600.28.19.1 * libnfsidmap0-debugsource-0.26-150600.28.19.1 * libnfsidmap1-1.0-150600.28.19.1 * nfs-utils-debuginfo-2.6.4-150600.28.19.1 * nfsidmap-devel-1.0-150600.28.19.1 * nfsidmap0-devel-0.26-150600.28.19.1 * libnfsidmap0-debuginfo-0.26-150600.28.19.1 * nfs-client-debuginfo-2.6.4-150600.28.19.1 * libnfsidmap1-debuginfo-1.0-150600.28.19.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * nfs-kernel-server-debuginfo-2.6.4-150600.28.19.1 * libnfsidmap0-0.26-150600.28.19.1 * nfs-doc-2.6.4-150600.28.19.1 * nfs-client-2.6.4-150600.28.19.1 * nfs-kernel-server-2.6.4-150600.28.19.1 * nfs-utils-debugsource-2.6.4-150600.28.19.1 * libnfsidmap1-1.0-150600.28.19.1 * nfs-utils-debuginfo-2.6.4-150600.28.19.1 * nfsidmap-devel-1.0-150600.28.19.1 * nfsidmap0-devel-0.26-150600.28.19.1 * libnfsidmap0-debuginfo-0.26-150600.28.19.1 * nfs-client-debuginfo-2.6.4-150600.28.19.1 * libnfsidmap1-debuginfo-1.0-150600.28.19.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * nfs-kernel-server-debuginfo-2.6.4-150600.28.19.1 * libnfsidmap0-0.26-150600.28.19.1 * nfs-doc-2.6.4-150600.28.19.1 * nfs-client-2.6.4-150600.28.19.1 * nfs-kernel-server-2.6.4-150600.28.19.1 * nfs-utils-debugsource-2.6.4-150600.28.19.1 * libnfsidmap1-1.0-150600.28.19.1 * nfs-utils-debuginfo-2.6.4-150600.28.19.1 * nfsidmap-devel-1.0-150600.28.19.1 * nfsidmap0-devel-0.26-150600.28.19.1 * nfs-client-debuginfo-2.6.4-150600.28.19.1 * libnfsidmap1-debuginfo-1.0-150600.28.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * nfs-kernel-server-debuginfo-2.6.4-150600.28.19.1 * libnfsidmap0-0.26-150600.28.19.1 * nfs-doc-2.6.4-150600.28.19.1 * nfs-client-2.6.4-150600.28.19.1 * nfs-kernel-server-2.6.4-150600.28.19.1 * nfs-utils-debugsource-2.6.4-150600.28.19.1 * libnfsidmap1-1.0-150600.28.19.1 * nfs-utils-debuginfo-2.6.4-150600.28.19.1 * nfsidmap-devel-1.0-150600.28.19.1 * nfsidmap0-devel-0.26-150600.28.19.1 * nfs-client-debuginfo-2.6.4-150600.28.19.1 * libnfsidmap1-debuginfo-1.0-150600.28.19.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12801.html * https://bugzilla.suse.com/show_bug.cgi?id=1246505 * https://bugzilla.suse.com/show_bug.cgi?id=1259204 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:32:46 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:32:46 -0000 Subject: SUSE-SU-2026:1355-1: important: Security update for rubygem-bundler Message-ID: <177628516699.2815.1214007402479633509@6fd1d05cebf0> # Security update for rubygem-bundler Announcement ID: SUSE-SU-2026:1355-1 Release Date: 2026-04-15T13:37:50Z Rating: important References: * bsc#1185842 * bsc#1193578 Cross-References: * CVE-2020-36327 * CVE-2021-43809 CVSS scores: * CVE-2020-36327 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2020-36327 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2021-43809 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2021-43809 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2021-43809 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for rubygem-bundler fixes the following issues: Updated to version 2.2.34. * CVE-2020-36327: Bundler chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen (bsc#1185842) * CVE-2021-43809: rubygem-bundler: remote execution via Gemfile argument injection (bsc#1193578) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1355=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ruby2.5-rubygem-bundler-2.2.34-150700.21.3.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36327.html * https://www.suse.com/security/cve/CVE-2021-43809.html * https://bugzilla.suse.com/show_bug.cgi?id=1185842 * https://bugzilla.suse.com/show_bug.cgi?id=1193578 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:32:57 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:32:57 -0000 Subject: SUSE-SU-2026:1354-1: important: Security update for python313 Message-ID: <177628517783.2815.4320967687969245540@6fd1d05cebf0> # Security update for python313 Announcement ID: SUSE-SU-2026:1354-1 Release Date: 2026-04-15T13:37:43Z Rating: important References: * bsc#1257181 * bsc#1259240 * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 * jsc#PED-15850 Cross-References: * CVE-2025-13462 * CVE-2026-1299 * CVE-2026-2297 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-1299 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-1299 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-2297 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-2297 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves seven vulnerabilities and contains one feature can now be installed. ## Description: This update for python313 fixes the following issues: * Update to v3.13.13 * CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611). * CVE-2026-2297: cpython: incorrectly handled hook in FileLoader can lead to validation bypass (bsc#1259240). * CVE-2026-3479: python: improper resource argument validation can allow path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies (bsc#1259734). * CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735). * CVE-2026-4519: leading dashes in URLs are accepted by the `webbrowser.open()` API and allow for web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1354=1 ## Package List: * Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python313-3.13.13-150700.4.45.1 * python313-base-3.13.13-150700.4.45.1 * python313-dbm-debuginfo-3.13.13-150700.4.45.1 * python313-curses-debuginfo-3.13.13-150700.4.45.1 * python313-debugsource-3.13.13-150700.4.45.1 * python313-idle-3.13.13-150700.4.45.1 * python313-tk-debuginfo-3.13.13-150700.4.45.1 * libpython3_13-1_0-debuginfo-3.13.13-150700.4.45.1 * python313-dbm-3.13.13-150700.4.45.1 * libpython3_13-1_0-3.13.13-150700.4.45.1 * python313-core-debugsource-3.13.13-150700.4.45.1 * python313-curses-3.13.13-150700.4.45.1 * python313-devel-3.13.13-150700.4.45.1 * python313-tools-3.13.13-150700.4.45.1 * python313-tk-3.13.13-150700.4.45.1 * python313-base-debuginfo-3.13.13-150700.4.45.1 * python313-debuginfo-3.13.13-150700.4.45.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-1299.html * https://www.suse.com/security/cve/CVE-2026-2297.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1257181 * https://bugzilla.suse.com/show_bug.cgi?id=1259240 * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 * https://jira.suse.com/browse/PED-15850 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:33:03 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:33:03 -0000 Subject: SUSE-SU-2026:1353-1: important: Security update for netty, netty-tcnative Message-ID: <177628518336.2815.13146750501084757610@6fd1d05cebf0> # Security update for netty, netty-tcnative Announcement ID: SUSE-SU-2026:1353-1 Release Date: 2026-04-15T13:37:31Z Rating: important References: * bsc#1261031 * bsc#1261043 Cross-References: * CVE-2026-33870 * CVE-2026-33871 CVSS scores: * CVE-2026-33870 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33870 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-33870 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-33871 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33871 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33871 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-33871 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for netty, netty-tcnative fixes the following issues: Upidate to 4.1.132: * CVE-2026-33870: incorrectly parses quoted strings in HTTP/1.1 can lead to request smuggling (bsc#1261031). * CVE-2026-33871: sending a flood of CONTINUATION frames can lead to a denial of service (bsc#1261043). Changelog: * Upgrade to upstream version 4.1.132 * Fixes: * Fix Incorrect nanos-to-millis conversion in epoll_wait EINTR retry loop * Make RefCntOpenSslContext.deallocate more robust * HTTP2: Correctly account for padding when decompress * Fix high-order bit aliasing in HttpUtil.validateToken * fix: the precedence of + is higher than >> * AdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater than byteBuf.maxCapacity() * AdaptivePoolingAllocator: call unreserveMatchingBuddy(...) if byteBuf initialization failed * Don't assume CertificateFactory is thread-safe * Fix HttpObjectAggregator leaving connection stuck after 413 with AUTO_READ=false * HTTP2: Ensure preface is flushed in all cases * Fix UnsupportedOperationException in readTrailingHeaders * Fix client_max_window_bits parameter handling in permessage-deflate extension * Native transports: Fix possible fd leak when fcntl fails. * Kqueue: Fix undefined behaviour when GetStringUTFChars fails and SO_ACCEPTFILTER is supported * Kqueue: Possible overflow when using netty_kqueue_bsdsocket_setAcceptFilter(...) * Native transports: Fix undefined behaviour when GetStringUTFChars fails while open FD * Epoll: Add null checks for safety reasons * Epoll: Use correct value to initialize mmsghdr.msg_namelen * Epoll: Fix support for IP_RECVORIGDSTADDR * AdaptivePoolingAllocator: remove ensureAccessible() call in capacity(int) method * Epoll: setTcpMg5Sig(...) might overflow * JdkZlibDecoder: accumulate decompressed output before firing channelRead * Limit the number of Continuation frames per HTTP2 Headers (bsc#1261043, CVE-2026-33871) * Stricter HTTP/1.1 chunk extension parsing (bsc#1261031, CVE-2026-33870) * rediff * Upgrade to upstream version 4.1.131 * NioDatagramChannel.block(...) does not early return on failure * Support for AWS Libcrypto (AWS-LC) netty-tcnative build * codec-dns: Decompress MX RDATA exchange domain names during DNS record decoding * Buddy allocation for large buffers in adaptive allocator * SslHandler: Only resume on EventLoop if EventLoop is not shutting down already * Wrap ECONNREFUSED in PortUnreachableException for UDP * Bump com.ning:compress-lzf (4.1) * Fix adaptive allocator bug from not noticing failed allocation * Avoid loosing original read exception * Backport multiple adaptive allocator changes * Upgrade to version 4.1.130 * Upgrade to version 2.0.75 Final * No formal changelog present * Needed by netty >= 4.2.11 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1353=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1353=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1353=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.75-150200.3.36.1 * netty-4.1.132-150200.4.43.1 * openSUSE Leap 15.6 (noarch) * netty-tcnative-javadoc-2.0.75-150200.3.36.1 * netty-javadoc-4.1.132-150200.4.43.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.75-150200.3.36.1 * netty-tcnative-debugsource-2.0.75-150200.3.36.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * netty-4.1.132-150200.4.43.1 * SUSE Package Hub 15 15-SP7 (noarch) * netty-javadoc-4.1.132-150200.4.43.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33870.html * https://www.suse.com/security/cve/CVE-2026-33871.html * https://bugzilla.suse.com/show_bug.cgi?id=1261031 * https://bugzilla.suse.com/show_bug.cgi?id=1261043 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:33:17 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:33:17 -0000 Subject: SUSE-SU-2026:1352-1: important: Security update for expat Message-ID: <177628519733.2815.11315826735143884696@6fd1d05cebf0> # Security update for expat Announcement ID: SUSE-SU-2026:1352-1 Release Date: 2026-04-15T13:36:54Z Rating: important References: * bsc#1259711 * bsc#1259726 * bsc#1259729 Cross-References: * CVE-2026-32776 * CVE-2026-32777 * CVE-2026-32778 CVSS scores: * CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32776 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32776 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32777 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32777 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32778 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32778 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for expat fixes the following issues: * CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). * CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). * CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1352=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * expat-debugsource-2.7.1-150700.3.12.1 * expat-debuginfo-2.7.1-150700.3.12.1 * libexpat1-debuginfo-2.7.1-150700.3.12.1 * expat-2.7.1-150700.3.12.1 * libexpat-devel-2.7.1-150700.3.12.1 * libexpat1-2.7.1-150700.3.12.1 * Basesystem Module 15-SP7 (x86_64) * expat-32bit-debuginfo-2.7.1-150700.3.12.1 * libexpat1-32bit-debuginfo-2.7.1-150700.3.12.1 * libexpat1-32bit-2.7.1-150700.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32776.html * https://www.suse.com/security/cve/CVE-2026-32777.html * https://www.suse.com/security/cve/CVE-2026-32778.html * https://bugzilla.suse.com/show_bug.cgi?id=1259711 * https://bugzilla.suse.com/show_bug.cgi?id=1259726 * https://bugzilla.suse.com/show_bug.cgi?id=1259729 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:33:46 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:33:46 -0000 Subject: SUSE-SU-2026:1350-1: important: Security update for nghttp2 Message-ID: <177628522656.2815.1312355589723855653@6fd1d05cebf0> # Security update for nghttp2 Announcement ID: SUSE-SU-2026:1350-1 Release Date: 2026-04-15T13:36:32Z Rating: important References: * bsc#1259845 Cross-References: * CVE-2026-27135 CVSS scores: * CVE-2026-27135 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27135 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27135 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for nghttp2 fixes the following issue: * CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1350=1 openSUSE-SLE-15.6-2026-1350=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1350=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1350=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1350=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libnghttp2-devel-1.40.0-150600.25.5.1 * libnghttp2_asio-devel-1.40.0-150600.25.5.1 * libnghttp2_asio1-1.40.0-150600.25.5.1 * nghttp2-debuginfo-1.40.0-150600.25.5.1 * python3-nghttp2-1.40.0-150600.25.5.1 * nghttp2-python-debugsource-1.40.0-150600.25.5.1 * libnghttp2-14-debuginfo-1.40.0-150600.25.5.1 * nghttp2-debugsource-1.40.0-150600.25.5.1 * python3-nghttp2-debuginfo-1.40.0-150600.25.5.1 * libnghttp2-14-1.40.0-150600.25.5.1 * libnghttp2_asio1-debuginfo-1.40.0-150600.25.5.1 * nghttp2-1.40.0-150600.25.5.1 * openSUSE Leap 15.6 (x86_64) * libnghttp2-14-32bit-1.40.0-150600.25.5.1 * libnghttp2_asio1-32bit-1.40.0-150600.25.5.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150600.25.5.1 * libnghttp2_asio1-32bit-debuginfo-1.40.0-150600.25.5.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libnghttp2-14-64bit-1.40.0-150600.25.5.1 * libnghttp2-14-64bit-debuginfo-1.40.0-150600.25.5.1 * libnghttp2_asio1-64bit-debuginfo-1.40.0-150600.25.5.1 * libnghttp2_asio1-64bit-1.40.0-150600.25.5.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libnghttp2_asio-devel-1.40.0-150600.25.5.1 * nghttp2-debuginfo-1.40.0-150600.25.5.1 * libnghttp2_asio1-1.40.0-150600.25.5.1 * nghttp2-debugsource-1.40.0-150600.25.5.1 * libnghttp2_asio1-debuginfo-1.40.0-150600.25.5.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libnghttp2-devel-1.40.0-150600.25.5.1 * libnghttp2_asio-devel-1.40.0-150600.25.5.1 * libnghttp2_asio1-1.40.0-150600.25.5.1 * nghttp2-debuginfo-1.40.0-150600.25.5.1 * libnghttp2-14-debuginfo-1.40.0-150600.25.5.1 * nghttp2-debugsource-1.40.0-150600.25.5.1 * libnghttp2-14-1.40.0-150600.25.5.1 * libnghttp2_asio1-debuginfo-1.40.0-150600.25.5.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libnghttp2-14-32bit-1.40.0-150600.25.5.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150600.25.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libnghttp2-devel-1.40.0-150600.25.5.1 * libnghttp2_asio-devel-1.40.0-150600.25.5.1 * libnghttp2_asio1-1.40.0-150600.25.5.1 * nghttp2-debuginfo-1.40.0-150600.25.5.1 * libnghttp2-14-debuginfo-1.40.0-150600.25.5.1 * nghttp2-debugsource-1.40.0-150600.25.5.1 * libnghttp2-14-1.40.0-150600.25.5.1 * libnghttp2_asio1-debuginfo-1.40.0-150600.25.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libnghttp2-14-32bit-1.40.0-150600.25.5.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150600.25.5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27135.html * https://bugzilla.suse.com/show_bug.cgi?id=1259845 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:33:43 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:33:43 -0000 Subject: SUSE-SU-2026:1351-1: important: Security update for bind Message-ID: <177628522362.2815.15886026387580586396@6fd1d05cebf0> # Security update for bind Announcement ID: SUSE-SU-2026:1351-1 Release Date: 2026-04-15T13:36:44Z Rating: important References: * bsc#1259202 * bsc#1260567 * bsc#1260568 * bsc#1260569 * bsc#1260805 Cross-References: * CVE-2026-1519 * CVE-2026-3104 * CVE-2026-3119 * CVE-2026-3591 CVSS scores: * CVE-2026-1519 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-1519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3104 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-3104 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3104 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-3119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3119 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3591 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3591 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3591 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves four vulnerabilities and has one security fix can now be installed. ## Description: This update for bind fixes the following issues: Security issues: * CVE-2026-1519: maliciously crafted DNSSEC-validated zone can lead to denial of service (bsc#1260805). * CVE-2026-3104: memory leak in code preparing DNSSEC proofs of non-existence allows for DoS (bsc#1260567). * CVE-2026-3119: authenticated queries containing a TKEY record may cause `named` to terminate unexpectedly (bsc#1260568). * CVE-2026-3591: stack use-after-return flaw in SIG(0) handling code allows for ACL bypass (bsc#1260569). * use-after-free error in `dns_client_resolve()` triggered by a DNAME response (bsc#1259202). Upgrade to release 9.20.21 Security Fixes: * Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. (CVE-2026-1519) [bsc#1260805] * Fix memory leaks in code preparing DNSSEC proofs of non-existence. (CVE-2026-3104) [bsc#1260567] * Prevent a crash in code processing queries containing a TKEY record. (CVE-2026-3119) [bsc#1260568] * Fix a stack use-after- return flaw in SIG(0) handling code. (CVE-2026-3591) [bsc#1260569] * Fix a use- after-free error in dns_client_resolve() triggered by a DNAME response. This issue only affected the delv tool and it has now been fixed. [bsc#1259202] Feature Changes: * Record query time for all dnstap responses. * Optimize TCP source port selection on Linux. Bug Fixes: * Fix the handling of key statements defined inside views. * Fix an assertion failure triggered by non-minimal IXFRs. * Fix a crash when retrying a NOTIFY over TCP. * Fetch loop detection improvements. * Randomize nameserver selection. * Fix dnstap logging of forwarded queries. * A stale answer could have been served in case of multiple upstream failures when following CNAME chains. This has been fixed. * Fail DNSKEY validation when supported but invalid DS is found. * Importing an invalid SKR file might corrupt stack memory. * Return FORMERR for queries with the EDNS Client Subnet FAMILY field set to 0. * Fix inbound IXFR performance regression. * Make catalog zone names and member zones' entry names case-insensitive. * Fix implementation of BRID and HHIT record types. * Fix implementation of DSYNC record type. * Fix response policy and catalog zones to work with $INCLUDE directive. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1351=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1351=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * bind-debuginfo-9.20.21-150700.3.18.1 * bind-utils-9.20.21-150700.3.18.1 * bind-utils-debuginfo-9.20.21-150700.3.18.1 * bind-debugsource-9.20.21-150700.3.18.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * bind-9.20.21-150700.3.18.1 * bind-debugsource-9.20.21-150700.3.18.1 * bind-debuginfo-9.20.21-150700.3.18.1 * Server Applications Module 15-SP7 (noarch) * bind-doc-9.20.21-150700.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1519.html * https://www.suse.com/security/cve/CVE-2026-3104.html * https://www.suse.com/security/cve/CVE-2026-3119.html * https://www.suse.com/security/cve/CVE-2026-3591.html * https://bugzilla.suse.com/show_bug.cgi?id=1259202 * https://bugzilla.suse.com/show_bug.cgi?id=1260567 * https://bugzilla.suse.com/show_bug.cgi?id=1260568 * https://bugzilla.suse.com/show_bug.cgi?id=1260569 * https://bugzilla.suse.com/show_bug.cgi?id=1260805 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:34:10 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:34:10 -0000 Subject: SUSE-SU-2026:1349-1: important: Security update for python311 Message-ID: <177628525043.2815.9819611877586717650@6fd1d05cebf0> # Security update for python311 Announcement ID: SUSE-SU-2026:1349-1 Release Date: 2026-04-15T13:36:10Z Rating: important References: * bsc#1252974 * bsc#1254400 * bsc#1254401 * bsc#1254997 * bsc#1257029 * bsc#1257031 * bsc#1257042 * bsc#1257046 * bsc#1257181 * bsc#1259240 * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 Cross-References: * CVE-2025-11468 * CVE-2025-12084 * CVE-2025-13462 * CVE-2025-13836 * CVE-2025-13837 * CVE-2025-15282 * CVE-2025-6075 * CVE-2026-0672 * CVE-2026-0865 * CVE-2026-1299 * CVE-2026-2297 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-11468 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-11468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-11468 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-12084 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13836 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-13837 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13837 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13837 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13837 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-15282 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-15282 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2025-15282 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-6075 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-6075 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-6075 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-6075 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-0672 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-0672 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-0672 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-0865 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-0865 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-0865 ( NVD ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-1299 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-1299 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-2297 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-2297 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 15 vulnerabilities can now be installed. ## Description: This update for python311 fixes the following issues: * Updated to Python 3.11.15 * CVE-2025-6075: If the value passed to os.path.expandvars() is user- controlled a performance degradation is possible when expanding environment variables (bsc#1252974). * CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). * CVE-2025-12084: cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service (bsc#1254997). * CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611). * CVE-2025-13836: When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length (bsc#1254400). * CVE-2025-13837: When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues (bsc#1254401). * CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). * CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). * CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). * CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in `BytesGenerator` (bsc#1257181). * CVE-2026-2297: cpython: incorrectly handled hook in FileLoader can lead to validation bypass (bsc#1259240). * CVE-2026-3479: python: improper resource argument validation can allow path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies (bsc#1259734). * CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735). * CVE-2026-4519: leading dashes in URLs are accepted by the `webbrowser.open()` API and allow for web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1349=1 openSUSE-SLE-15.6-2026-1349=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1349=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1349=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1349=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1349=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python311-tk-debuginfo-3.11.15-150600.3.53.1 * python311-testsuite-3.11.15-150600.3.53.1 * python311-debugsource-3.11.15-150600.3.53.1 * python311-base-3.11.15-150600.3.53.1 * python311-curses-3.11.15-150600.3.53.1 * python311-tk-3.11.15-150600.3.53.1 * libpython3_11-1_0-3.11.15-150600.3.53.1 * python311-base-debuginfo-3.11.15-150600.3.53.1 * python311-core-debugsource-3.11.15-150600.3.53.1 * python311-testsuite-debuginfo-3.11.15-150600.3.53.1 * python311-doc-devhelp-3.11.15-150600.3.53.1 * python311-doc-3.11.15-150600.3.53.1 * python311-tools-3.11.15-150600.3.53.1 * python311-curses-debuginfo-3.11.15-150600.3.53.1 * python311-3.11.15-150600.3.53.1 * python311-debuginfo-3.11.15-150600.3.53.1 * python311-idle-3.11.15-150600.3.53.1 * python311-devel-3.11.15-150600.3.53.1 * libpython3_11-1_0-debuginfo-3.11.15-150600.3.53.1 * python311-dbm-debuginfo-3.11.15-150600.3.53.1 * python311-dbm-3.11.15-150600.3.53.1 * openSUSE Leap 15.6 (x86_64) * libpython3_11-1_0-32bit-debuginfo-3.11.15-150600.3.53.1 * python311-32bit-debuginfo-3.11.15-150600.3.53.1 * python311-32bit-3.11.15-150600.3.53.1 * python311-base-32bit-3.11.15-150600.3.53.1 * python311-base-32bit-debuginfo-3.11.15-150600.3.53.1 * libpython3_11-1_0-32bit-3.11.15-150600.3.53.1 * openSUSE Leap 15.6 (aarch64_ilp32) * python311-base-64bit-3.11.15-150600.3.53.1 * python311-64bit-3.11.15-150600.3.53.1 * python311-64bit-debuginfo-3.11.15-150600.3.53.1 * libpython3_11-1_0-64bit-3.11.15-150600.3.53.1 * libpython3_11-1_0-64bit-debuginfo-3.11.15-150600.3.53.1 * python311-base-64bit-debuginfo-3.11.15-150600.3.53.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libpython3_11-1_0-debuginfo-3.11.15-150600.3.53.1 * libpython3_11-1_0-3.11.15-150600.3.53.1 * python311-base-3.11.15-150600.3.53.1 * python311-base-debuginfo-3.11.15-150600.3.53.1 * python311-core-debugsource-3.11.15-150600.3.53.1 * Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python311-tk-debuginfo-3.11.15-150600.3.53.1 * python311-3.11.15-150600.3.53.1 * python311-debuginfo-3.11.15-150600.3.53.1 * python311-core-debugsource-3.11.15-150600.3.53.1 * python311-idle-3.11.15-150600.3.53.1 * python311-tk-3.11.15-150600.3.53.1 * python311-tools-3.11.15-150600.3.53.1 * python311-devel-3.11.15-150600.3.53.1 * python311-debugsource-3.11.15-150600.3.53.1 * python311-curses-3.11.15-150600.3.53.1 * python311-dbm-debuginfo-3.11.15-150600.3.53.1 * python311-dbm-3.11.15-150600.3.53.1 * python311-curses-debuginfo-3.11.15-150600.3.53.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * python311-tk-debuginfo-3.11.15-150600.3.53.1 * python311-3.11.15-150600.3.53.1 * python311-dbm-debuginfo-3.11.15-150600.3.53.1 * python311-debuginfo-3.11.15-150600.3.53.1 * python311-idle-3.11.15-150600.3.53.1 * python311-tk-3.11.15-150600.3.53.1 * python311-tools-3.11.15-150600.3.53.1 * python311-devel-3.11.15-150600.3.53.1 * libpython3_11-1_0-debuginfo-3.11.15-150600.3.53.1 * libpython3_11-1_0-3.11.15-150600.3.53.1 * python311-dbm-3.11.15-150600.3.53.1 * python311-debugsource-3.11.15-150600.3.53.1 * python311-base-3.11.15-150600.3.53.1 * python311-curses-3.11.15-150600.3.53.1 * python311-base-debuginfo-3.11.15-150600.3.53.1 * python311-core-debugsource-3.11.15-150600.3.53.1 * python311-curses-debuginfo-3.11.15-150600.3.53.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * python311-tk-debuginfo-3.11.15-150600.3.53.1 * python311-3.11.15-150600.3.53.1 * python311-dbm-debuginfo-3.11.15-150600.3.53.1 * python311-debuginfo-3.11.15-150600.3.53.1 * python311-idle-3.11.15-150600.3.53.1 * python311-tk-3.11.15-150600.3.53.1 * python311-tools-3.11.15-150600.3.53.1 * python311-devel-3.11.15-150600.3.53.1 * libpython3_11-1_0-debuginfo-3.11.15-150600.3.53.1 * libpython3_11-1_0-3.11.15-150600.3.53.1 * python311-dbm-3.11.15-150600.3.53.1 * python311-debugsource-3.11.15-150600.3.53.1 * python311-base-3.11.15-150600.3.53.1 * python311-curses-3.11.15-150600.3.53.1 * python311-base-debuginfo-3.11.15-150600.3.53.1 * python311-core-debugsource-3.11.15-150600.3.53.1 * python311-curses-debuginfo-3.11.15-150600.3.53.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11468.html * https://www.suse.com/security/cve/CVE-2025-12084.html * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2025-13836.html * https://www.suse.com/security/cve/CVE-2025-13837.html * https://www.suse.com/security/cve/CVE-2025-15282.html * https://www.suse.com/security/cve/CVE-2025-6075.html * https://www.suse.com/security/cve/CVE-2026-0672.html * https://www.suse.com/security/cve/CVE-2026-0865.html * https://www.suse.com/security/cve/CVE-2026-1299.html * https://www.suse.com/security/cve/CVE-2026-2297.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1252974 * https://bugzilla.suse.com/show_bug.cgi?id=1254400 * https://bugzilla.suse.com/show_bug.cgi?id=1254401 * https://bugzilla.suse.com/show_bug.cgi?id=1254997 * https://bugzilla.suse.com/show_bug.cgi?id=1257029 * https://bugzilla.suse.com/show_bug.cgi?id=1257031 * https://bugzilla.suse.com/show_bug.cgi?id=1257042 * https://bugzilla.suse.com/show_bug.cgi?id=1257046 * https://bugzilla.suse.com/show_bug.cgi?id=1257181 * https://bugzilla.suse.com/show_bug.cgi?id=1259240 * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:34:14 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:34:14 -0000 Subject: SUSE-RU-2026:1348-1: moderate: Recommended update for gcc14 Message-ID: <177628525426.2815.10363222045278433977@6fd1d05cebf0> # Recommended update for gcc14 Announcement ID: SUSE-RU-2026:1348-1 Release Date: 2026-04-15T13:35:15Z Rating: moderate References: * bsc#1257463 Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has one fix can now be installed. ## Description: This update for gcc14 fixes the following issues: * Fix bogus expression simplification (bsc#1257463) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1348=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1348=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1348=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1348=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1348=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1348=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1348=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1348=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1348=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1348=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1348=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1348=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1348=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1348=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1348=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1348=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1348=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1348=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * cpp14-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-debuginfo-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-14.3.0+git11799-150000.1.14.2 * gcc14-locale-14.3.0+git11799-150000.1.14.2 * libquadmath0-devel-gcc14-14.3.0+git11799-150000.1.14.2 * gcc14-debugsource-14.3.0+git11799-150000.1.14.2 * gcc14-PIE-14.3.0+git11799-150000.1.14.2 * gcc14-14.3.0+git11799-150000.1.14.2 * cpp14-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-14.3.0+git11799-150000.1.14.2 * gcc14-c++-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-c++-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * gcc14-info-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libquadmath0-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-32bit-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-c++-32bit-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * cpp14-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-debuginfo-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-14.3.0+git11799-150000.1.14.2 * gcc14-locale-14.3.0+git11799-150000.1.14.2 * libquadmath0-devel-gcc14-14.3.0+git11799-150000.1.14.2 * gcc14-debugsource-14.3.0+git11799-150000.1.14.2 * gcc14-PIE-14.3.0+git11799-150000.1.14.2 * gcc14-14.3.0+git11799-150000.1.14.2 * cpp14-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-14.3.0+git11799-150000.1.14.2 * gcc14-c++-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-c++-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * gcc14-info-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * cross-nvptx-gcc14-debugsource-14.3.0+git11799-150000.1.14.1 * libquadmath0-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * cross-nvptx-gcc14-debuginfo-14.3.0+git11799-150000.1.14.1 * cross-nvptx-gcc14-14.3.0+git11799-150000.1.14.1 * cross-nvptx-newlib14-devel-14.3.0+git11799-150000.1.14.1 * gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-32bit-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-c++-32bit-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * cpp14-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-debuginfo-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-14.3.0+git11799-150000.1.14.2 * gcc14-locale-14.3.0+git11799-150000.1.14.2 * libquadmath0-devel-gcc14-14.3.0+git11799-150000.1.14.2 * gcc14-debugsource-14.3.0+git11799-150000.1.14.2 * gcc14-PIE-14.3.0+git11799-150000.1.14.2 * gcc14-14.3.0+git11799-150000.1.14.2 * cpp14-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-14.3.0+git11799-150000.1.14.2 * gcc14-c++-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-c++-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * gcc14-info-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * cross-nvptx-gcc14-debugsource-14.3.0+git11799-150000.1.14.1 * libquadmath0-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * cross-nvptx-gcc14-debuginfo-14.3.0+git11799-150000.1.14.1 * cross-nvptx-gcc14-14.3.0+git11799-150000.1.14.1 * cross-nvptx-newlib14-devel-14.3.0+git11799-150000.1.14.1 * gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-32bit-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-c++-32bit-14.3.0+git11799-150000.1.14.2 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * gcc14-locale-14.3.0+git11799-150000.1.14.2 * cross-riscv64-gcc14-bootstrap-14.3.0+git11799-150000.1.14.1 * cross-rx-gcc14-bootstrap-debuginfo-14.3.0+git11799-150000.1.14.1 * gcc14-ada-14.3.0+git11799-150000.1.14.2 * libada14-14.3.0+git11799-150000.1.14.2 * gcc14-debugsource-14.3.0+git11799-150000.1.14.2 * cross-m68k-gcc14-debugsource-14.3.0+git11799-150000.1.14.1 * cross-mips-gcc14-icecream-backend-14.3.0+git11799-150000.1.14.1 * gcc14-testresults-14.3.0+git11799-150000.1.14.2 * cross-arm-none-gcc14-bootstrap-debugsource-14.3.0+git11799-150000.1.14.1 * libm2cor19-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-14.3.0+git11799-150000.1.14.2 * libm2log19-debuginfo-14.3.0+git11799-150000.1.14.2 * cross-bpf-gcc14-debugsource-14.3.0+git11799-150000.1.14.1 * cross-sparc-gcc14-debugsource-14.3.0+git11799-150000.1.14.1 * cross-hppa-gcc14-bootstrap-debuginfo-14.3.0+git11799-150000.1.14.1 * gcc14-c++-14.3.0+git11799-150000.1.14.2 * libm2min19-debuginfo-14.3.0+git11799-150000.1.14.2 * cross-riscv64-elf-gcc14-bootstrap-debugsource-14.3.0+git11799-150000.1.14.1 * cross-sparc-gcc14-debuginfo-14.3.0+git11799-150000.1.14.1 * cross-sparc64-gcc14-14.3.0+git11799-150000.1.14.1 * gcc14-objc-14.3.0+git11799-150000.1.14.2 * cross-arm-gcc14-debugsource-14.3.0+git11799-150000.1.14.1 * cross-sparc64-gcc14-icecream-backend-14.3.0+git11799-150000.1.14.1 * cross-avr-gcc14-bootstrap-debugsource-14.3.0+git11799-150000.1.14.1 * gcc14-debuginfo-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-14.3.0+git11799-150000.1.14.2 * cross-riscv64-gcc14-bootstrap-debugsource-14.3.0+git11799-150000.1.14.1 * cross-avr-gcc14-bootstrap-14.3.0+git11799-150000.1.14.1 * gcc14-m2-14.3.0+git11799-150000.1.14.2 * cross-hppa-gcc14-bootstrap-14.3.0+git11799-150000.1.14.1 * cross-sparc-gcc14-14.3.0+git11799-150000.1.14.1 * cross-arm-none-gcc14-bootstrap-14.3.0+git11799-150000.1.14.1 * gcc14-PIE-14.3.0+git11799-150000.1.14.2 * cpp14-14.3.0+git11799-150000.1.14.2 * cross-mips-gcc14-debuginfo-14.3.0+git11799-150000.1.14.1 * libgo23-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-14.3.0+git11799-150000.1.14.2 * gcc14-c++-debuginfo-14.3.0+git11799-150000.1.14.2 * cross-rx-gcc14-bootstrap-debugsource-14.3.0+git11799-150000.1.14.1 * cross-sparcv9-gcc14-icecream-backend-14.3.0+git11799-150000.1.14.1 * cpp14-debuginfo-14.3.0+git11799-150000.1.14.2 * libm2pim19-debuginfo-14.3.0+git11799-150000.1.14.2 * cross-mips-gcc14-debugsource-14.3.0+git11799-150000.1.14.1 * libm2cor19-14.3.0+git11799-150000.1.14.2 * cross-arm-none-gcc14-bootstrap-debuginfo-14.3.0+git11799-150000.1.14.1 * cross-hppa-gcc14-bootstrap-debugsource-14.3.0+git11799-150000.1.14.1 * cross-bpf-gcc14-debuginfo-14.3.0+git11799-150000.1.14.1 * cross-pru-gcc14-bootstrap-14.3.0+git11799-150000.1.14.1 * gcc14-go-14.3.0+git11799-150000.1.14.2 * libgo23-debuginfo-14.3.0+git11799-150000.1.14.2 * cross-mips-gcc14-14.3.0+git11799-150000.1.14.1 * cross-sparc64-gcc14-debuginfo-14.3.0+git11799-150000.1.14.1 * cross-arm-gcc14-14.3.0+git11799-150000.1.14.1 * cross-m68k-gcc14-14.3.0+git11799-150000.1.14.1 * cross-rx-gcc14-bootstrap-14.3.0+git11799-150000.1.14.1 * cross-arm-gcc14-icecream-backend-14.3.0+git11799-150000.1.14.1 * cross-pru-gcc14-bootstrap-debuginfo-14.3.0+git11799-150000.1.14.1 * cross-pru-gcc14-bootstrap-debugsource-14.3.0+git11799-150000.1.14.1 * cross-riscv64-elf-gcc14-bootstrap-14.3.0+git11799-150000.1.14.1 * cross-riscv64-gcc14-bootstrap-debuginfo-14.3.0+git11799-150000.1.14.1 * gcc14-ada-debuginfo-14.3.0+git11799-150000.1.14.2 * libm2iso19-14.3.0+git11799-150000.1.14.2 * libm2min19-14.3.0+git11799-150000.1.14.2 * libm2pim19-14.3.0+git11799-150000.1.14.2 * cross-bpf-gcc14-14.3.0+git11799-150000.1.14.1 * cross-riscv64-elf-gcc14-bootstrap-debuginfo-14.3.0+git11799-150000.1.14.1 * gcc14-obj-c++-debuginfo-14.3.0+git11799-150000.1.14.2 * libada14-debuginfo-14.3.0+git11799-150000.1.14.2 * cross-m68k-gcc14-debuginfo-14.3.0+git11799-150000.1.14.1 * libm2iso19-debuginfo-14.3.0+git11799-150000.1.14.2 * cross-avr-gcc14-bootstrap-debuginfo-14.3.0+git11799-150000.1.14.1 * gcc14-fortran-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-m2-debuginfo-14.3.0+git11799-150000.1.14.2 * cross-sparc64-gcc14-debugsource-14.3.0+git11799-150000.1.14.1 * cross-m68k-gcc14-icecream-backend-14.3.0+git11799-150000.1.14.1 * gcc14-obj-c++-14.3.0+git11799-150000.1.14.2 * gcc14-go-debuginfo-14.3.0+git11799-150000.1.14.2 * cross-arm-gcc14-debuginfo-14.3.0+git11799-150000.1.14.1 * libm2log19-14.3.0+git11799-150000.1.14.2 * gcc14-objc-debuginfo-14.3.0+git11799-150000.1.14.2 * openSUSE Leap 15.6 (ppc64le s390x x86_64) * cross-aarch64-gcc14-bootstrap-debuginfo-14.3.0+git11799-150000.1.14.1 * cross-aarch64-gcc14-bootstrap-debugsource-14.3.0+git11799-150000.1.14.1 * cross-aarch64-gcc14-bootstrap-14.3.0+git11799-150000.1.14.1 * openSUSE Leap 15.6 (x86_64) * libquadmath0-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * cross-nvptx-gcc14-debugsource-14.3.0+git11799-150000.1.14.1 * cross-nvptx-gcc14-debuginfo-14.3.0+git11799-150000.1.14.1 * cross-nvptx-gcc14-14.3.0+git11799-150000.1.14.1 * cross-nvptx-newlib14-devel-14.3.0+git11799-150000.1.14.1 * openSUSE Leap 15.6 (aarch64 s390x x86_64) * cross-ppc64le-gcc14-bootstrap-debuginfo-14.3.0+git11799-150000.1.14.1 * gcc14-d-14.3.0+git11799-150000.1.14.2 * libgdruntime5-debuginfo-14.3.0+git11799-150000.1.14.2 * libgdruntime5-14.3.0+git11799-150000.1.14.2 * gcc14-d-debuginfo-14.3.0+git11799-150000.1.14.2 * libgphobos5-14.3.0+git11799-150000.1.14.2 * cross-ppc64-gcc14-debugsource-14.3.0+git11799-150000.1.14.1 * cross-ppc64-gcc14-14.3.0+git11799-150000.1.14.1 * cross-ppc64-gcc14-debuginfo-14.3.0+git11799-150000.1.14.1 * cross-ppc64le-gcc14-bootstrap-14.3.0+git11799-150000.1.14.1 * cross-ppc64le-gcc14-bootstrap-debugsource-14.3.0+git11799-150000.1.14.1 * libgphobos5-debuginfo-14.3.0+git11799-150000.1.14.2 * cross-ppc64-gcc14-icecream-backend-14.3.0+git11799-150000.1.14.1 * openSUSE Leap 15.6 (aarch64 ppc64le x86_64) * cross-s390x-gcc14-bootstrap-debuginfo-14.3.0+git11799-150000.1.14.1 * cross-s390x-gcc14-bootstrap-14.3.0+git11799-150000.1.14.1 * cross-s390x-gcc14-bootstrap-debugsource-14.3.0+git11799-150000.1.14.1 * openSUSE Leap 15.6 (s390x x86_64) * gcc14-fortran-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-go-32bit-14.3.0+git11799-150000.1.14.2 * libm2iso19-32bit-debuginfo-14.3.0+git11799-150000.1.14.2 * libgo23-32bit-14.3.0+git11799-150000.1.14.2 * libgphobos5-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-m2-32bit-14.3.0+git11799-150000.1.14.2 * libada14-32bit-debuginfo-14.3.0+git11799-150000.1.14.2 * libgphobos5-32bit-debuginfo-14.3.0+git11799-150000.1.14.2 * libgdruntime5-32bit-14.3.0+git11799-150000.1.14.2 * libm2cor19-32bit-14.3.0+git11799-150000.1.14.2 * libm2min19-32bit-debuginfo-14.3.0+git11799-150000.1.14.2 * libm2iso19-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-c++-32bit-14.3.0+git11799-150000.1.14.2 * libm2cor19-32bit-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-ada-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-d-32bit-14.3.0+git11799-150000.1.14.2 * libm2log19-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-32bit-14.3.0+git11799-150000.1.14.2 * libm2log19-32bit-debuginfo-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * libm2min19-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-objc-32bit-14.3.0+git11799-150000.1.14.2 * libm2pim19-32bit-debuginfo-14.3.0+git11799-150000.1.14.2 * libgdruntime5-32bit-debuginfo-14.3.0+git11799-150000.1.14.2 * libgo23-32bit-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-obj-c++-32bit-14.3.0+git11799-150000.1.14.2 * libm2pim19-32bit-14.3.0+git11799-150000.1.14.2 * libada14-32bit-14.3.0+git11799-150000.1.14.2 * openSUSE Leap 15.6 (noarch) * gcc14-info-14.3.0+git11799-150000.1.14.2 * openSUSE Leap 15.6 (ppc64le x86_64) * libquadmath0-devel-gcc14-14.3.0+git11799-150000.1.14.2 * openSUSE Leap 15.6 (aarch64 ppc64le s390x) * cross-x86_64-gcc14-14.3.0+git11799-150000.1.14.1 * cross-x86_64-gcc14-debuginfo-14.3.0+git11799-150000.1.14.1 * cross-x86_64-gcc14-debugsource-14.3.0+git11799-150000.1.14.1 * cross-x86_64-gcc14-icecream-backend-14.3.0+git11799-150000.1.14.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * gcc14-debugsource-14.3.0+git11799-150000.1.14.2 * gcc14-debuginfo-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * gcc14-debugsource-14.3.0+git11799-150000.1.14.2 * gcc14-debuginfo-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * gcc14-debugsource-14.3.0+git11799-150000.1.14.2 * gcc14-debuginfo-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * gcc14-debugsource-14.3.0+git11799-150000.1.14.2 * gcc14-debuginfo-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Micro 5.5 (aarch64) * gcc14-debugsource-14.3.0+git11799-150000.1.14.2 * gcc14-debuginfo-14.3.0+git11799-150000.1.14.2 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libm2iso19-14.3.0+git11799-150000.1.14.2 * gcc14-debuginfo-14.3.0+git11799-150000.1.14.2 * libm2min19-14.3.0+git11799-150000.1.14.2 * libm2pim19-14.3.0+git11799-150000.1.14.2 * libm2pim19-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-debugsource-14.3.0+git11799-150000.1.14.2 * libm2cor19-14.3.0+git11799-150000.1.14.2 * libm2cor19-debuginfo-14.3.0+git11799-150000.1.14.2 * libm2iso19-debuginfo-14.3.0+git11799-150000.1.14.2 * libm2log19-debuginfo-14.3.0+git11799-150000.1.14.2 * libm2min19-debuginfo-14.3.0+git11799-150000.1.14.2 * libm2log19-14.3.0+git11799-150000.1.14.2 * Basesystem Module 15-SP7 (x86_64) * libm2cor19-32bit-debuginfo-14.3.0+git11799-150000.1.14.2 * libm2pim19-32bit-debuginfo-14.3.0+git11799-150000.1.14.2 * libm2cor19-32bit-14.3.0+git11799-150000.1.14.2 * libm2log19-32bit-14.3.0+git11799-150000.1.14.2 * libm2log19-32bit-debuginfo-14.3.0+git11799-150000.1.14.2 * libm2min19-32bit-debuginfo-14.3.0+git11799-150000.1.14.2 * libm2iso19-32bit-debuginfo-14.3.0+git11799-150000.1.14.2 * libm2pim19-32bit-14.3.0+git11799-150000.1.14.2 * libm2iso19-32bit-14.3.0+git11799-150000.1.14.2 * libm2min19-32bit-14.3.0+git11799-150000.1.14.2 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * cpp14-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-debuginfo-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-14.3.0+git11799-150000.1.14.2 * gcc14-locale-14.3.0+git11799-150000.1.14.2 * gcc14-debugsource-14.3.0+git11799-150000.1.14.2 * gcc14-PIE-14.3.0+git11799-150000.1.14.2 * gcc14-14.3.0+git11799-150000.1.14.2 * cpp14-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-14.3.0+git11799-150000.1.14.2 * gcc14-c++-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-c++-14.3.0+git11799-150000.1.14.2 * Development Tools Module 15-SP7 (noarch) * gcc14-info-14.3.0+git11799-150000.1.14.2 * Development Tools Module 15-SP7 (ppc64le x86_64) * libquadmath0-devel-gcc14-14.3.0+git11799-150000.1.14.2 * Development Tools Module 15-SP7 (x86_64) * cross-nvptx-gcc14-debugsource-14.3.0+git11799-150000.1.14.1 * libquadmath0-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * cross-nvptx-gcc14-debuginfo-14.3.0+git11799-150000.1.14.1 * cross-nvptx-gcc14-14.3.0+git11799-150000.1.14.1 * cross-nvptx-newlib14-devel-14.3.0+git11799-150000.1.14.1 * gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-32bit-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-c++-32bit-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * cpp14-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-debuginfo-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-14.3.0+git11799-150000.1.14.2 * gcc14-locale-14.3.0+git11799-150000.1.14.2 * gcc14-debugsource-14.3.0+git11799-150000.1.14.2 * gcc14-PIE-14.3.0+git11799-150000.1.14.2 * gcc14-14.3.0+git11799-150000.1.14.2 * cpp14-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-14.3.0+git11799-150000.1.14.2 * gcc14-c++-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-c++-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * gcc14-info-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libquadmath0-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * libquadmath0-devel-gcc14-14.3.0+git11799-150000.1.14.2 * gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-32bit-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-c++-32bit-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * cpp14-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-debuginfo-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-14.3.0+git11799-150000.1.14.2 * gcc14-locale-14.3.0+git11799-150000.1.14.2 * gcc14-debugsource-14.3.0+git11799-150000.1.14.2 * gcc14-PIE-14.3.0+git11799-150000.1.14.2 * gcc14-14.3.0+git11799-150000.1.14.2 * cpp14-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-14.3.0+git11799-150000.1.14.2 * gcc14-c++-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-c++-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * gcc14-info-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libquadmath0-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * libquadmath0-devel-gcc14-14.3.0+git11799-150000.1.14.2 * gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-32bit-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-c++-32bit-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * cpp14-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-debuginfo-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-14.3.0+git11799-150000.1.14.2 * gcc14-locale-14.3.0+git11799-150000.1.14.2 * gcc14-debugsource-14.3.0+git11799-150000.1.14.2 * gcc14-PIE-14.3.0+git11799-150000.1.14.2 * gcc14-14.3.0+git11799-150000.1.14.2 * cpp14-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-14.3.0+git11799-150000.1.14.2 * gcc14-c++-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-c++-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * gcc14-info-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * cross-nvptx-gcc14-debugsource-14.3.0+git11799-150000.1.14.1 * libquadmath0-devel-gcc14-14.3.0+git11799-150000.1.14.2 * libquadmath0-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * cross-nvptx-gcc14-debuginfo-14.3.0+git11799-150000.1.14.1 * cross-nvptx-gcc14-14.3.0+git11799-150000.1.14.1 * cross-nvptx-newlib14-devel-14.3.0+git11799-150000.1.14.1 * gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-32bit-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-c++-32bit-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * cpp14-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-debuginfo-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-14.3.0+git11799-150000.1.14.2 * gcc14-locale-14.3.0+git11799-150000.1.14.2 * gcc14-debugsource-14.3.0+git11799-150000.1.14.2 * gcc14-PIE-14.3.0+git11799-150000.1.14.2 * gcc14-14.3.0+git11799-150000.1.14.2 * cpp14-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-14.3.0+git11799-150000.1.14.2 * gcc14-c++-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-c++-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * gcc14-info-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * cross-nvptx-gcc14-debugsource-14.3.0+git11799-150000.1.14.1 * libquadmath0-devel-gcc14-14.3.0+git11799-150000.1.14.2 * libquadmath0-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * cross-nvptx-gcc14-debuginfo-14.3.0+git11799-150000.1.14.1 * cross-nvptx-gcc14-14.3.0+git11799-150000.1.14.1 * cross-nvptx-newlib14-devel-14.3.0+git11799-150000.1.14.1 * gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-32bit-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-c++-32bit-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * cpp14-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-debuginfo-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-14.3.0+git11799-150000.1.14.2 * gcc14-locale-14.3.0+git11799-150000.1.14.2 * gcc14-debugsource-14.3.0+git11799-150000.1.14.2 * gcc14-PIE-14.3.0+git11799-150000.1.14.2 * gcc14-14.3.0+git11799-150000.1.14.2 * cpp14-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-14.3.0+git11799-150000.1.14.2 * gcc14-c++-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-c++-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * gcc14-info-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server 15 SP4 LTSS (ppc64le x86_64) * libquadmath0-devel-gcc14-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libquadmath0-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-32bit-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-c++-32bit-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * cpp14-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-debuginfo-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-14.3.0+git11799-150000.1.14.2 * gcc14-locale-14.3.0+git11799-150000.1.14.2 * gcc14-debugsource-14.3.0+git11799-150000.1.14.2 * gcc14-PIE-14.3.0+git11799-150000.1.14.2 * gcc14-14.3.0+git11799-150000.1.14.2 * cpp14-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-14.3.0+git11799-150000.1.14.2 * gcc14-c++-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-c++-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * gcc14-info-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (ppc64le x86_64) * libquadmath0-devel-gcc14-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * cross-nvptx-gcc14-debugsource-14.3.0+git11799-150000.1.14.1 * libquadmath0-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * cross-nvptx-gcc14-debuginfo-14.3.0+git11799-150000.1.14.1 * cross-nvptx-gcc14-14.3.0+git11799-150000.1.14.1 * cross-nvptx-newlib14-devel-14.3.0+git11799-150000.1.14.1 * gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-32bit-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-c++-32bit-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * cpp14-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-debuginfo-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-14.3.0+git11799-150000.1.14.2 * gcc14-locale-14.3.0+git11799-150000.1.14.2 * gcc14-debugsource-14.3.0+git11799-150000.1.14.2 * gcc14-PIE-14.3.0+git11799-150000.1.14.2 * gcc14-14.3.0+git11799-150000.1.14.2 * cpp14-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-14.3.0+git11799-150000.1.14.2 * gcc14-c++-debuginfo-14.3.0+git11799-150000.1.14.2 * gcc14-c++-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * gcc14-info-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (ppc64le x86_64) * libquadmath0-devel-gcc14-14.3.0+git11799-150000.1.14.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * cross-nvptx-gcc14-debugsource-14.3.0+git11799-150000.1.14.1 * libquadmath0-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * cross-nvptx-gcc14-debuginfo-14.3.0+git11799-150000.1.14.1 * cross-nvptx-gcc14-14.3.0+git11799-150000.1.14.1 * cross-nvptx-newlib14-devel-14.3.0+git11799-150000.1.14.1 * gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-fortran-32bit-14.3.0+git11799-150000.1.14.2 * libstdc++6-devel-gcc14-32bit-14.3.0+git11799-150000.1.14.2 * gcc14-c++-32bit-14.3.0+git11799-150000.1.14.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1257463 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:34:19 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:34:19 -0000 Subject: SUSE-SU-2026:1347-1: important: Security update for vim Message-ID: <177628525996.2815.8171426782591102423@6fd1d05cebf0> # Security update for vim Announcement ID: SUSE-SU-2026:1347-1 Release Date: 2026-04-15T12:26:47Z Rating: important References: * bsc#1259985 * bsc#1261191 * bsc#1261271 Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: Update to version 9.2.0280. * CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution (bsc#1261271). * CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution (bsc#1261191). * CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to arbitrary code execution (bsc#1259985). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1347=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1347=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * gvim-debuginfo-9.2.0280-17.62.1 * vim-9.2.0280-17.62.1 * vim-debugsource-9.2.0280-17.62.1 * gvim-9.2.0280-17.62.1 * vim-debuginfo-9.2.0280-17.62.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * vim-data-9.2.0280-17.62.1 * vim-data-common-9.2.0280-17.62.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * gvim-debuginfo-9.2.0280-17.62.1 * vim-9.2.0280-17.62.1 * vim-debugsource-9.2.0280-17.62.1 * gvim-9.2.0280-17.62.1 * vim-debuginfo-9.2.0280-17.62.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * vim-data-9.2.0280-17.62.1 * vim-data-common-9.2.0280-17.62.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://bugzilla.suse.com/show_bug.cgi?id=1259985 * https://bugzilla.suse.com/show_bug.cgi?id=1261191 * https://bugzilla.suse.com/show_bug.cgi?id=1261271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 15 20:34:28 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 15 Apr 2026 20:34:28 -0000 Subject: SUSE-SU-2026:1345-1: important: Security update for python36 Message-ID: <177628526817.2815.7259378470014711306@6fd1d05cebf0> # Security update for python36 Announcement ID: SUSE-SU-2026:1345-1 Release Date: 2026-04-15T12:04:29Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for python36 fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611). * CVE-2026-3479: python: improper resource argument validation can allow path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies (bsc#1259734). * CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735). * CVE-2026-4519: leading dashes in URLs are accepted by the `webbrowser.open()` API and allow for web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1345=1 * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1345=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpython3_6m1_0-32bit-3.6.15-108.1 * python36-devel-3.6.15-108.1 * python36-debugsource-3.6.15-108.1 * python36-base-3.6.15-108.1 * libpython3_6m1_0-debuginfo-3.6.15-108.1 * libpython3_6m1_0-debuginfo-32bit-3.6.15-108.1 * python36-3.6.15-108.1 * python36-debuginfo-3.6.15-108.1 * python36-base-debuginfo-3.6.15-108.1 * libpython3_6m1_0-3.6.15-108.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * python36-devel-3.6.15-108.1 * python36-debugsource-3.6.15-108.1 * python36-base-3.6.15-108.1 * libpython3_6m1_0-debuginfo-3.6.15-108.1 * python36-3.6.15-108.1 * python36-debuginfo-3.6.15-108.1 * python36-base-debuginfo-3.6.15-108.1 * libpython3_6m1_0-3.6.15-108.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libpython3_6m1_0-32bit-3.6.15-108.1 * libpython3_6m1_0-debuginfo-32bit-3.6.15-108.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:30:07 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:30:07 -0000 Subject: SUSE-SU-2026:21112-1: moderate: Security update for pam Message-ID: <177632820714.5138.15536486128869739955@6fd1d05cebf0> # Security update for pam Announcement ID: SUSE-SU-2026:21112-1 Release Date: 2026-04-14T14:46:36Z Rating: moderate References: * bsc#1232234 Cross-References: * CVE-2024-10041 CVSS scores: * CVE-2024-10041 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-10041 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-10041 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for pam fixes the following issue: * CVE-2024-10041: libpam: vulnerable to read hashed password (bsc#1232234). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-556=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * pam-extra-debuginfo-1.7.1-160000.3.1 * pam-extra-1.7.1-160000.3.1 * pam-debuginfo-1.7.1-160000.3.1 * pam-1.7.1-160000.3.1 * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x) * pam-debugsource-1.7.1-160000.3.1 * pam-full-src-debugsource-1.7.1-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-10041.html * https://bugzilla.suse.com/show_bug.cgi?id=1232234 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:30:13 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:30:13 -0000 Subject: SUSE-SU-2026:21111-1: important: Security update for cockpit-subscriptions Message-ID: <177632821312.5138.10620684302643701001@6fd1d05cebf0> # Security update for cockpit-subscriptions Announcement ID: SUSE-SU-2026:21111-1 Release Date: 2026-04-14T12:13:04Z Rating: important References: * bsc#1258637 Cross-References: * CVE-2026-26996 CVSS scores: * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for cockpit-subscriptions fixes the following issue: * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258637). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-555=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * cockpit-subscriptions-12.1-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1258637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:30:16 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:30:16 -0000 Subject: SUSE-RU-2026:21110-1: moderate: Recommended update for gpg2 Message-ID: <177632821619.5138.2980709747268305382@6fd1d05cebf0> # Recommended update for gpg2 Announcement ID: SUSE-RU-2026:21110-1 Release Date: 2026-04-14T12:03:57Z Rating: moderate References: * bsc#1251214 Affected Products: * SUSE Linux Micro 6.2 An update that has one fix can now be installed. ## Description: This update for gpg2 fixes the following issues: Changes in gpg2: * Fix Y2K38 FTBFS: * gpg2 quick-key-manipulation test FTBFS-2038 (bsc#1251214) * Upstream issue: dev.gnupg.org/T8096 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-554=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * gpg2-2.5.5-160000.5.1 * gpg2-debugsource-2.5.5-160000.5.1 * gpg2-debuginfo-2.5.5-160000.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1251214 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:30:17 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:30:17 -0000 Subject: SUSE-RU-2026:21109-1: moderate: Recommended update for elfutils Message-ID: <177632821754.5138.9347464211579820222@6fd1d05cebf0> # Recommended update for elfutils Announcement ID: SUSE-RU-2026:21109-1 Release Date: 2026-04-14T11:49:36Z Rating: moderate References: Affected Products: * SUSE Linux Micro 6.2 An update that can now be installed. ## Description: This update for elfutils fixes the following issues: * Move debuginfod homedir creation to tmpfiles.d ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-553=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * elfutils-0.192-160000.3.1 * elfutils-debugsource-0.192-160000.3.1 * libdw1-0.192-160000.3.1 * libelf1-0.192-160000.3.1 * libasm1-debuginfo-0.192-160000.3.1 * elfutils-debuginfo-0.192-160000.3.1 * libdw1-debuginfo-0.192-160000.3.1 * libasm1-0.192-160000.3.1 * libelf-devel-0.192-160000.3.1 * libelf1-debuginfo-0.192-160000.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:30:21 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:30:21 -0000 Subject: SUSE-RU-2026:21108-1: moderate: Recommended update for linuxptp Message-ID: <177632822170.5138.7235650668179422069@6fd1d05cebf0> # Recommended update for linuxptp Announcement ID: SUSE-RU-2026:21108-1 Release Date: 2026-04-14T11:49:36Z Rating: moderate References: * bsc#1256059 Affected Products: * SUSE Linux Micro 6.2 An update that has one fix can now be installed. ## Description: This update for linuxptp fixes the following issues: * Move to DevicePolicy=closed instead of -PrivateDevices=true to allow access to devices (bsc#1256059) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-552=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * linuxptp-debuginfo-4.4-160000.3.1 * linuxptp-debugsource-4.4-160000.3.1 * linuxptp-4.4-160000.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1256059 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:30:36 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:30:36 -0000 Subject: SUSE-SU-2026:21107-1: important: Security update for openssl-3 Message-ID: <177632823694.5138.6220504593949233347@6fd1d05cebf0> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:21107-1 Release Date: 2026-04-13T16:22:41Z Rating: important References: * bsc#1259652 * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 * bsc#1261678 * jsc#PED-15724 Cross-References: * CVE-2026-2673 * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-28390 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-2673 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-2673 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2673 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves seven vulnerabilities and contains one feature can now be installed. ## Description: This update for openssl-3 fixes the following issues: Security issues fixed: * CVE-2026-2673: TLS 1.3 servers may choose unexpected key agreement group (bsc#1259652). * CVE-2026-28387: potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL pointer dereference when processing a delta (bsc#1260442). * CVE-2026-28389: possible NULL pointer dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). * CVE-2026-31789: heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). Other updates and bugfixes: * Enable MD2 in legacy provider (jsc#PED-15724). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-547=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libopenssl3-3.5.0-160000.7.1 * libopenssl-3-fips-provider-debuginfo-3.5.0-160000.7.1 * openssl-3-debugsource-3.5.0-160000.7.1 * libopenssl-3-fips-provider-3.5.0-160000.7.1 * openssl-3-debuginfo-3.5.0-160000.7.1 * openssl-3-3.5.0-160000.7.1 * libopenssl3-debuginfo-3.5.0-160000.7.1 * libopenssl-3-devel-3.5.0-160000.7.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2673.html * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-28390.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1259652 * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 * https://bugzilla.suse.com/show_bug.cgi?id=1261678 * https://jira.suse.com/browse/PED-15724 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:30:45 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:30:45 -0000 Subject: SUSE-SU-2026:21106-1: critical: Security update for cockpit Message-ID: <177632824519.5138.5976660847546120342@6fd1d05cebf0> # Security update for cockpit Announcement ID: SUSE-SU-2026:21106-1 Release Date: 2026-04-13T13:58:37Z Rating: critical References: * bsc#1261829 Cross-References: * CVE-2026-4631 CVSS scores: * CVE-2026-4631 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4631 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for cockpit fixes the following issues: Changes in cockpit: * CVE-2026-4631: Avoid ssh command injection that could be used to cause remote code execution (bsc#1261829) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-545=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * cockpit-ws-354-160000.3.1 * cockpit-354-160000.3.1 * cockpit-ws-debuginfo-354-160000.3.1 * cockpit-ws-selinux-354-160000.3.1 * cockpit-debugsource-354-160000.3.1 * SUSE Linux Micro 6.2 (noarch) * cockpit-selinux-354-160000.3.1 * cockpit-storaged-354-160000.3.1 * cockpit-networkmanager-354-160000.3.1 * cockpit-bridge-354-160000.3.1 * cockpit-system-354-160000.3.1 * cockpit-kdump-354-160000.3.1 * cockpit-firewalld-354-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4631.html * https://bugzilla.suse.com/show_bug.cgi?id=1261829 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:30:50 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:30:50 -0000 Subject: SUSE-RU-2026:21105-1: moderate: Recommended update for crypto-policies Message-ID: <177632825077.5138.16687139185965457925@6fd1d05cebf0> # Recommended update for crypto-policies Announcement ID: SUSE-RU-2026:21105-1 Release Date: 2026-04-13T13:10:36Z Rating: moderate References: * bsc#1252696 * bsc#1253025 Affected Products: * SUSE Linux Micro 6.2 An update that has two fixes can now be installed. ## Description: This update for crypto-policies fixes the following issues: * Fix the testsuite: * Port all the policy changes to the config files in the test suite. * Use the newly introduced SKIP_LINTING=1 option. * Adapt the manpages to SUSE/openSUSE: * Add crypto policies SUSE manpages * Compress all the man pages for update-crypto-policies.8.gz, crypto-policies.7.gz, fips-finish-install.8.gz and fips-mode-setup.8.gz into man-crypto-policies.tar.xz * Update to version 20250714.cd6043a: (bsc#1253025, bsc#1252696) * gnutls: enable ML-DSA, for both secure-sig and secure-sig-for-cert * python, policies, tests: alias X25519-MLKEM768 to MLKEM768-X25519 * FIPS: disable MLKEM768-X25519 for openssh (no-op) * FIPS: deprioritize X25519-MLKEM768 over P256-MLKEM768 for openssl... * TEST-PQ: be more careful with the ordering * openssl: send one PQ and one classic key_share; prioritize PQ groups * sequoia: Generate AEAD policy * Do not include EdDSA in FIPS policy * sequoia: Add PQC algorithm * sequoia: Run tests against PQC capable policy-config-check * Revert "openssl, policies: implement group_key_share option" * openssl, policies: implement group_key_share option * FIPS: enable hybrid ML-KEM (TLS only) and pure ML-DSA * python/build-crypto-policies: output diffs on --test mismatches * sequoia, rpm-sequoia: use ignore_invalid with sha3, x25519, ... * policies, alg_lists, openssl: remove KYBER from allowed values * openssl: stricter enabling of Ciphersuites * openssl: make use of -CBC and -AESGCM keywords * openssl: add TLS 1.3 Brainpool identifiers * fix warning on using experimental key_exchanges * update-crypto-policies: don't output FIPS warning in fips mode * openssh: map mlkem768x25519-sha256 to KEM-ECDH and MLKEM768-X25519 and SHA2-256 * openssh, libssh: refactor kx maps to use tuples * alg_lists: mark MLKEM768/SNTRUP kex experimental * nss: revert enabling mlkem768secp256r1 * nss: add mlkem768x25519 and mlkem768secp256r1, remove xyber * gnutls: add GROUP-X25519-MLKEM768 and GROUP-SECP256R1-MLKEM768 * openssl: use both names for SecP256r1MLKEM768 / X25519MLKEM768 * openssh, TEST-PQ: rename MLKEM key_exchange to MLKEM768 * openssh: add support for sntrup761x25519-sha512 and mlkem768x25519-sha256 * LEGACY: enable 192-bit ciphers for nss pkcs12/smime * openssl: map NULL to TLS_SHA256_SHA256:TLS_SHA384_SHA384... * nss: be stricter with new purposes * python/update-crypto-policies: pacify pylint * fips-mode-setup: tolerate fips dracut module presence w/o FIPS * fips-mode-setup: small Argon2 detection fix * SHA1: add __openssl_block_sha1_signatures = 0 * fips-mode-setup: block if LUKS devices using Argon2 are detected * update-crypto-policies: skip warning on --set=FIPS if bootc * fips-setup-helper: skip warning, BTW * fips-mode-setup: force --no-bootcfg when UKI is detected * fips-crypto-policy-overlay: automount FIPS policy * nss: rewrite backend for 3.101 * cryptopolicies: parent scopes for dumping purposes * policygenerators: move scoping inside generators * openssh: make dss no longer enableble, support is dropped * gnutls: wire GROUP-X25519-KYBER768 to X25519-KYBER768 * TEST-PQ: disable pure Kyber768 * DEFAULT: switch to rh-allow-sha1-signatures = no... * java: drop unused javasystem backend * java: stop specifying jdk.tls.namedGroups in javasystem * ec_min_size: introduce and use in java, default to 256 * java: use and include jdk.disabled.namedCurves * BSI: Update BSI policy for new 2024 minimum recommendations * fips-mode-setup: flashy ticking warning upon use * fips-mode-setup: add another scary "unsupported" * BSI: switch to 3072 minimum RSA key size * java: make hash, mac and sign more orthogonal * java: specify jdk.tls.namedGroups system property * java: respect more key size restrictions * java: disable anon ciphersuites, tying them to NULL... * java: start controlling / disable DTLSv1.0 * nss: wire KYBER768 to XYBER768D00 * Update to version 20250425.9267dee: * openssl: fix mistakes in integrity-only cipher definitions * NO-PQ, cryptopolicies: add experimental value suppression * nss: add mlkem768x25519 and mlkem768secp256r1 * gnutls: 'allow-rsa-pkcs1-encrypt = false' everywhere but in LEGACY * TEST-PQ, openssh: add support for MLKEM768 key_exchange * LEGACY: drop cipher at pkcs12 = SEED-CBC * fips-crypto-policy-overlay: automount FIPS policy, follow-up fixes * nss: TLS-REQUIRE-EMS in FIPS * DEFAULT: disable RSA key exchange * LEGACY: disable sign = *-SHA1 * nss: wire XYBER768D00 to X25519-KYBER768, not KYBER768 * Add the FIPS scripts fips-finish-install and fips-mode-setup as sources in the spec file as they have been removed upstream. * We will maintain these scripts downstream. * Update the man pages for update-crypto-policies.8.gz * Add crypto policies FIPS output * Add man pages in text file in compressed form in the file man-fips-scripts.tar.xz and add them to the Makefile. * Update to version 20250324.3714354: * NO-PQ: introduce * LEGACY/DEFAULT/FUTURE: enable hybrid ML-KEM and pure ML-DSA * _openssl_block_sha1_signatures: flip the default to 1 * sequoia: add sha3, x25519, ed25519, x448, ed448, but not for rpm-sequoia * sequoia: refactor a bit * openssl: specify default key size for req * gnutls: support P384-MLKEM1024 * openssl: stop generating `openssl` in favour of `opensslcnf` * gnutls: drop kyber (switching to leancrypto took it away) * openssl: use both names for P384-MLKEM1024 * Detect the presence of nss-policy-check * Don't use hardcoded python3 path * Make xsltproc settable as XSLTPROC * python/cryptopolicies/validation/scope.py: fix new ruff rule RUF021 * Update the info in the README.SUSE file * Remove the FEDORA policies and directories ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-544=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * crypto-policies-scripts-20250714.cd6043a-160000.1.1 * crypto-policies-20250714.cd6043a-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1252696 * https://bugzilla.suse.com/show_bug.cgi?id=1253025 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:31:04 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:31:04 -0000 Subject: SUSE-SU-2026:21104-1: important: Security update for python313 Message-ID: <177632826460.5138.12541494456307732371@6fd1d05cebf0> # Security update for python313 Announcement ID: SUSE-SU-2026:21104-1 Release Date: 2026-04-13T09:55:48Z Rating: important References: * bsc#1257181 * bsc#1259240 * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 * jsc#PED-15850 Cross-References: * CVE-2025-13462 * CVE-2026-1299 * CVE-2026-2297 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-1299 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-1299 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-2297 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-2297 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Micro 6.2 An update that solves seven vulnerabilities and contains one feature can now be installed. ## Description: This update for python313 fixes the following issues: Update to version 3.13.13. * CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). * CVE-2026-2297: incorrectly handled hook in FileLoader can lead to validation bypass (bsc#1259240). * CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). * CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). * CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-539=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * python313-base-debuginfo-3.13.13-160000.1.1 * python313-base-3.13.13-160000.1.1 * python313-curses-3.13.13-160000.1.1 * python313-core-debugsource-3.13.13-160000.1.1 * libpython3_13-1_0-3.13.13-160000.1.1 * libpython3_13-1_0-debuginfo-3.13.13-160000.1.1 * python313-3.13.13-160000.1.1 * python313-debugsource-3.13.13-160000.1.1 * python313-curses-debuginfo-3.13.13-160000.1.1 * python313-debuginfo-3.13.13-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-1299.html * https://www.suse.com/security/cve/CVE-2026-2297.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1257181 * https://bugzilla.suse.com/show_bug.cgi?id=1259240 * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 * https://jira.suse.com/browse/PED-15850 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:31:19 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:31:19 -0000 Subject: SUSE-RU-2026:21103-1: important: Recommended update for libzypp, zypper, libsolv Message-ID: <177632827922.5138.17576966135304547185@6fd1d05cebf0> # Recommended update for libzypp, zypper, libsolv Announcement ID: SUSE-RU-2026:21103-1 Release Date: 2026-04-13T09:39:39Z Rating: important References: * bsc#1158038 * bsc#1247948 * bsc#1252744 * bsc#1253740 * bsc#1257882 * bsc#1258193 * bsc#1259311 Affected Products: * SUSE Linux Micro 6.2 An update that has seven fixes can now be installed. ## Description: This update for libzypp, zypper, libsolv fixes the following issues: Changes in libzypp: * Update to version 17.38.5: * Fix preloader not caching packages from arch specific subrepos (bsc#1253740) * Deprioritize invalid mirrors * Update to version 17.38.4: * Fix Product::referencePackage lookup (bsc#1259311) Use a provided autoproduct() as hint to the package name of the release package. It might be that not just multiple versions of the same release package provide the same product version, but also different release packages. * Update to version 17.38.3: * specfile: on fedora use %{_prefix}/share as zyppconfdir if %{_distconfdir} is undefined This will set '-DZYPPCONFDIR=%{zyppconfdir}' for cmake. * Fall back to a writable location when precaching packages without root (bsc#1247948) Changes in zypper: * Update to version 1.14.95: * Report download progress for command line rpms * Hint to '-vv ref' to see the mirrors used to download the metadata (bsc#1257882) * Service: Allow "zypper ls SERVICE ..." to test whether a service with this alias is defined (bsc#1252744) The command prints an abstract of all services passed on the command line. It returns 3-ZYPPER_EXIT_ERR_INVALID_ARGS if some argument does not name an existing service. * Keep repo data when updating the service settings (bsc#1252744) * info: Enhance pattern content table (bsc#1158038) Alternatives are now listed as a single entry in the content table. The entry shows either the installed package which satisfies the requirement or the requirement itself as type 'Provides'. Changes in libsolv: * bump version to 0.7.36: * respect the "default" attribute in environment optionlist in the comps parser * support suse namespace deps in boolean dependencies (bsc#1258193) * support for the Elbrus2000 (e2k) architecture * support language() suse namespace rewriting ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-536=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * zypper-debugsource-1.14.95-160000.1.1 * libsolv-debuginfo-0.7.36-160000.1.1 * libzypp-debuginfo-17.38.5-160000.1.1 * zypper-debuginfo-1.14.95-160000.1.1 * libzypp-17.38.5-160000.1.1 * libsolv-debugsource-0.7.36-160000.1.1 * libsolv-tools-base-0.7.36-160000.1.1 * libzypp-debugsource-17.38.5-160000.1.1 * zypper-1.14.95-160000.1.1 * libsolv-tools-base-debuginfo-0.7.36-160000.1.1 * SUSE Linux Micro 6.2 (noarch) * zypper-needs-restarting-1.14.95-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1158038 * https://bugzilla.suse.com/show_bug.cgi?id=1247948 * https://bugzilla.suse.com/show_bug.cgi?id=1252744 * https://bugzilla.suse.com/show_bug.cgi?id=1253740 * https://bugzilla.suse.com/show_bug.cgi?id=1257882 * https://bugzilla.suse.com/show_bug.cgi?id=1258193 * https://bugzilla.suse.com/show_bug.cgi?id=1259311 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:31:32 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:31:32 -0000 Subject: SUSE-SU-2026:21102-1: important: Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) Message-ID: <177632829268.5138.6070701645063880559@6fd1d05cebf0> # Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21102-1 Release Date: 2026-04-13T09:00:08Z Rating: important References: * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-538=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_2-debugsource-5-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-5-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-debuginfo-5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:31:35 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:31:35 -0000 Subject: SUSE-RU-2026:21101-1: moderate: Recommended update for suse-build-key Message-ID: <177632829529.5138.9779650648244225845@6fd1d05cebf0> # Recommended update for suse-build-key Announcement ID: SUSE-RU-2026:21101-1 Release Date: 2026-04-13T07:31:54Z Rating: moderate References: * jsc#PED-11925 Affected Products: * SUSE Linux Micro 6.2 An update that contains one feature can now be installed. ## Description: This update for suse-build-key fixes the following issues: Changes in suse-build-key: * Add the auto import framework, that imports updated gpg keys into the RPM database. * Added post quantum cryptographic keys for SLES 15 and SLES 16 to be used for repository verification. (jsc#PED-11925) * build-pqc-15.pem * build-pqc-16.pem ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-535=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * suse-build-key-12.0-160000.3.1 ## References: * https://jira.suse.com/browse/PED-11925 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:31:44 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:31:44 -0000 Subject: SUSE-SU-2026:21100-1: important: Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Message-ID: <177632830411.5138.12038787458525277003@6fd1d05cebf0> # Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21100-1 Release Date: 2026-04-13T03:16:46Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-534=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_3-debugsource-4-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-4-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-debuginfo-4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:31:59 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:31:59 -0000 Subject: SUSE-SU-2026:21099-1: important: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Message-ID: <177632831986.5138.127156180330513648@6fd1d05cebf0> # Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21099-1 Release Date: 2026-04-13T02:44:51Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-533=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_1-debugsource-7-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-debuginfo-7-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-7-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:32:06 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:32:06 -0000 Subject: SUSE-SU-2026:21098-1: important: Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16) Message-ID: <177632832606.5138.7832309474520699514@6fd1d05cebf0> # Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21098-1 Release Date: 2026-04-13T02:13:48Z Rating: important References: * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues The following security issues were fixed: * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-532=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_26-default-debuginfo-2-160000.1.1 * kernel-livepatch-SLE16_Update_5-debugsource-2-160000.1.1 * kernel-livepatch-6_12_0-160000_26-default-2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:32:13 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:32:13 -0000 Subject: SUSE-RU-2026:21097-1: moderate: Recommended update for ca-certificates-mozilla Message-ID: <177632833332.5138.10682406030384056827@6fd1d05cebf0> # Recommended update for ca-certificates-mozilla Announcement ID: SUSE-RU-2026:21097-1 Release Date: 2026-04-11T08:20:17Z Rating: moderate References: * bsc#1258002 Affected Products: * SUSE Linux Micro 6.2 An update that has one fix can now be installed. ## Description: This update for ca-certificates-mozilla fixes the following issues: * Updated to 2.84 state (bsc#1258002): * Removed: * Baltimore CyberTrust Root * CommScope Public Trust ECC Root-01 * CommScope Public Trust ECC Root-02 * CommScope Public Trust RSA Root-01 * CommScope Public Trust RSA Root-02 * DigiNotar Root CA * Added: * e-Szigno TLS Root CA 2023 * OISTE Client Root ECC G1 * OISTE Client Root RSA G1 * OISTE Server Root ECC G1 * OISTE Server Root RSA G1 * SwissSign RSA SMIME Root CA 2022 - 1 * SwissSign RSA TLS Root CA 2022 - 1 * TrustAsia SMIME ECC Root CA * TrustAsia SMIME RSA Root CA * TrustAsia TLS ECC Root CA * TrustAsia TLS RSA Root CA ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-531=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * ca-certificates-mozilla-2.84-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1258002 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:32:26 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:32:26 -0000 Subject: SUSE-SU-2026:21096-1: important: Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Message-ID: <177632834646.5138.2509765341808036339@6fd1d05cebf0> # Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21096-1 Release Date: 2026-04-11T07:40:52Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-530=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_5-default-9-160000.4.3 * kernel-livepatch-SLE16_Update_0-debugsource-9-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-debuginfo-9-160000.4.3 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:32:35 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:32:35 -0000 Subject: SUSE-SU-2026:21095-1: moderate: Security update for sqlite3 Message-ID: <177632835538.5138.11124964254067512225@6fd1d05cebf0> # Security update for sqlite3 Announcement ID: SUSE-SU-2026:21095-1 Release Date: 2026-04-10T19:09:48Z Rating: moderate References: * bsc#1248586 * bsc#1252217 * bsc#1254670 * bsc#1259619 Cross-References: * CVE-2025-70873 * CVE-2025-7709 CVSS scores: * CVE-2025-70873 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-70873 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-70873 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-7709 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-7709 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2025-7709 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities and has two fixes can now be installed. ## Description: This update for sqlite3 fixes the following issues: Update sqlite3 to version 3.51.3: Security issues: * CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670). * CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619). Non security issue: * sqlite3 won't build when using --with icu (bsc#1248586). Changelog: Update to version 3.51.3: * Fix the WAL-reset database corruption bug: https://sqlite.org/wal.html#walresetbug * Other minor bug fixes. Update to version 3.51.2: * Fix an obscure deadlock in the new broken-posix-lock detection logic. * Fix multiple problems in the EXISTS-to-JOIN optimization. Update to version 3.51.1: * Fix incorrect results from nested EXISTS queries caused by the optimization in item 6b in the 3.51.0 release. * Fix a latent bug in fts5vocab virtual table, exposed by new optimizations in the 3.51.0 release Update to version 3.51.0: * New macros in sqlite3.h: \- SQLITE_SCM_BRANCH -> the name of the branch from which the source code is taken. \- SQLITE_SCM_TAGS -> space-separated list of tags on the source code check-in. \- SQLITE_SCM_DATETIME -> ISO-8601 date and time of the source * Two new JSON functions, jsonb_each() and jsonb_tree() work the same as the existing json_each() and json_tree() functions except that they return JSONB for the "value" column when the "type" is 'array' or 'object'. * The carray and percentile extensions are now built into the amalgamation, though they are disabled by default and must be activated at compile-time using the -DSQLITE_ENABLE_CARRAY and/or -DSQLITE_ENABLE_PERCENTILE options, respectively. * Enhancements to TCL Interface: \- Add the -asdict flag to the eval command to have it set the row data as a dict instead of an array. \- User-defined functions may now break to return an SQL NULL. * CLI enhancements: \- Increase the precision of ".timer" to microseconds. \- Enhance the "box" and "column" formatting modes to deal with double-wide characters. \- The ".imposter" command provides read-only imposter tables that work with VACUUM and do not require the --unsafe-testing option. \- Add the --ifexists option to the CLI command-line option and to the .open command. \- Limit columns widths set by the ".width" command to 30,000 or less, as there is not good reason to have wider columns, but supporting wider columns provides opportunity to malefactors. * Performance enhancements: \- Use fewer CPU cycles to commit a read transaction. \- Early detection of joins that return no rows due to one or more of the tables containing no rows. \- Avoid evaluation of scalar subqueries if the result of the subquery does not change the result of the overall expression. \- Faster window function queries when using "BETWEEN :x FOLLOWING AND :y FOLLOWING" with a large :y. * Add the PRAGMA wal_checkpoint=NOOP; command and the SQLITE_CHECKPOINT_NOOP argument for sqlite3_wal_checkpoint_v2(). * Add the sqlite3_set_errmsg() API for use by extensions. * Add the sqlite3_db_status64() API, which works just like the existing sqlite3_db_status() API except that it returns 64-bit results. * Add the SQLITE_DBSTATUS_TEMPBUF_SPILL option to the sqlite3_db_status() and sqlite3_db_status64() interfaces. * In the session extension add the sqlite3changeset_apply_v3() interface. * For the built-in printf() and the format() SQL function, omit the leading '-' from negative floating point numbers if the '+' flag is omitted and the "#" flag is present and all displayed digits are '0'. Use '%#f' or similar to avoid outputs like '-0.00' and instead show just '0.00'. * Improved error messages generated by FTS5. * Enforce STRICT typing on computed columns. * Improved support for VxWorks * JavaScript/WASM now supports 64-bit WASM. The canonical builds continue to be 32-bit but creating one's own 64-bit build is now as simple as running "make". * Improved resistance to database corruption caused by an application breaking Posix advisory locks using close(). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-529=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * sqlite3-debugsource-3.51.3-160000.1.1 * sqlite3-debuginfo-3.51.3-160000.1.1 * libsqlite3-0-debuginfo-3.51.3-160000.1.1 * libsqlite3-0-3.51.3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-70873.html * https://www.suse.com/security/cve/CVE-2025-7709.html * https://bugzilla.suse.com/show_bug.cgi?id=1248586 * https://bugzilla.suse.com/show_bug.cgi?id=1252217 * https://bugzilla.suse.com/show_bug.cgi?id=1254670 * https://bugzilla.suse.com/show_bug.cgi?id=1259619 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:32:39 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:32:39 -0000 Subject: SUSE-RU-2026:21093-1: moderate: Recommended update for elfutils Message-ID: <177632835950.5138.6270116014468034203@6fd1d05cebf0> # Recommended update for elfutils Announcement ID: SUSE-RU-2026:21093-1 Release Date: 2026-04-14T11:49:17Z Rating: moderate References: Affected Products: * SUSE Linux Micro 6.2 * SUSE Linux Micro Extras 6.2 An update that can now be installed. ## Description: This update for elfutils fixes the following issues: * Move debuginfod homedir creation to tmpfiles.d ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.2 zypper in -t patch SUSE-SLE-Micro-Extras-6.2-553=1 ## Package List: * SUSE Linux Micro Extras 6.2 (aarch64 ppc64le s390x x86_64) * elfutils-debuginfod-debugsource-0.192-160000.3.1 * libdebuginfod1-debuginfo-0.192-160000.3.1 * libdebuginfod1-0.192-160000.3.1 * elfutils-debuginfod-debuginfo-0.192-160000.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:32:38 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:32:38 -0000 Subject: SUSE-SU-2026:21094-1: moderate: Security update for pcre2 Message-ID: <177632835826.5138.7723013959570058522@6fd1d05cebf0> # Security update for pcre2 Announcement ID: SUSE-SU-2026:21094-1 Release Date: 2026-04-10T18:24:31Z Rating: moderate References: * bsc#1248842 Cross-References: * CVE-2025-58050 CVSS scores: * CVE-2025-58050 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-58050 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2025-58050 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-58050 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for pcre2 fixes the following issue: * CVE-2025-58050: integer overflow leads to heap buffer overread in match_ref due to missing boundary restoration in SCS (bsc#1248842). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-528=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libpcre2-8-0-10.45-160000.3.1 * libpcre2-8-0-debuginfo-10.45-160000.3.1 * pcre2-debugsource-10.45-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-58050.html * https://bugzilla.suse.com/show_bug.cgi?id=1248842 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:32:48 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:32:48 -0000 Subject: SUSE-SU-2026:1376-1: important: Security update for python310 Message-ID: <177632836825.5138.936591688163168935@6fd1d05cebf0> # Security update for python310 Announcement ID: SUSE-SU-2026:1376-1 Release Date: 2026-04-15T19:07:00Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves five vulnerabilities can now be installed. ## Description: This update for python310 fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). * CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). * CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). * CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1376=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1376=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1376=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1376=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1376=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1376=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python310-tk-debuginfo-3.10.20-150400.4.107.1 * libpython3_10-1_0-debuginfo-3.10.20-150400.4.107.1 * python310-testsuite-3.10.20-150400.4.107.1 * python310-doc-3.10.20-150400.4.107.1 * python310-base-3.10.20-150400.4.107.1 * python310-doc-devhelp-3.10.20-150400.4.107.1 * python310-dbm-debuginfo-3.10.20-150400.4.107.1 * python310-core-debugsource-3.10.20-150400.4.107.1 * python310-debuginfo-3.10.20-150400.4.107.1 * python310-curses-3.10.20-150400.4.107.1 * python310-tools-3.10.20-150400.4.107.1 * python310-idle-3.10.20-150400.4.107.1 * libpython3_10-1_0-3.10.20-150400.4.107.1 * python310-testsuite-debuginfo-3.10.20-150400.4.107.1 * python310-debugsource-3.10.20-150400.4.107.1 * python310-curses-debuginfo-3.10.20-150400.4.107.1 * python310-dbm-3.10.20-150400.4.107.1 * python310-base-debuginfo-3.10.20-150400.4.107.1 * python310-3.10.20-150400.4.107.1 * python310-tk-3.10.20-150400.4.107.1 * python310-devel-3.10.20-150400.4.107.1 * openSUSE Leap 15.4 (x86_64) * python310-base-32bit-3.10.20-150400.4.107.1 * libpython3_10-1_0-32bit-3.10.20-150400.4.107.1 * python310-base-32bit-debuginfo-3.10.20-150400.4.107.1 * python310-32bit-3.10.20-150400.4.107.1 * libpython3_10-1_0-32bit-debuginfo-3.10.20-150400.4.107.1 * python310-32bit-debuginfo-3.10.20-150400.4.107.1 * openSUSE Leap 15.4 (aarch64_ilp32) * python310-64bit-debuginfo-3.10.20-150400.4.107.1 * python310-base-64bit-debuginfo-3.10.20-150400.4.107.1 * libpython3_10-1_0-64bit-debuginfo-3.10.20-150400.4.107.1 * python310-base-64bit-3.10.20-150400.4.107.1 * libpython3_10-1_0-64bit-3.10.20-150400.4.107.1 * python310-64bit-3.10.20-150400.4.107.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * python310-tk-debuginfo-3.10.20-150400.4.107.1 * libpython3_10-1_0-debuginfo-3.10.20-150400.4.107.1 * python310-testsuite-3.10.20-150400.4.107.1 * python310-doc-3.10.20-150400.4.107.1 * python310-base-3.10.20-150400.4.107.1 * python310-doc-devhelp-3.10.20-150400.4.107.1 * python310-dbm-debuginfo-3.10.20-150400.4.107.1 * python310-core-debugsource-3.10.20-150400.4.107.1 * python310-debuginfo-3.10.20-150400.4.107.1 * python310-curses-3.10.20-150400.4.107.1 * python310-tools-3.10.20-150400.4.107.1 * python310-idle-3.10.20-150400.4.107.1 * libpython3_10-1_0-3.10.20-150400.4.107.1 * python310-testsuite-debuginfo-3.10.20-150400.4.107.1 * python310-debugsource-3.10.20-150400.4.107.1 * python310-base-debuginfo-3.10.20-150400.4.107.1 * python310-curses-debuginfo-3.10.20-150400.4.107.1 * python310-dbm-3.10.20-150400.4.107.1 * python310-3.10.20-150400.4.107.1 * python310-tk-3.10.20-150400.4.107.1 * python310-devel-3.10.20-150400.4.107.1 * openSUSE Leap 15.6 (x86_64) * python310-base-32bit-3.10.20-150400.4.107.1 * libpython3_10-1_0-32bit-3.10.20-150400.4.107.1 * python310-base-32bit-debuginfo-3.10.20-150400.4.107.1 * python310-32bit-3.10.20-150400.4.107.1 * libpython3_10-1_0-32bit-debuginfo-3.10.20-150400.4.107.1 * python310-32bit-debuginfo-3.10.20-150400.4.107.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * python310-base-3.10.20-150400.4.107.1 * python310-dbm-debuginfo-3.10.20-150400.4.107.1 * python310-debugsource-3.10.20-150400.4.107.1 * python310-base-debuginfo-3.10.20-150400.4.107.1 * python310-core-debugsource-3.10.20-150400.4.107.1 * python310-curses-debuginfo-3.10.20-150400.4.107.1 * python310-dbm-3.10.20-150400.4.107.1 * python310-debuginfo-3.10.20-150400.4.107.1 * libpython3_10-1_0-3.10.20-150400.4.107.1 * python310-3.10.20-150400.4.107.1 * libpython3_10-1_0-debuginfo-3.10.20-150400.4.107.1 * python310-idle-3.10.20-150400.4.107.1 * python310-tk-debuginfo-3.10.20-150400.4.107.1 * python310-tools-3.10.20-150400.4.107.1 * python310-tk-3.10.20-150400.4.107.1 * python310-curses-3.10.20-150400.4.107.1 * python310-devel-3.10.20-150400.4.107.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * python310-base-3.10.20-150400.4.107.1 * python310-dbm-debuginfo-3.10.20-150400.4.107.1 * python310-debugsource-3.10.20-150400.4.107.1 * python310-base-debuginfo-3.10.20-150400.4.107.1 * python310-core-debugsource-3.10.20-150400.4.107.1 * python310-curses-debuginfo-3.10.20-150400.4.107.1 * python310-dbm-3.10.20-150400.4.107.1 * python310-debuginfo-3.10.20-150400.4.107.1 * libpython3_10-1_0-3.10.20-150400.4.107.1 * python310-3.10.20-150400.4.107.1 * libpython3_10-1_0-debuginfo-3.10.20-150400.4.107.1 * python310-idle-3.10.20-150400.4.107.1 * python310-tk-debuginfo-3.10.20-150400.4.107.1 * python310-tools-3.10.20-150400.4.107.1 * python310-tk-3.10.20-150400.4.107.1 * python310-curses-3.10.20-150400.4.107.1 * python310-devel-3.10.20-150400.4.107.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * python310-base-3.10.20-150400.4.107.1 * python310-dbm-debuginfo-3.10.20-150400.4.107.1 * python310-debugsource-3.10.20-150400.4.107.1 * python310-base-debuginfo-3.10.20-150400.4.107.1 * python310-core-debugsource-3.10.20-150400.4.107.1 * python310-curses-debuginfo-3.10.20-150400.4.107.1 * python310-dbm-3.10.20-150400.4.107.1 * python310-debuginfo-3.10.20-150400.4.107.1 * libpython3_10-1_0-3.10.20-150400.4.107.1 * python310-3.10.20-150400.4.107.1 * libpython3_10-1_0-debuginfo-3.10.20-150400.4.107.1 * python310-idle-3.10.20-150400.4.107.1 * python310-tk-debuginfo-3.10.20-150400.4.107.1 * python310-tools-3.10.20-150400.4.107.1 * python310-tk-3.10.20-150400.4.107.1 * python310-curses-3.10.20-150400.4.107.1 * python310-devel-3.10.20-150400.4.107.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * python310-base-3.10.20-150400.4.107.1 * python310-dbm-debuginfo-3.10.20-150400.4.107.1 * python310-debugsource-3.10.20-150400.4.107.1 * python310-base-debuginfo-3.10.20-150400.4.107.1 * python310-core-debugsource-3.10.20-150400.4.107.1 * python310-curses-debuginfo-3.10.20-150400.4.107.1 * python310-dbm-3.10.20-150400.4.107.1 * python310-debuginfo-3.10.20-150400.4.107.1 * libpython3_10-1_0-3.10.20-150400.4.107.1 * python310-3.10.20-150400.4.107.1 * libpython3_10-1_0-debuginfo-3.10.20-150400.4.107.1 * python310-idle-3.10.20-150400.4.107.1 * python310-tk-debuginfo-3.10.20-150400.4.107.1 * python310-tools-3.10.20-150400.4.107.1 * python310-tk-3.10.20-150400.4.107.1 * python310-curses-3.10.20-150400.4.107.1 * python310-devel-3.10.20-150400.4.107.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:33:00 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:33:00 -0000 Subject: SUSE-SU-2026:1375-1: important: Security update for openssl-3 Message-ID: <177632838050.5138.1122905896822975322@6fd1d05cebf0> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:1375-1 Release Date: 2026-04-15T17:25:51Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 * bsc#1261678 * jsc#PED-15724 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-28390 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves six vulnerabilities and contains one feature can now be installed. ## Description: This update for openssl-3 fixes the following issues: Security issues fixed: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL pointer dereference when processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). Other updates and bugfixes: * Enable MD2 in legacy provider (jsc#PED-15724). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1375=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libopenssl-3-fips-provider-debuginfo-3.2.3-150700.5.31.1 * libopenssl3-3.2.3-150700.5.31.1 * libopenssl-3-devel-3.2.3-150700.5.31.1 * openssl-3-3.2.3-150700.5.31.1 * libopenssl-3-fips-provider-3.2.3-150700.5.31.1 * libopenssl3-debuginfo-3.2.3-150700.5.31.1 * openssl-3-debuginfo-3.2.3-150700.5.31.1 * openssl-3-debugsource-3.2.3-150700.5.31.1 * Basesystem Module 15-SP7 (x86_64) * libopenssl-3-fips-provider-32bit-3.2.3-150700.5.31.1 * libopenssl3-32bit-debuginfo-3.2.3-150700.5.31.1 * libopenssl3-32bit-3.2.3-150700.5.31.1 * libopenssl-3-fips-provider-32bit-debuginfo-3.2.3-150700.5.31.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-28390.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 * https://bugzilla.suse.com/show_bug.cgi?id=1261678 * https://jira.suse.com/browse/PED-15724 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:33:03 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:33:03 -0000 Subject: SUSE-RU-2026:1374-1: moderate: Recommended update for virt-manager Message-ID: <177632838311.5138.12729866388317393688@6fd1d05cebf0> # Recommended update for virt-manager Announcement ID: SUSE-RU-2026:1374-1 Release Date: 2026-04-15T17:09:25Z Rating: moderate References: * jsc#PED-14636 Affected Products: * Server Applications Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that contains one feature can now be installed. ## Description: This update for virt-manager fixes the following issues: * UEFI as default for new SLES 16 VMs (jsc#PED-14636 ). * Fix media detection failure to distinguish between sles16 and sles16.1 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1374=1 ## Package List: * Server Applications Module 15-SP7 (noarch) * virt-manager-common-5.0.0-150700.7.14.2 * virt-install-5.0.0-150700.7.14.2 * virt-manager-5.0.0-150700.7.14.2 ## References: * https://jira.suse.com/browse/PED-14636 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:33:06 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:33:06 -0000 Subject: SUSE-RU-2026:1373-1: moderate: Recommended update for crda Message-ID: <177632838601.5138.3653461940037058964@6fd1d05cebf0> # Recommended update for crda Announcement ID: SUSE-RU-2026:1373-1 Release Date: 2026-04-15T17:09:14Z Rating: moderate References: * bsc#1252141 Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has one fix can now be installed. ## Description: This update for crda fixes the following issue: * package LICENSE with %license tag (bsc#1252141). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1373=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1373=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1373=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1373=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1373=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1373=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1373=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1373=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1373=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1373=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1373=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1373=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * crda-debugsource-3.18-150000.3.3.2 * crda-3.18-150000.3.3.2 * crda-debuginfo-3.18-150000.3.3.2 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * crda-debugsource-3.18-150000.3.3.2 * crda-3.18-150000.3.3.2 * crda-debuginfo-3.18-150000.3.3.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * crda-debugsource-3.18-150000.3.3.2 * crda-3.18-150000.3.3.2 * crda-debuginfo-3.18-150000.3.3.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * crda-debugsource-3.18-150000.3.3.2 * crda-3.18-150000.3.3.2 * crda-debuginfo-3.18-150000.3.3.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * crda-debugsource-3.18-150000.3.3.2 * crda-3.18-150000.3.3.2 * crda-debuginfo-3.18-150000.3.3.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * crda-debugsource-3.18-150000.3.3.2 * crda-3.18-150000.3.3.2 * crda-debuginfo-3.18-150000.3.3.2 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * crda-debugsource-3.18-150000.3.3.2 * crda-3.18-150000.3.3.2 * crda-debuginfo-3.18-150000.3.3.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * crda-debugsource-3.18-150000.3.3.2 * crda-3.18-150000.3.3.2 * crda-debuginfo-3.18-150000.3.3.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * crda-debugsource-3.18-150000.3.3.2 * crda-3.18-150000.3.3.2 * crda-debuginfo-3.18-150000.3.3.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * crda-debugsource-3.18-150000.3.3.2 * crda-3.18-150000.3.3.2 * crda-debuginfo-3.18-150000.3.3.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * crda-debugsource-3.18-150000.3.3.2 * crda-3.18-150000.3.3.2 * crda-debuginfo-3.18-150000.3.3.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * crda-debugsource-3.18-150000.3.3.2 * crda-3.18-150000.3.3.2 * crda-debuginfo-3.18-150000.3.3.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1252141 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 08:33:09 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 08:33:09 -0000 Subject: SUSE-RU-2026:1372-1: moderate: Recommended update for tpm2-0-tss Message-ID: <177632838968.5138.10035735232976423989@6fd1d05cebf0> # Recommended update for tpm2-0-tss Announcement ID: SUSE-RU-2026:1372-1 Release Date: 2026-04-15T17:07:56Z Rating: moderate References: * bsc#1258720 Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has one fix can now be installed. ## Description: This update for tpm2-0-tss fixes the following issue: * When installing libtss2-fapi errors from systemd-tmpfiles can appear. Adding 'Requires' to libtss2-fapi to pull in the tss user (bsc#1258720). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1372=1 openSUSE-SLE-15.6-2026-1372=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1372=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1372=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1372=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libtss2-tcti-cmd0-debuginfo-3.1.1-150600.4.3.2 * libtss2-esys0-debuginfo-3.1.1-150600.4.3.2 * libtss2-tcti-pcap0-debuginfo-3.1.1-150600.4.3.2 * libtss2-rc0-3.1.1-150600.4.3.2 * libtss2-tcti-pcap0-3.1.1-150600.4.3.2 * libtss2-tcti-device0-debuginfo-3.1.1-150600.4.3.2 * libtss2-tcti-cmd0-3.1.1-150600.4.3.2 * libtss2-mu0-debuginfo-3.1.1-150600.4.3.2 * libtss2-fapi1-debuginfo-3.1.1-150600.4.3.2 * libtss2-tctildr0-3.1.1-150600.4.3.2 * libtss2-sys1-3.1.1-150600.4.3.2 * libtss2-tcti-swtpm0-3.1.1-150600.4.3.2 * tpm2-0-tss-3.1.1-150600.4.3.2 * libtss2-tcti-mssim0-debuginfo-3.1.1-150600.4.3.2 * tpm2-0-tss-debugsource-3.1.1-150600.4.3.2 * libtss2-tcti-mssim0-3.1.1-150600.4.3.2 * libtss2-rc0-debuginfo-3.1.1-150600.4.3.2 * tpm2-0-tss-devel-3.1.1-150600.4.3.2 * libtss2-tcti-device0-3.1.1-150600.4.3.2 * libtss2-sys1-debuginfo-3.1.1-150600.4.3.2 * libtss2-fapi1-3.1.1-150600.4.3.2 * libtss2-tcti-swtpm0-debuginfo-3.1.1-150600.4.3.2 * libtss2-esys0-3.1.1-150600.4.3.2 * libtss2-mu0-3.1.1-150600.4.3.2 * libtss2-tctildr0-debuginfo-3.1.1-150600.4.3.2 * openSUSE Leap 15.6 (x86_64) * libtss2-tctildr0-32bit-3.1.1-150600.4.3.2 * libtss2-tcti-device0-32bit-3.1.1-150600.4.3.2 * libtss2-tcti-mssim0-32bit-3.1.1-150600.4.3.2 * libtss2-tcti-cmd0-32bit-debuginfo-3.1.1-150600.4.3.2 * libtss2-fapi1-32bit-3.1.1-150600.4.3.2 * libtss2-mu0-32bit-3.1.1-150600.4.3.2 * libtss2-sys1-32bit-debuginfo-3.1.1-150600.4.3.2 * libtss2-tcti-mssim0-32bit-debuginfo-3.1.1-150600.4.3.2 * libtss2-tcti-swtpm0-32bit-debuginfo-3.1.1-150600.4.3.2 * libtss2-fapi1-32bit-debuginfo-3.1.1-150600.4.3.2 * libtss2-tcti-swtpm0-32bit-3.1.1-150600.4.3.2 * libtss2-mu0-32bit-debuginfo-3.1.1-150600.4.3.2 * libtss2-tcti-device0-32bit-debuginfo-3.1.1-150600.4.3.2 * libtss2-rc0-32bit-debuginfo-3.1.1-150600.4.3.2 * libtss2-sys1-32bit-3.1.1-150600.4.3.2 * libtss2-esys0-32bit-debuginfo-3.1.1-150600.4.3.2 * libtss2-tctildr0-32bit-debuginfo-3.1.1-150600.4.3.2 * libtss2-tcti-cmd0-32bit-3.1.1-150600.4.3.2 * libtss2-esys0-32bit-3.1.1-150600.4.3.2 * libtss2-rc0-32bit-3.1.1-150600.4.3.2 * openSUSE Leap 15.6 (aarch64_ilp32) * libtss2-sys1-64bit-debuginfo-3.1.1-150600.4.3.2 * libtss2-sys1-64bit-3.1.1-150600.4.3.2 * libtss2-fapi1-64bit-debuginfo-3.1.1-150600.4.3.2 * libtss2-rc0-64bit-3.1.1-150600.4.3.2 * libtss2-rc0-64bit-debuginfo-3.1.1-150600.4.3.2 * libtss2-mu0-64bit-debuginfo-3.1.1-150600.4.3.2 * libtss2-tcti-mssim0-64bit-3.1.1-150600.4.3.2 * libtss2-tcti-swtpm0-64bit-debuginfo-3.1.1-150600.4.3.2 * libtss2-tctildr0-64bit-debuginfo-3.1.1-150600.4.3.2 * libtss2-esys0-64bit-debuginfo-3.1.1-150600.4.3.2 * libtss2-tctildr0-64bit-3.1.1-150600.4.3.2 * libtss2-tcti-mssim0-64bit-debuginfo-3.1.1-150600.4.3.2 * libtss2-mu0-64bit-3.1.1-150600.4.3.2 * libtss2-tcti-cmd0-64bit-3.1.1-150600.4.3.2 * libtss2-tcti-device0-64bit-3.1.1-150600.4.3.2 * libtss2-tcti-cmd0-64bit-debuginfo-3.1.1-150600.4.3.2 * libtss2-fapi1-64bit-3.1.1-150600.4.3.2 * libtss2-tcti-swtpm0-64bit-3.1.1-150600.4.3.2 * libtss2-esys0-64bit-3.1.1-150600.4.3.2 * libtss2-tcti-device0-64bit-debuginfo-3.1.1-150600.4.3.2 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libtss2-tcti-cmd0-debuginfo-3.1.1-150600.4.3.2 * libtss2-esys0-debuginfo-3.1.1-150600.4.3.2 * libtss2-tcti-pcap0-debuginfo-3.1.1-150600.4.3.2 * libtss2-rc0-3.1.1-150600.4.3.2 * libtss2-tcti-pcap0-3.1.1-150600.4.3.2 * libtss2-tcti-device0-debuginfo-3.1.1-150600.4.3.2 * libtss2-tcti-cmd0-3.1.1-150600.4.3.2 * libtss2-mu0-debuginfo-3.1.1-150600.4.3.2 * libtss2-fapi1-debuginfo-3.1.1-150600.4.3.2 * libtss2-tctildr0-3.1.1-150600.4.3.2 * libtss2-sys1-3.1.1-150600.4.3.2 * libtss2-tcti-swtpm0-3.1.1-150600.4.3.2 * tpm2-0-tss-3.1.1-150600.4.3.2 * libtss2-tcti-mssim0-debuginfo-3.1.1-150600.4.3.2 * tpm2-0-tss-debugsource-3.1.1-150600.4.3.2 * libtss2-tcti-mssim0-3.1.1-150600.4.3.2 * libtss2-rc0-debuginfo-3.1.1-150600.4.3.2 * tpm2-0-tss-devel-3.1.1-150600.4.3.2 * libtss2-tcti-device0-3.1.1-150600.4.3.2 * libtss2-sys1-debuginfo-3.1.1-150600.4.3.2 * libtss2-fapi1-3.1.1-150600.4.3.2 * libtss2-tcti-swtpm0-debuginfo-3.1.1-150600.4.3.2 * libtss2-esys0-3.1.1-150600.4.3.2 * libtss2-mu0-3.1.1-150600.4.3.2 * libtss2-tctildr0-debuginfo-3.1.1-150600.4.3.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libtss2-tcti-cmd0-debuginfo-3.1.1-150600.4.3.2 * libtss2-esys0-debuginfo-3.1.1-150600.4.3.2 * libtss2-tcti-pcap0-debuginfo-3.1.1-150600.4.3.2 * libtss2-rc0-3.1.1-150600.4.3.2 * libtss2-tcti-pcap0-3.1.1-150600.4.3.2 * libtss2-tcti-device0-debuginfo-3.1.1-150600.4.3.2 * libtss2-tcti-cmd0-3.1.1-150600.4.3.2 * libtss2-mu0-debuginfo-3.1.1-150600.4.3.2 * libtss2-fapi1-debuginfo-3.1.1-150600.4.3.2 * libtss2-tctildr0-3.1.1-150600.4.3.2 * libtss2-sys1-3.1.1-150600.4.3.2 * libtss2-tcti-swtpm0-3.1.1-150600.4.3.2 * tpm2-0-tss-3.1.1-150600.4.3.2 * libtss2-tcti-mssim0-debuginfo-3.1.1-150600.4.3.2 * tpm2-0-tss-debugsource-3.1.1-150600.4.3.2 * libtss2-tcti-mssim0-3.1.1-150600.4.3.2 * libtss2-rc0-debuginfo-3.1.1-150600.4.3.2 * tpm2-0-tss-devel-3.1.1-150600.4.3.2 * libtss2-tcti-device0-3.1.1-150600.4.3.2 * libtss2-sys1-debuginfo-3.1.1-150600.4.3.2 * libtss2-fapi1-3.1.1-150600.4.3.2 * libtss2-tcti-swtpm0-debuginfo-3.1.1-150600.4.3.2 * libtss2-esys0-3.1.1-150600.4.3.2 * libtss2-mu0-3.1.1-150600.4.3.2 * libtss2-tctildr0-debuginfo-3.1.1-150600.4.3.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libtss2-tcti-cmd0-debuginfo-3.1.1-150600.4.3.2 * libtss2-esys0-debuginfo-3.1.1-150600.4.3.2 * libtss2-tcti-pcap0-debuginfo-3.1.1-150600.4.3.2 * libtss2-rc0-3.1.1-150600.4.3.2 * libtss2-tcti-pcap0-3.1.1-150600.4.3.2 * libtss2-tcti-device0-debuginfo-3.1.1-150600.4.3.2 * libtss2-tcti-cmd0-3.1.1-150600.4.3.2 * libtss2-mu0-debuginfo-3.1.1-150600.4.3.2 * libtss2-fapi1-debuginfo-3.1.1-150600.4.3.2 * libtss2-tctildr0-3.1.1-150600.4.3.2 * libtss2-sys1-3.1.1-150600.4.3.2 * libtss2-tcti-swtpm0-3.1.1-150600.4.3.2 * tpm2-0-tss-3.1.1-150600.4.3.2 * libtss2-tcti-mssim0-debuginfo-3.1.1-150600.4.3.2 * tpm2-0-tss-debugsource-3.1.1-150600.4.3.2 * libtss2-tcti-mssim0-3.1.1-150600.4.3.2 * libtss2-rc0-debuginfo-3.1.1-150600.4.3.2 * tpm2-0-tss-devel-3.1.1-150600.4.3.2 * libtss2-tcti-device0-3.1.1-150600.4.3.2 * libtss2-sys1-debuginfo-3.1.1-150600.4.3.2 * libtss2-fapi1-3.1.1-150600.4.3.2 * libtss2-tcti-swtpm0-debuginfo-3.1.1-150600.4.3.2 * libtss2-esys0-3.1.1-150600.4.3.2 * libtss2-mu0-3.1.1-150600.4.3.2 * libtss2-tctildr0-debuginfo-3.1.1-150600.4.3.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1258720 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 12:30:05 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 12:30:05 -0000 Subject: SUSE-SU-2026:1378-1: important: Security update for kea Message-ID: <177634260592.5413.17732833557445459146@2ec35c3f4c39> # Security update for kea Announcement ID: SUSE-SU-2026:1378-1 Release Date: 2026-04-16T07:19:46Z Rating: important References: * bsc#1260380 Cross-References: * CVE-2026-3608 CVSS scores: * CVE-2026-3608 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-3608 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3608 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for kea fixes the following issues: Update to release 2.6.5: * A large number of bracket pairs in a JSON payload directed to any endpoint would result in a stack overflow, due to recursive calls when parsing the JSON. This has been fixed. (CVE-2026-3608) [bsc#1260380] * A null dereference is now no longer possible when configuring the Control Agent with a socket that lacks the mandatory socket-name entry. * UNIX sockets are now created as group-writable. * Corrected an issue in logging configuration when parsing "syslog:" * Earlier Kea versions could crash when handling misconfigured global reservations. This has been fixed. * Support for recent versions of Sphinx has been added. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1378=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1378=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * python3-kea-2.6.5-150700.3.6.1 * kea-debugsource-2.6.5-150700.3.6.1 * kea-debuginfo-2.6.5-150700.3.6.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libkea-log61-2.6.5-150700.3.6.1 * libkea-dhcp_ddns57-2.6.5-150700.3.6.1 * libkea-asiolink72-debuginfo-2.6.5-150700.3.6.1 * libkea-hooks102-2.6.5-150700.3.6.1 * libkea-dhcp++92-debuginfo-2.6.5-150700.3.6.1 * libkea-log61-debuginfo-2.6.5-150700.3.6.1 * libkea-pgsql71-2.6.5-150700.3.6.1 * libkea-cfgclient67-2.6.5-150700.3.6.1 * libkea-util-io0-debuginfo-2.6.5-150700.3.6.1 * libkea-cfgclient67-debuginfo-2.6.5-150700.3.6.1 * libkea-dhcpsrv112-2.6.5-150700.3.6.1 * libkea-dhcp_ddns57-debuginfo-2.6.5-150700.3.6.1 * libkea-eval69-2.6.5-150700.3.6.1 * kea-debuginfo-2.6.5-150700.3.6.1 * libkea-cc69-2.6.5-150700.3.6.1 * libkea-cc69-debuginfo-2.6.5-150700.3.6.1 * libkea-cryptolink50-debuginfo-2.6.5-150700.3.6.1 * libkea-dns++57-2.6.5-150700.3.6.1 * libkea-dns++57-debuginfo-2.6.5-150700.3.6.1 * libkea-tcp19-debuginfo-2.6.5-150700.3.6.1 * libkea-hooks102-debuginfo-2.6.5-150700.3.6.1 * libkea-exceptions33-debuginfo-2.6.5-150700.3.6.1 * kea-2.6.5-150700.3.6.1 * libkea-util87-2.6.5-150700.3.6.1 * libkea-cryptolink50-2.6.5-150700.3.6.1 * libkea-eval69-debuginfo-2.6.5-150700.3.6.1 * libkea-pgsql71-debuginfo-2.6.5-150700.3.6.1 * libkea-d2srv47-debuginfo-2.6.5-150700.3.6.1 * libkea-http72-2.6.5-150700.3.6.1 * kea-debugsource-2.6.5-150700.3.6.1 * libkea-asiodns49-debuginfo-2.6.5-150700.3.6.1 * libkea-stats41-debuginfo-2.6.5-150700.3.6.1 * libkea-util87-debuginfo-2.6.5-150700.3.6.1 * libkea-asiolink72-2.6.5-150700.3.6.1 * libkea-exceptions33-2.6.5-150700.3.6.1 * libkea-mysql71-2.6.5-150700.3.6.1 * kea-devel-2.6.5-150700.3.6.1 * libkea-d2srv47-2.6.5-150700.3.6.1 * libkea-process76-2.6.5-150700.3.6.1 * libkea-dhcp++92-2.6.5-150700.3.6.1 * libkea-http72-debuginfo-2.6.5-150700.3.6.1 * libkea-mysql71-debuginfo-2.6.5-150700.3.6.1 * libkea-database62-debuginfo-2.6.5-150700.3.6.1 * kea-hooks-debuginfo-2.6.5-150700.3.6.1 * libkea-process76-debuginfo-2.6.5-150700.3.6.1 * libkea-dhcpsrv112-debuginfo-2.6.5-150700.3.6.1 * libkea-util-io0-2.6.5-150700.3.6.1 * libkea-stats41-2.6.5-150700.3.6.1 * libkea-tcp19-2.6.5-150700.3.6.1 * libkea-asiodns49-2.6.5-150700.3.6.1 * libkea-database62-2.6.5-150700.3.6.1 * kea-hooks-2.6.5-150700.3.6.1 * Server Applications Module 15-SP7 (noarch) * kea-doc-2.6.5-150700.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3608.html * https://bugzilla.suse.com/show_bug.cgi?id=1260380 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 12:30:09 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 12:30:09 -0000 Subject: SUSE-RU-2026:1377-1: important: Recommended update for libtcnative-1-0 Message-ID: <177634260942.5413.4456111085806723090@2ec35c3f4c39> # Recommended update for libtcnative-1-0 Announcement ID: SUSE-RU-2026:1377-1 Release Date: 2026-04-16T07:19:34Z Rating: important References: * bsc#1260322 Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7 An update that has one fix can now be installed. ## Description: This update for libtcnative-1-0 fixes the following issues: Update to 1.3.7: [bsc#1260322] 1.3.7: * Code: Refactor access to ASN1_OCTET_STRING to use setters to fix errors when building against the latest OpenSSL 4.0.x code. (markt) * Fix: Fix the handling of OCSP requests with multiple responder URIs. (jfclere) * Fix: Fix the handling of TRY_AGAIN responses to OCSP requests when soft fail is disabled. (jfclere) 1.3.6: * Code: Refactor the SSL_CONF_CTX clean-up to align it with SSL and SSL_CTX clean-up. (markt) * Fix: Fix unnecessarily large buffer allocation when filtering out NULL and export ciphers. Pull requests #35 and #37 provided by chenjp. (markt) * Fix: Fix a potential memory leak if an invalid OpenSSLConf is provided. Pull request #36 provided by chenjp. (markt) * Fix: Refactor setting of OCSP configuration defaults as they were only applied if the SSL_CONF_CTX was used. While one was always used with Tomcat versions aware of the OCSP configuration options, one was not always used with Tomcat versions unaware of the OCSP configuration options leading to OCSP verification being enabled by default when the expected behaviour was disabled by default. (markt) * Code: Improve performance for the rare case of handling large OCSP responses. (markt) 1.3.5: * Fix: Remove group write permissions from the files in the tar.gz source archive. (markt) * Fix: Clear an additional error in OCSP processing that was preventing OCSP soft fail working with Tomcat's APR/native connector. (markt) 1.3.4: * Fix: Correct logic error that prevented the configuration of TLS 1.3 cipher suites. (markt) 1.3.3; * Fix: Refactor the addition of TLS 1.3 cipher suite configuration to avoid a regression when running a version of Tomcat that pre-dates this change. (markt) 1.3.2: * Update: Rename configure.in to modern autotools style configure.ac. (rjung) * Update: Fix incomplete updates for autotools generated files during "buildconf" execution. (rjung) * Update: Improve quoting in tcnative.m4. (rjung) * Update: Update the minimum version of autoconf for releasing to 2.68. (rjung) * Fix: Fix the autoconf warnings when creating a release. (markt) * Update: The Windows binaries are now built with OCSP support enabled by default. (markt) * Add: Include a nonce with OCSP requests and check the nonce, if any, in the OCSP response. (markt) * Add: Expand verification of OCSP responses. (markt) * Add: Add the ability to configure the OCSP checks to soft-fail - i.e. if the responder cannot be contacted or fails to respond in a timely manner the OCSP check will not fail. (markt) * Add: Add a configurable timeout to the writing of OCSP requests and reading of OCSP responses. (markt) * Add: Add the ability to control the OCSP verification flags. (markt) * Add: Configure TLS 1.3 connections from the provided ciphers list as well as connections using TLS 1.2 and earlier. Pull request provided by gastush. (markt) * Update: Update the Windows build environment to use Visual Studio 2022. (markt) 1.3.1: * Fix: Fix a crash on Windows when SSLContext.setCACertificate() is invoked with a null value for caCertificateFile and a non-null value for caCertificatePath until properly addressed with https://github.com/openssl/openssl/issues/24416. (michaelo) * Add: Use ERR_error_string_n with a definite buffer length as a named constant. (schultz) * Add: Ensure local reference capacity is available when creating new arrays and Strings. (schultz) * Update: Update the recommended minimum version of OpenSSL to 3.0.14. (markt) 1.3.0: * Update: Drop useless compile.optimize option. (michaelo) * Update: Align Java source compile configuration with Tomcat. (michaelo) * Fix: Fix version set in DLL header on Windows. (michaelo) * Update: Remove an unreachable if condition around CRLs in sslcontext.c. (michaelo) * Fix: 67818: When calling SSL.setVerify() or SSLContext.setVerify(), the default verify paths are no longer set. Only the explicitly configured trust store, if any, will be used. (michaelo) * Update: Update the minimum supported version of LibreSSL to 3.5.2. (markt) * Design: Remove NPN support as NPN was never standardised and browser support was removed in 2019. (markt) * Update: Update the recommended minimum version of OpenSSL to 3.0.13. (markt) Update to 1.2.39: * Fix: 67061: If the insecure optionalNoCA certificate verification mode is used, disable OCSP if enabled else client certificates from unknown certificate authorities will be rejected. * Update: Update the recommended minimum version of OpenSSL to 3.0.11. * Change the hardcoded libopenssl-1_1-devel to libopenssl-devel for distributions that have the right version ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-1377=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1377=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1377=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1377=1 openSUSE-SLE-15.6-2026-1377=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1377=1 ## Package List: * Web and Scripting Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libtcnative-1-0-debugsource-1.3.7-150600.16.3.1 * libtcnative-1-0-debuginfo-1.3.7-150600.16.3.1 * libtcnative-1-0-devel-1.3.7-150600.16.3.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libtcnative-1-0-debugsource-1.3.7-150600.16.3.1 * libtcnative-1-0-debuginfo-1.3.7-150600.16.3.1 * libtcnative-1-0-1.3.7-150600.16.3.1 * libtcnative-1-0-devel-1.3.7-150600.16.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libtcnative-1-0-debugsource-1.3.7-150600.16.3.1 * libtcnative-1-0-debuginfo-1.3.7-150600.16.3.1 * libtcnative-1-0-1.3.7-150600.16.3.1 * libtcnative-1-0-devel-1.3.7-150600.16.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libtcnative-1-0-debugsource-1.3.7-150600.16.3.1 * libtcnative-1-0-debuginfo-1.3.7-150600.16.3.1 * libtcnative-1-0-1.3.7-150600.16.3.1 * libtcnative-1-0-devel-1.3.7-150600.16.3.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libtcnative-1-0-debugsource-1.3.7-150600.16.3.1 * libtcnative-1-0-debuginfo-1.3.7-150600.16.3.1 * libtcnative-1-0-1.3.7-150600.16.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1260322 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:30:05 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:30:05 -0000 Subject: SUSE-RU-2026:1403-1: moderate: Recommended update for cyrus-sasl Message-ID: <177635700591.5532.6617314693017764162@6fd1d05cebf0> # Recommended update for cyrus-sasl Announcement ID: SUSE-RU-2026:1403-1 Release Date: 2026-04-16T11:34:15Z Rating: moderate References: * bsc#1229655 * jsc#PED-12097 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains one feature and has one fix can now be installed. ## Description: This update for cyrus-sasl fixes the following issues: * Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097) * Add support for setting max ssf 0 to GSS-SPNEGO ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1403=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1403=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1403=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1403=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1403=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1403=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * cyrus-sasl-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-bdb-debugsource-2.1.28-150500.3.3.1 * cyrus-sasl-sqlauxprop-bdb-2.1.28-150500.3.3.1 * cyrus-sasl-scram-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-2.1.28-150500.3.3.1 * libsasl2-3-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-ntlm-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-gssapi-2.1.28-150500.3.3.1 * cyrus-sasl-sqlauxprop-bdb-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-crammd5-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-sqlauxprop-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-scram-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-otp-2.1.28-150500.3.3.1 * cyrus-sasl-sqlauxprop-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-2.1.28-150500.3.3.1 * cyrus-sasl-plain-2.1.28-150500.3.3.1 * cyrus-sasl-ldap-auxprop-bdb-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-digestmd5-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-plain-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-otp-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-bdb-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-plain-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-ntlm-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-gs2-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-plain-2.1.28-150500.3.3.1 * cyrus-sasl-otp-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-gssapi-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-crammd5-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-ldap-auxprop-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-debugsource-2.1.28-150500.3.3.1 * libsasl2-3-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-ntlm-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-bdb-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-debugsource-2.1.28-150500.3.3.1 * cyrus-sasl-devel-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-2.1.28-150500.3.3.1 * cyrus-sasl-gs2-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-gs2-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-otp-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-scram-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-ldap-auxprop-bdb-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-debugsource-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-digestmd5-2.1.28-150500.3.3.1 * cyrus-sasl-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-gs2-2.1.28-150500.3.3.1 * cyrus-sasl-ldap-auxprop-2.1.28-150500.3.3.1 * cyrus-sasl-ntlm-2.1.28-150500.3.3.1 * cyrus-sasl-scram-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-devel-2.1.28-150500.3.3.1 * openSUSE Leap 15.5 (x86_64) * cyrus-sasl-sqlauxprop-32bit-debuginfo-2.1.28-150500.3.3.1 * libsasl2-3-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-ldap-auxprop-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-otp-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-otp-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-plain-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-devel-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-plain-32bit-debuginfo-2.1.28-150500.3.3.1 * libsasl2-3-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-sqlauxprop-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-ldap-auxprop-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-32bit-2.1.28-150500.3.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * cyrus-sasl-sqlauxprop-64bit-2.1.28-150500.3.3.1 * cyrus-sasl-plain-64bit-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-64bit-2.1.28-150500.3.3.1 * libsasl2-3-64bit-2.1.28-150500.3.3.1 * cyrus-sasl-64bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-64bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-otp-64bit-2.1.28-150500.3.3.1 * cyrus-sasl-plain-64bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-64bit-2.1.28-150500.3.3.1 * cyrus-sasl-ldap-auxprop-64bit-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-64bit-2.1.28-150500.3.3.1 * cyrus-sasl-otp-64bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-64bit-debuginfo-2.1.28-150500.3.3.1 * libsasl2-3-64bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-ldap-auxprop-64bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-sqlauxprop-64bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-devel-64bit-2.1.28-150500.3.3.1 * cyrus-sasl-64bit-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-64bit-debuginfo-2.1.28-150500.3.3.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * cyrus-sasl-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-debugsource-2.1.28-150500.3.3.1 * libsasl2-3-debuginfo-2.1.28-150500.3.3.1 * libsasl2-3-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-debuginfo-2.1.28-150500.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * cyrus-sasl-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-2.1.28-150500.3.3.1 * libsasl2-3-2.1.28-150500.3.3.1 * cyrus-sasl-sqlauxprop-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-devel-2.1.28-150500.3.3.1 * cyrus-sasl-sqlauxprop-2.1.28-150500.3.3.1 * cyrus-sasl-plain-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-2.1.28-150500.3.3.1 * cyrus-sasl-plain-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-otp-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-otp-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-debugsource-2.1.28-150500.3.3.1 * libsasl2-3-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-debugsource-2.1.28-150500.3.3.1 * cyrus-sasl-devel-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-debugsource-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-debuginfo-2.1.28-150500.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libsasl2-3-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-plain-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-plain-32bit-debuginfo-2.1.28-150500.3.3.1 * libsasl2-3-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-32bit-2.1.28-150500.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * cyrus-sasl-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-2.1.28-150500.3.3.1 * libsasl2-3-2.1.28-150500.3.3.1 * cyrus-sasl-sqlauxprop-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-devel-2.1.28-150500.3.3.1 * cyrus-sasl-sqlauxprop-2.1.28-150500.3.3.1 * cyrus-sasl-plain-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-2.1.28-150500.3.3.1 * cyrus-sasl-plain-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-otp-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-otp-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-debugsource-2.1.28-150500.3.3.1 * libsasl2-3-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-debugsource-2.1.28-150500.3.3.1 * cyrus-sasl-devel-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-debugsource-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-debuginfo-2.1.28-150500.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libsasl2-3-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-plain-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-plain-32bit-debuginfo-2.1.28-150500.3.3.1 * libsasl2-3-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-32bit-2.1.28-150500.3.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * cyrus-sasl-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-bdb-debugsource-2.1.28-150500.3.3.1 * cyrus-sasl-sqlauxprop-bdb-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-2.1.28-150500.3.3.1 * libsasl2-3-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-gssapi-2.1.28-150500.3.3.1 * cyrus-sasl-sqlauxprop-bdb-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-crammd5-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-sqlauxprop-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-scram-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-otp-2.1.28-150500.3.3.1 * cyrus-sasl-sqlauxprop-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-2.1.28-150500.3.3.1 * cyrus-sasl-plain-2.1.28-150500.3.3.1 * cyrus-sasl-plain-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-digestmd5-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-otp-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-bdb-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-plain-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-ntlm-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-otp-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-plain-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-gssapi-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-crammd5-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-debugsource-2.1.28-150500.3.3.1 * libsasl2-3-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-ntlm-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-bdb-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-debugsource-2.1.28-150500.3.3.1 * cyrus-sasl-devel-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-gs2-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-otp-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-scram-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-debugsource-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-digestmd5-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-gs2-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-devel-2.1.28-150500.3.3.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libsasl2-3-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-plain-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-plain-32bit-debuginfo-2.1.28-150500.3.3.1 * libsasl2-3-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-32bit-2.1.28-150500.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * cyrus-sasl-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-bdb-debugsource-2.1.28-150500.3.3.1 * cyrus-sasl-sqlauxprop-bdb-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-2.1.28-150500.3.3.1 * libsasl2-3-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-gssapi-2.1.28-150500.3.3.1 * cyrus-sasl-sqlauxprop-bdb-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-crammd5-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-sqlauxprop-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-scram-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-otp-2.1.28-150500.3.3.1 * cyrus-sasl-sqlauxprop-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-2.1.28-150500.3.3.1 * cyrus-sasl-plain-2.1.28-150500.3.3.1 * cyrus-sasl-plain-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-digestmd5-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-otp-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-bdb-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-plain-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-ntlm-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-otp-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-plain-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-gssapi-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-crammd5-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-debugsource-2.1.28-150500.3.3.1 * libsasl2-3-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-ntlm-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-bdb-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-debugsource-2.1.28-150500.3.3.1 * cyrus-sasl-devel-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-gs2-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-otp-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-scram-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-saslauthd-debugsource-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-digestmd5-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-gs2-2.1.28-150500.3.3.1 * cyrus-sasl-bdb-devel-2.1.28-150500.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libsasl2-3-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-plain-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-crammd5-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-gssapi-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-plain-32bit-debuginfo-2.1.28-150500.3.3.1 * libsasl2-3-32bit-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-32bit-debuginfo-2.1.28-150500.3.3.1 * cyrus-sasl-digestmd5-32bit-2.1.28-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1229655 * https://jira.suse.com/browse/PED-12097 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:30:12 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:30:12 -0000 Subject: SUSE-RU-2026:1402-1: moderate: Recommended update for autofs Message-ID: <177635701237.5532.17780624722733493857@6fd1d05cebf0> # Recommended update for autofs Announcement ID: SUSE-RU-2026:1402-1 Release Date: 2026-04-16T11:33:39Z Rating: moderate References: * bsc#1246325 * bsc#1246612 Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has two fixes can now be installed. ## Description: This update for autofs fixes the following issues: * fix deadlock on map entry removal (bsc#1246325) * Fix incorrect autofs udisks linkage (bsc#1246612) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1402=1 openSUSE-SLE-15.6-2026-1402=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1402=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1402=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1402=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * autofs-debugsource-5.1.9-150600.3.5.1 * autofs-debuginfo-5.1.9-150600.3.5.1 * autofs-5.1.9-150600.3.5.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * autofs-debugsource-5.1.9-150600.3.5.1 * autofs-debuginfo-5.1.9-150600.3.5.1 * autofs-5.1.9-150600.3.5.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * autofs-debugsource-5.1.9-150600.3.5.1 * autofs-debuginfo-5.1.9-150600.3.5.1 * autofs-5.1.9-150600.3.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * autofs-debugsource-5.1.9-150600.3.5.1 * autofs-debuginfo-5.1.9-150600.3.5.1 * autofs-5.1.9-150600.3.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1246325 * https://bugzilla.suse.com/show_bug.cgi?id=1246612 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:30:13 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:30:13 -0000 Subject: SUSE-RU-2026:1401-1: moderate: Recommended update for supportutils-scrub Message-ID: <177635701384.5532.6059706489399619714@6fd1d05cebf0> # Recommended update for supportutils-scrub Announcement ID: SUSE-RU-2026:1401-1 Release Date: 2026-04-16T11:33:21Z Rating: moderate References: Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for supportutils-scrub fixes the following issues: * Update to version 1.2.0 * New input modes * Folder mode: pass any directory, output written to {dir}_scrubbed/ * Stdin/pipe mode: cat log | supportutils-scrub (scrubbed text to stdout) * Single file mode: process a plain file, output to {file}_scrubbed * Multi-archive mode: process several .txz/.tgz in one run with shared mappings ensuring consistent obfuscation across all archives * Improved automatic entity detection for pipe/file/stdin modes * PAM log patterns: pam_unix([...]) and unix_chkpwd extract usernames * logname= field now recognised as username source * NFS server lines extract hostname and domain automatically * RFC 5424 syslog hostname (field repeated >= 3 lines) auto-detected * Fixed domain parser false positives * Added TLD allowlist rejecting D-Bus names, container runtime interfaces, version strings, systemd scopes and hardware IDs * Bug fixes * Fixed IP pool exhaustion crash when mixed prefix lengths allocated * Update to version 1.1.0 * Major enhancement: Subnet-aware IP obfuscation * Maps entire IPv4 subnets to fake subnets preserving host offsets * Gateway .1 remains .1, broadcast .255 remains .255 * Maintains network topology for effective troubleshooting * Added PCAP obfuscation support with tcprewrite integration * Rewrites packet captures using same subnet mappings as logs * Ensures consistency across supportconfigs and network traces * Exports tcprewrite-compatible subnet rules * Enhanced mapping file structure * Added 'subnet' section with subnet-to-subnet translations * Added 'state' section tracking IP pool allocation cursors * Enables reproducible obfuscation across multiple runs * Improved IP processing * Two-pass processing: learns subnets then applies mapping * Preserves special IPs (0.0.0.0, 127.0.0.1, multicast) * Protects version strings from incorrect obfuscation * Enhanced domain and hostname extraction * Multiple source parsing (resolv.conf, hosts, NFS, NTP) * Fixed word boundary detection preventing partial replacements * Added minimum length requirements for hostnames * Security improvements * Dataset JSON files created with 0600 permissions * System users excluded from obfuscation * Added command-line options for PCAP processing * \--rewrite-pcap: Enable PCAP rewriting mode * \--pcap-in: Specify input PCAP files * \--pcap-out-dir: Output directory for obfuscated PCAPs * \--print-tcprewrite: Display tcprewrite command * Bug fixes * Fixed /32 host route handling * Corrected inline comment processing in hostnames * Resolved IPv6 subnet awareness issues * Fixed MAC address parsing false positives * Initial release version 1.0.0 * Basic obfuscation for supportconfig tarballs * Supports IP, domain, hostname, username, MAC, IPv6 * Configuration file support * Keyword-based obfuscation * Mapping file for consistency across runs ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1401=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1401=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1401=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1401=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1401=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1401=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1401=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1401=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1401=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1401=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1401=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1401=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1401=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1401=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1401=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1401=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1401=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1401=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1401=1 ## Package List: * openSUSE Leap 15.6 (noarch) * supportutils-scrub-1.2-150100.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * supportutils-scrub-1.2-150100.3.6.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * supportutils-scrub-1.2-150100.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * supportutils-scrub-1.2-150100.3.6.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * supportutils-scrub-1.2-150100.3.6.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * supportutils-scrub-1.2-150100.3.6.1 * Basesystem Module 15-SP7 (noarch) * supportutils-scrub-1.2-150100.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * supportutils-scrub-1.2-150100.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * supportutils-scrub-1.2-150100.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * supportutils-scrub-1.2-150100.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * supportutils-scrub-1.2-150100.3.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * supportutils-scrub-1.2-150100.3.6.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * supportutils-scrub-1.2-150100.3.6.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * supportutils-scrub-1.2-150100.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * supportutils-scrub-1.2-150100.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * supportutils-scrub-1.2-150100.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * supportutils-scrub-1.2-150100.3.6.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * supportutils-scrub-1.2-150100.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * supportutils-scrub-1.2-150100.3.6.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:30:16 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:30:16 -0000 Subject: SUSE-SU-2026:1400-1: important: Security update for python-PyJWT Message-ID: <177635701694.5532.16462077255812667450@6fd1d05cebf0> # Security update for python-PyJWT Announcement ID: SUSE-SU-2026:1400-1 Release Date: 2026-04-16T10:47:59Z Rating: important References: * bsc#1259616 Cross-References: * CVE-2026-32597 CVSS scores: * CVE-2026-32597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-32597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-32597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-PyJWT fixes the following issues: * CVE-2026-32597: Fixed unknown `crit` header extensions accepts (bsc#1259616). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1400=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1400=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1400=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1400=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1400=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1400=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1400=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1400=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1400=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1400=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1400=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1400=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 * Basesystem Module 15-SP7 (noarch) * python3-PyJWT-2.4.0-150200.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32597.html * https://bugzilla.suse.com/show_bug.cgi?id=1259616 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:30:20 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:30:20 -0000 Subject: SUSE-SU-2026:1399-1: important: Security update for cups Message-ID: <177635702026.5532.18222203971339892307@6fd1d05cebf0> # Security update for cups Announcement ID: SUSE-SU-2026:1399-1 Release Date: 2026-04-16T10:45:12Z Rating: important References: * bsc#1261568 Cross-References: * CVE-2026-34990 CVSS scores: * CVE-2026-34990 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34990 ( NVD ): 5.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34990 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for cups fixes the following issue: * CVE-2026-34990: Local print admin token disclosure using temporary printers (bsc#1261568). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1399=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1399=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1399=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1399=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1399=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1399=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1399=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1399=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1399=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1399=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1399=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1399=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1399=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1399=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1399=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1399=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1399=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1399=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1399=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1399=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libcups2-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libcups2-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libcups2-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libcups2-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libcups2-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * Desktop Applications Module 15-SP7 (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * cups-ddk-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libcupsmime1-2.2.7-150000.3.86.1 * libcups2-debuginfo-2.2.7-150000.3.86.1 * cups-client-debuginfo-2.2.7-150000.3.86.1 * cups-ddk-debuginfo-2.2.7-150000.3.86.1 * libcupsmime1-debuginfo-2.2.7-150000.3.86.1 * libcupsppdc1-2.2.7-150000.3.86.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-ddk-2.2.7-150000.3.86.1 * cups-client-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * cups-devel-2.2.7-150000.3.86.1 * libcupsimage2-2.2.7-150000.3.86.1 * libcupsimage2-debuginfo-2.2.7-150000.3.86.1 * libcupscgi1-debuginfo-2.2.7-150000.3.86.1 * cups-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libcups2-32bit-2.2.7-150000.3.86.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libcups2-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libcups2-debuginfo-2.2.7-150000.3.86.1 * libcups2-2.2.7-150000.3.86.1 * cups-debuginfo-2.2.7-150000.3.86.1 * cups-debugsource-2.2.7-150000.3.86.1 * cups-config-2.2.7-150000.3.86.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34990.html * https://bugzilla.suse.com/show_bug.cgi?id=1261568 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:30:33 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:30:33 -0000 Subject: SUSE-SU-2026:1398-1: important: Security update for freerdp Message-ID: <177635703322.5532.2244680320400175093@6fd1d05cebf0> # Security update for freerdp Announcement ID: SUSE-SU-2026:1398-1 Release Date: 2026-04-16T10:40:51Z Rating: important References: * bsc#1257981 * bsc#1258979 * bsc#1258982 * bsc#1258985 * bsc#1259653 * bsc#1259679 * bsc#1259686 * bsc#1261848 Cross-References: * CVE-2026-24491 * CVE-2026-26271 * CVE-2026-26955 * CVE-2026-26965 * CVE-2026-31806 * CVE-2026-31883 * CVE-2026-31885 CVSS scores: * CVE-2026-24491 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-24491 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-24491 ( NVD ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-24491 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26271 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26271 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-26955 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26955 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26955 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26965 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-26965 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-26965 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-31806 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31806 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-31806 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31806 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31883 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-31883 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31883 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31883 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-31885 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31885 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2026-31885 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-31885 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves seven vulnerabilities and has one security fix can now be installed. ## Description: This update for freerdp fixes the following issues: Security fixes: * CVE-2026-26271: Buffer overread in FreeRDP icon processing (bsc#1258979). * CVE-2026-26955: Out-of-Bounds write in ClearCodec surface command handler (bsc#1258982). * CVE-2026-26965: Out-of-bounds write in planar bitmap RLE decompression (bsc#1258985). * CVE-2026-31806: improper validation of server messages can lead to a heap buffer overflow and arbitrary code execution (bsc#1259653). * CVE-2026-31883: crafted RDPSND audio format and wave data can cause a heap buffer overwrite (bsc#1259679). * CVE-2026-31885: unchecked predictor can lead to an out-of-bounds read (bsc#1259686). Other changes for freerdp: * Update CVE-2026-24491 patch and check the channel pointer before reset, avoiding subtle crash (bsc#1261848). * Make the calling of `nsc_process_message` compatible with the fix for CVE-2026-31806 (bsc#1261848). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1398=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1398=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * freerdp-wayland-3.10.3-150700.3.9.1 * freerdp-server-debuginfo-3.10.3-150700.3.9.1 * freerdp-debuginfo-3.10.3-150700.3.9.1 * freerdp-devel-3.10.3-150700.3.9.1 * freerdp-wayland-debuginfo-3.10.3-150700.3.9.1 * freerdp-proxy-3.10.3-150700.3.9.1 * freerdp-server-3.10.3-150700.3.9.1 * libuwac0-0-3.10.3-150700.3.9.1 * freerdp-proxy-debuginfo-3.10.3-150700.3.9.1 * libuwac0-0-debuginfo-3.10.3-150700.3.9.1 * freerdp-3.10.3-150700.3.9.1 * freerdp-debugsource-3.10.3-150700.3.9.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * freerdp-sdl-3.10.3-150700.3.9.1 * freerdp-proxy-3.10.3-150700.3.9.1 * libfreerdp3-3-3.10.3-150700.3.9.1 * libfreerdp-server-proxy3-3-debuginfo-3.10.3-150700.3.9.1 * libwinpr3-3-3.10.3-150700.3.9.1 * winpr-devel-3.10.3-150700.3.9.1 * librdtk0-0-debuginfo-3.10.3-150700.3.9.1 * libfreerdp3-3-debuginfo-3.10.3-150700.3.9.1 * freerdp-3.10.3-150700.3.9.1 * freerdp-server-debuginfo-3.10.3-150700.3.9.1 * freerdp-debuginfo-3.10.3-150700.3.9.1 * freerdp-devel-3.10.3-150700.3.9.1 * freerdp-sdl-debuginfo-3.10.3-150700.3.9.1 * librdtk0-0-3.10.3-150700.3.9.1 * freerdp-proxy-debuginfo-3.10.3-150700.3.9.1 * freerdp-proxy-plugins-3.10.3-150700.3.9.1 * freerdp-server-3.10.3-150700.3.9.1 * freerdp-proxy-plugins-debuginfo-3.10.3-150700.3.9.1 * libfreerdp-server-proxy3-3-3.10.3-150700.3.9.1 * libwinpr3-3-debuginfo-3.10.3-150700.3.9.1 * freerdp-debugsource-3.10.3-150700.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24491.html * https://www.suse.com/security/cve/CVE-2026-26271.html * https://www.suse.com/security/cve/CVE-2026-26955.html * https://www.suse.com/security/cve/CVE-2026-26965.html * https://www.suse.com/security/cve/CVE-2026-31806.html * https://www.suse.com/security/cve/CVE-2026-31883.html * https://www.suse.com/security/cve/CVE-2026-31885.html * https://bugzilla.suse.com/show_bug.cgi?id=1257981 * https://bugzilla.suse.com/show_bug.cgi?id=1258979 * https://bugzilla.suse.com/show_bug.cgi?id=1258982 * https://bugzilla.suse.com/show_bug.cgi?id=1258985 * https://bugzilla.suse.com/show_bug.cgi?id=1259653 * https://bugzilla.suse.com/show_bug.cgi?id=1259679 * https://bugzilla.suse.com/show_bug.cgi?id=1259686 * https://bugzilla.suse.com/show_bug.cgi?id=1261848 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:30:36 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:30:36 -0000 Subject: SUSE-RU-2026:1397-1: important: Recommended update for aws-cli Message-ID: <177635703610.5532.13000400747291341847@6fd1d05cebf0> # Recommended update for aws-cli Announcement ID: SUSE-RU-2026:1397-1 Release Date: 2026-04-16T10:38:09Z Rating: important References: * bsc#1261007 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * Public Cloud Module 15-SP6 * Public Cloud Module 15-SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for aws-cli fixes the following issues: * Fixed cli_history database not restricting file permissions on Unix systems (bsc#1261007) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1397=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1397=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1397=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2026-1397=1 * Public Cloud Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2026-1397=1 * Public Cloud Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2026-1397=1 ## Package List: * openSUSE Leap 15.4 (noarch) * aws-cli-1.44.17-150400.34.16.1 * openSUSE Leap 15.6 (noarch) * aws-cli-1.44.17-150400.34.16.1 * Public Cloud Module 15-SP4 (noarch) * aws-cli-1.44.17-150400.34.16.1 * Public Cloud Module 15-SP5 (noarch) * aws-cli-1.44.17-150400.34.16.1 * Public Cloud Module 15-SP6 (noarch) * aws-cli-1.44.17-150400.34.16.1 * Public Cloud Module 15-SP7 (noarch) * aws-cli-1.44.17-150400.34.16.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1261007 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:30:38 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:30:38 -0000 Subject: SUSE-SU-2026:1396-1: important: Security update for plexus-utils Message-ID: <177635703898.5532.18037288603787568810@6fd1d05cebf0> # Security update for plexus-utils Announcement ID: SUSE-SU-2026:1396-1 Release Date: 2026-04-16T10:35:20Z Rating: important References: * bsc#1260588 Cross-References: * CVE-2025-67030 CVSS scores: * CVE-2025-67030 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-67030 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-67030 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-67030 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for plexus-utils fixes the following issue: Security fixes: * CVE-2025-67030: directory traversal via the `extractFile` method of `org.codehaus.plexus.util.Expand` (bsc#1260588). Update to version 4.0.2: * Bug Fixes * Specify /D for cmd.exe to bypass the Command Processor Autorun folder * Dependency updates * Bump org.codehaus.plexus:plexus from 17 to 18 * Bump org.codehaus.plexus:plexus-xml from 3.0.0 to 3.0.1 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1396=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1396=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1396=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1396=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1396=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1396=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1396=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1396=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1396=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1396=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1396=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1396=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * plexus-utils-4.0.2-150200.3.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * plexus-utils-4.0.2-150200.3.14.1 * openSUSE Leap 15.6 (noarch) * plexus-utils-4.0.2-150200.3.14.1 * plexus-utils-javadoc-4.0.2-150200.3.14.1 * Development Tools Module 15-SP7 (noarch) * plexus-utils-4.0.2-150200.3.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * plexus-utils-4.0.2-150200.3.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * plexus-utils-4.0.2-150200.3.14.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * plexus-utils-4.0.2-150200.3.14.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * plexus-utils-4.0.2-150200.3.14.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * plexus-utils-4.0.2-150200.3.14.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * plexus-utils-4.0.2-150200.3.14.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * plexus-utils-4.0.2-150200.3.14.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * plexus-utils-4.0.2-150200.3.14.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67030.html * https://bugzilla.suse.com/show_bug.cgi?id=1260588 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:30:42 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:30:42 -0000 Subject: SUSE-SU-2026:1395-1: important: Security update for azure-storage-azcopy Message-ID: <177635704216.5532.8642637561965592728@6fd1d05cebf0> # Security update for azure-storage-azcopy Announcement ID: SUSE-SU-2026:1395-1 Release Date: 2026-04-16T10:27:27Z Rating: important References: * bsc#1260307 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * Public Cloud Module 15-SP6 * Public Cloud Module 15-SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for azure-storage-azcopy fixes the following issues: * CVE-2026-33186: Authorization bypass in grpc-go due to improper validation of the HTTP/2 `:path` pseudo-header (bsc#1260307). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1395=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1395=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2026-1395=1 * Public Cloud Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2026-1395=1 * Public Cloud Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2026-1395=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * azure-storage-azcopy-10.29.1-150400.9.6.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le x86_64) * azure-storage-azcopy-10.29.1-150400.9.6.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le x86_64) * azure-storage-azcopy-10.29.1-150400.9.6.1 * Public Cloud Module 15-SP6 (aarch64 ppc64le x86_64) * azure-storage-azcopy-10.29.1-150400.9.6.1 * Public Cloud Module 15-SP7 (aarch64 ppc64le x86_64) * azure-storage-azcopy-10.29.1-150400.9.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260307 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:30:46 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:30:46 -0000 Subject: SUSE-SU-2026:1394-1: important: Security update for corosync Message-ID: <177635704691.5532.17776596497350735246@6fd1d05cebf0> # Security update for corosync Announcement ID: SUSE-SU-2026:1394-1 Release Date: 2026-04-16T10:22:10Z Rating: important References: * bsc#1261299 * bsc#1261300 Cross-References: * CVE-2026-35091 * CVE-2026-35092 CVSS scores: * CVE-2026-35091 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35091 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-35091 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-35092 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35092 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35092 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.6 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP6 * SUSE Linux Enterprise High Availability Extension 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for corosync fixes the following issues: * CVE-2026-35091: Denial of Service and information disclosure via crafted UDP packet (bsc#1261299). * CVE-2026-35092: Denial of Service via integer overflow in join message validation (bsc#1261300). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1394=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1394=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-1394=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2026-1394=1 * SUSE Linux Enterprise High Availability Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-1394=1 * SUSE Linux Enterprise High Availability Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2026-1394=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * corosync-qnetd-debuginfo-2.4.6-150300.12.16.1 * libsam4-debuginfo-2.4.6-150300.12.16.1 * libsam4-2.4.6-150300.12.16.1 * libtotem_pg5-2.4.6-150300.12.16.1 * libcpg4-2.4.6-150300.12.16.1 * libvotequorum8-2.4.6-150300.12.16.1 * libcfg6-debuginfo-2.4.6-150300.12.16.1 * corosync-2.4.6-150300.12.16.1 * corosync-debugsource-2.4.6-150300.12.16.1 * corosync-qdevice-2.4.6-150300.12.16.1 * corosync-debuginfo-2.4.6-150300.12.16.1 * libcmap4-debuginfo-2.4.6-150300.12.16.1 * corosync-testagents-2.4.6-150300.12.16.1 * libtotem_pg5-debuginfo-2.4.6-150300.12.16.1 * corosync-qdevice-debuginfo-2.4.6-150300.12.16.1 * libcorosync-devel-2.4.6-150300.12.16.1 * corosync-qnetd-2.4.6-150300.12.16.1 * libcpg4-debuginfo-2.4.6-150300.12.16.1 * libcmap4-2.4.6-150300.12.16.1 * corosync-testagents-debuginfo-2.4.6-150300.12.16.1 * libquorum5-2.4.6-150300.12.16.1 * libvotequorum8-debuginfo-2.4.6-150300.12.16.1 * libcfg6-2.4.6-150300.12.16.1 * libcorosync_common4-debuginfo-2.4.6-150300.12.16.1 * libcorosync_common4-2.4.6-150300.12.16.1 * libquorum5-debuginfo-2.4.6-150300.12.16.1 * openSUSE Leap 15.3 (x86_64) * libquorum5-32bit-debuginfo-2.4.6-150300.12.16.1 * libsam4-32bit-debuginfo-2.4.6-150300.12.16.1 * libsam4-32bit-2.4.6-150300.12.16.1 * libtotem_pg5-32bit-2.4.6-150300.12.16.1 * libcorosync_common4-32bit-debuginfo-2.4.6-150300.12.16.1 * libcorosync_common4-32bit-2.4.6-150300.12.16.1 * libcfg6-32bit-2.4.6-150300.12.16.1 * libcpg4-32bit-debuginfo-2.4.6-150300.12.16.1 * libquorum5-32bit-2.4.6-150300.12.16.1 * libcmap4-32bit-2.4.6-150300.12.16.1 * libcmap4-32bit-debuginfo-2.4.6-150300.12.16.1 * libtotem_pg5-32bit-debuginfo-2.4.6-150300.12.16.1 * libvotequorum8-32bit-2.4.6-150300.12.16.1 * libvotequorum8-32bit-debuginfo-2.4.6-150300.12.16.1 * libcfg6-32bit-debuginfo-2.4.6-150300.12.16.1 * libcpg4-32bit-2.4.6-150300.12.16.1 * openSUSE Leap 15.3 (aarch64_ilp32) * libcorosync_common4-64bit-2.4.6-150300.12.16.1 * libcpg4-64bit-2.4.6-150300.12.16.1 * libtotem_pg5-64bit-2.4.6-150300.12.16.1 * libtotem_pg5-64bit-debuginfo-2.4.6-150300.12.16.1 * libquorum5-64bit-debuginfo-2.4.6-150300.12.16.1 * libcfg6-64bit-debuginfo-2.4.6-150300.12.16.1 * libvotequorum8-64bit-debuginfo-2.4.6-150300.12.16.1 * libsam4-64bit-2.4.6-150300.12.16.1 * libcorosync_common4-64bit-debuginfo-2.4.6-150300.12.16.1 * libcpg4-64bit-debuginfo-2.4.6-150300.12.16.1 * libsam4-64bit-debuginfo-2.4.6-150300.12.16.1 * libvotequorum8-64bit-2.4.6-150300.12.16.1 * libquorum5-64bit-2.4.6-150300.12.16.1 * libcmap4-64bit-2.4.6-150300.12.16.1 * libcmap4-64bit-debuginfo-2.4.6-150300.12.16.1 * libcfg6-64bit-2.4.6-150300.12.16.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * corosync-qnetd-debuginfo-2.4.6-150300.12.16.1 * libsam4-debuginfo-2.4.6-150300.12.16.1 * libsam4-2.4.6-150300.12.16.1 * libtotem_pg5-2.4.6-150300.12.16.1 * libcpg4-2.4.6-150300.12.16.1 * libvotequorum8-2.4.6-150300.12.16.1 * libcfg6-debuginfo-2.4.6-150300.12.16.1 * corosync-2.4.6-150300.12.16.1 * corosync-debugsource-2.4.6-150300.12.16.1 * corosync-qdevice-2.4.6-150300.12.16.1 * corosync-debuginfo-2.4.6-150300.12.16.1 * libcmap4-debuginfo-2.4.6-150300.12.16.1 * corosync-testagents-2.4.6-150300.12.16.1 * libtotem_pg5-debuginfo-2.4.6-150300.12.16.1 * corosync-qdevice-debuginfo-2.4.6-150300.12.16.1 * libcorosync-devel-2.4.6-150300.12.16.1 * corosync-qnetd-2.4.6-150300.12.16.1 * libcpg4-debuginfo-2.4.6-150300.12.16.1 * libcmap4-2.4.6-150300.12.16.1 * corosync-testagents-debuginfo-2.4.6-150300.12.16.1 * libquorum5-2.4.6-150300.12.16.1 * libvotequorum8-debuginfo-2.4.6-150300.12.16.1 * libcfg6-2.4.6-150300.12.16.1 * libcorosync_common4-debuginfo-2.4.6-150300.12.16.1 * libcorosync_common4-2.4.6-150300.12.16.1 * libquorum5-debuginfo-2.4.6-150300.12.16.1 * openSUSE Leap 15.6 (x86_64) * libquorum5-32bit-debuginfo-2.4.6-150300.12.16.1 * libsam4-32bit-debuginfo-2.4.6-150300.12.16.1 * libsam4-32bit-2.4.6-150300.12.16.1 * libtotem_pg5-32bit-2.4.6-150300.12.16.1 * libcorosync_common4-32bit-debuginfo-2.4.6-150300.12.16.1 * libcorosync_common4-32bit-2.4.6-150300.12.16.1 * libcfg6-32bit-2.4.6-150300.12.16.1 * libcpg4-32bit-debuginfo-2.4.6-150300.12.16.1 * libquorum5-32bit-2.4.6-150300.12.16.1 * libcmap4-32bit-2.4.6-150300.12.16.1 * libcmap4-32bit-debuginfo-2.4.6-150300.12.16.1 * libtotem_pg5-32bit-debuginfo-2.4.6-150300.12.16.1 * libvotequorum8-32bit-2.4.6-150300.12.16.1 * libvotequorum8-32bit-debuginfo-2.4.6-150300.12.16.1 * libcfg6-32bit-debuginfo-2.4.6-150300.12.16.1 * libcpg4-32bit-2.4.6-150300.12.16.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * corosync-qnetd-debuginfo-2.4.6-150300.12.16.1 * libsam4-debuginfo-2.4.6-150300.12.16.1 * libsam4-2.4.6-150300.12.16.1 * libtotem_pg5-2.4.6-150300.12.16.1 * libcpg4-2.4.6-150300.12.16.1 * libvotequorum8-2.4.6-150300.12.16.1 * libcfg6-debuginfo-2.4.6-150300.12.16.1 * corosync-2.4.6-150300.12.16.1 * corosync-debugsource-2.4.6-150300.12.16.1 * corosync-qdevice-2.4.6-150300.12.16.1 * corosync-debuginfo-2.4.6-150300.12.16.1 * libcmap4-debuginfo-2.4.6-150300.12.16.1 * corosync-testagents-2.4.6-150300.12.16.1 * libtotem_pg5-debuginfo-2.4.6-150300.12.16.1 * corosync-qdevice-debuginfo-2.4.6-150300.12.16.1 * libcorosync-devel-2.4.6-150300.12.16.1 * corosync-qnetd-2.4.6-150300.12.16.1 * libcpg4-debuginfo-2.4.6-150300.12.16.1 * libcmap4-2.4.6-150300.12.16.1 * corosync-testagents-debuginfo-2.4.6-150300.12.16.1 * libquorum5-2.4.6-150300.12.16.1 * libvotequorum8-debuginfo-2.4.6-150300.12.16.1 * libcfg6-2.4.6-150300.12.16.1 * libcorosync_common4-debuginfo-2.4.6-150300.12.16.1 * libcorosync_common4-2.4.6-150300.12.16.1 * libquorum5-debuginfo-2.4.6-150300.12.16.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * corosync-qnetd-debuginfo-2.4.6-150300.12.16.1 * libsam4-debuginfo-2.4.6-150300.12.16.1 * libsam4-2.4.6-150300.12.16.1 * libtotem_pg5-2.4.6-150300.12.16.1 * libcpg4-2.4.6-150300.12.16.1 * libvotequorum8-2.4.6-150300.12.16.1 * libcfg6-debuginfo-2.4.6-150300.12.16.1 * corosync-2.4.6-150300.12.16.1 * corosync-debugsource-2.4.6-150300.12.16.1 * corosync-qdevice-2.4.6-150300.12.16.1 * corosync-debuginfo-2.4.6-150300.12.16.1 * libcmap4-debuginfo-2.4.6-150300.12.16.1 * corosync-testagents-2.4.6-150300.12.16.1 * libtotem_pg5-debuginfo-2.4.6-150300.12.16.1 * corosync-qdevice-debuginfo-2.4.6-150300.12.16.1 * libcorosync-devel-2.4.6-150300.12.16.1 * corosync-qnetd-2.4.6-150300.12.16.1 * libcpg4-debuginfo-2.4.6-150300.12.16.1 * libcmap4-2.4.6-150300.12.16.1 * corosync-testagents-debuginfo-2.4.6-150300.12.16.1 * libquorum5-2.4.6-150300.12.16.1 * libvotequorum8-debuginfo-2.4.6-150300.12.16.1 * libcfg6-2.4.6-150300.12.16.1 * libcorosync_common4-debuginfo-2.4.6-150300.12.16.1 * libcorosync_common4-2.4.6-150300.12.16.1 * libquorum5-debuginfo-2.4.6-150300.12.16.1 * SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le s390x x86_64) * corosync-qnetd-debuginfo-2.4.6-150300.12.16.1 * libsam4-debuginfo-2.4.6-150300.12.16.1 * libsam4-2.4.6-150300.12.16.1 * libtotem_pg5-2.4.6-150300.12.16.1 * libcpg4-2.4.6-150300.12.16.1 * libvotequorum8-2.4.6-150300.12.16.1 * libcfg6-debuginfo-2.4.6-150300.12.16.1 * corosync-2.4.6-150300.12.16.1 * corosync-debugsource-2.4.6-150300.12.16.1 * corosync-qdevice-2.4.6-150300.12.16.1 * corosync-debuginfo-2.4.6-150300.12.16.1 * libcmap4-debuginfo-2.4.6-150300.12.16.1 * corosync-testagents-2.4.6-150300.12.16.1 * libtotem_pg5-debuginfo-2.4.6-150300.12.16.1 * corosync-qdevice-debuginfo-2.4.6-150300.12.16.1 * libcorosync-devel-2.4.6-150300.12.16.1 * corosync-qnetd-2.4.6-150300.12.16.1 * libcpg4-debuginfo-2.4.6-150300.12.16.1 * libcmap4-2.4.6-150300.12.16.1 * corosync-testagents-debuginfo-2.4.6-150300.12.16.1 * libquorum5-2.4.6-150300.12.16.1 * libvotequorum8-debuginfo-2.4.6-150300.12.16.1 * libcfg6-2.4.6-150300.12.16.1 * libcorosync_common4-debuginfo-2.4.6-150300.12.16.1 * libcorosync_common4-2.4.6-150300.12.16.1 * libquorum5-debuginfo-2.4.6-150300.12.16.1 * SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le s390x x86_64) * corosync-qnetd-debuginfo-2.4.6-150300.12.16.1 * libsam4-debuginfo-2.4.6-150300.12.16.1 * libsam4-2.4.6-150300.12.16.1 * libtotem_pg5-2.4.6-150300.12.16.1 * libcpg4-2.4.6-150300.12.16.1 * libvotequorum8-2.4.6-150300.12.16.1 * libcfg6-debuginfo-2.4.6-150300.12.16.1 * corosync-2.4.6-150300.12.16.1 * corosync-debugsource-2.4.6-150300.12.16.1 * corosync-qdevice-2.4.6-150300.12.16.1 * corosync-debuginfo-2.4.6-150300.12.16.1 * libcmap4-debuginfo-2.4.6-150300.12.16.1 * corosync-testagents-2.4.6-150300.12.16.1 * libtotem_pg5-debuginfo-2.4.6-150300.12.16.1 * corosync-qdevice-debuginfo-2.4.6-150300.12.16.1 * libcorosync-devel-2.4.6-150300.12.16.1 * corosync-qnetd-2.4.6-150300.12.16.1 * libcpg4-debuginfo-2.4.6-150300.12.16.1 * libcmap4-2.4.6-150300.12.16.1 * corosync-testagents-debuginfo-2.4.6-150300.12.16.1 * libquorum5-2.4.6-150300.12.16.1 * libvotequorum8-debuginfo-2.4.6-150300.12.16.1 * libcfg6-2.4.6-150300.12.16.1 * libcorosync_common4-debuginfo-2.4.6-150300.12.16.1 * libcorosync_common4-2.4.6-150300.12.16.1 * libquorum5-debuginfo-2.4.6-150300.12.16.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35091.html * https://www.suse.com/security/cve/CVE-2026-35092.html * https://bugzilla.suse.com/show_bug.cgi?id=1261299 * https://bugzilla.suse.com/show_bug.cgi?id=1261300 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:30:57 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:30:57 -0000 Subject: SUSE-RU-2026:1393-1: moderate: Recommended update for release-notes-sle_hpc Message-ID: <177635705710.5532.11755271404153445288@6fd1d05cebf0> # Recommended update for release-notes-sle_hpc Announcement ID: SUSE-RU-2026:1393-1 Release Date: 2026-04-16T09:38:44Z Rating: moderate References: * bsc#1211965 * bsc#1212382 * bsc#933411 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 An update that has three fixes can now be installed. ## Description: This update for release-notes-sle_hpc fixes the following issues: * Update to vesrion 15.5.20260227 (bsc#933411) * Added Spack 0.20.0 release notes (bsc#1211965) * Updated removals and deprecations (bsc#1212382) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1393=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1393=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1393=1 ## Package List: * openSUSE Leap 15.5 (noarch) * release-notes-sle_hpc-15.500000000.20260227-150500.3.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * release-notes-sle_hpc-15.500000000.20260227-150500.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * release-notes-sle_hpc-15.500000000.20260227-150500.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211965 * https://bugzilla.suse.com/show_bug.cgi?id=1212382 * https://bugzilla.suse.com/show_bug.cgi?id=933411 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:31:07 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:31:07 -0000 Subject: SUSE-RU-2026:1392-1: moderate: Recommended update for release-notes-sle_hpc Message-ID: <177635706759.5532.7892992807005273163@6fd1d05cebf0> # Recommended update for release-notes-sle_hpc Announcement ID: SUSE-RU-2026:1392-1 Release Date: 2026-04-16T09:38:34Z Rating: moderate References: * bsc#1211965 * bsc#933411 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 An update that has two fixes can now be installed. ## Description: This update for release-notes-sle_hpc fixes the following issues: * Update to version 15.4.20260227 (bsc#933411) * Added Spack 0.20.0 release notes (bsc#1211965) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1392=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1392=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1392=1 ## Package List: * openSUSE Leap 15.4 (noarch) * release-notes-sle_hpc-15.400000000.20260227-150400.3.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * release-notes-sle_hpc-15.400000000.20260227-150400.3.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * release-notes-sle_hpc-15.400000000.20260227-150400.3.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211965 * https://bugzilla.suse.com/show_bug.cgi?id=933411 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:31:13 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:31:13 -0000 Subject: SUSE-RU-2026:1391-1: important: Recommended update for mdadm Message-ID: <177635707307.5532.7534476245839900569@6fd1d05cebf0> # Recommended update for mdadm Announcement ID: SUSE-RU-2026:1391-1 Release Date: 2026-04-16T09:37:57Z Rating: important References: * bsc#1243443 * bsc#1258265 * bsc#1259090 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that has three fixes can now be installed. ## Description: This update for mdadm fixes the following issues: * Update to version 4.3+36.g12cb7035: * avoid mdcheck_continue.timer and mdcheck_start.timer firing simultaneously (bsc#1243443, bsc#1259090) * Update to version 4.3+35.gd30fc922: * platform-intel: Deal with hot-unplugged devices (bsc#1258265) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1391=1 openSUSE-SLE-15.6-2026-1391=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1391=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1391=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * mdadm-debugsource-4.3+36.g12cb7035-150600.3.23.1 * mdadm-debuginfo-4.3+36.g12cb7035-150600.3.23.1 * mdadm-4.3+36.g12cb7035-150600.3.23.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * mdadm-debugsource-4.3+36.g12cb7035-150600.3.23.1 * mdadm-debuginfo-4.3+36.g12cb7035-150600.3.23.1 * mdadm-4.3+36.g12cb7035-150600.3.23.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * mdadm-debugsource-4.3+36.g12cb7035-150600.3.23.1 * mdadm-debuginfo-4.3+36.g12cb7035-150600.3.23.1 * mdadm-4.3+36.g12cb7035-150600.3.23.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1243443 * https://bugzilla.suse.com/show_bug.cgi?id=1258265 * https://bugzilla.suse.com/show_bug.cgi?id=1259090 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:31:17 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:31:17 -0000 Subject: SUSE-RU-2026:1390-1: moderate: Recommended update for mdadm Message-ID: <177635707753.5532.2163445240572173482@6fd1d05cebf0> # Recommended update for mdadm Announcement ID: SUSE-RU-2026:1390-1 Release Date: 2026-04-16T09:37:44Z Rating: moderate References: * bsc#1243443 * bsc#1259090 Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has two fixes can now be installed. ## Description: This update for mdadm fixes the following issues: * Update to version 4.4+40.g243a5d9f: * avoid mdcheck_continue.timer and mdcheck_start.timer firing simultaneously (bsc#1243443, bsc#1259090) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1390=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * mdadm-debugsource-4.4+40.g243a5d9f-150700.4.24.1 * mdadm-debuginfo-4.4+40.g243a5d9f-150700.4.24.1 * mdadm-4.4+40.g243a5d9f-150700.4.24.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1243443 * https://bugzilla.suse.com/show_bug.cgi?id=1259090 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:31:20 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:31:20 -0000 Subject: SUSE-SU-2026:1389-1: important: Security update for python-PyJWT Message-ID: <177635708028.5532.8408656121251596943@6fd1d05cebf0> # Security update for python-PyJWT Announcement ID: SUSE-SU-2026:1389-1 Release Date: 2026-04-16T09:20:00Z Rating: important References: * bsc#1259616 Cross-References: * CVE-2026-32597 CVSS scores: * CVE-2026-32597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-32597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-32597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-PyJWT fixes the following issues: * CVE-2026-32597: Fixed unknown `crit` header extensions accepts (bsc#1259616). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1389=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1389=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1389=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1389=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1389=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1389=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1389=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1389=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1389=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1389=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1389=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1389=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1389=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1389=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * openSUSE Leap 15.6 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * Public Cloud Module 15-SP4 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * Python 3 Module 15-SP7 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * python311-PyJWT-2.8.0-150400.8.10.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32597.html * https://bugzilla.suse.com/show_bug.cgi?id=1259616 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:31:23 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:31:23 -0000 Subject: SUSE-SU-2026:1388-1: moderate: Security update for libtpms Message-ID: <177635708334.5532.999084282919049260@6fd1d05cebf0> # Security update for libtpms Announcement ID: SUSE-SU-2026:1388-1 Release Date: 2026-04-16T09:18:28Z Rating: moderate References: * bsc#1244528 Cross-References: * CVE-2025-49133 CVSS scores: * CVE-2025-49133 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2025-49133 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H * CVE-2025-49133 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for libtpms fixes the following issues: * CVE-2025-49133: Fixed potential out of bounds (OOB) read vulnerability (bsc#1244528) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1388=1 SUSE-2026-1388=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1388=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libtpms-debugsource-0.9.6-150600.3.3.1 * libtpms-devel-0.9.6-150600.3.3.1 * libtpms0-debuginfo-0.9.6-150600.3.3.1 * libtpms0-0.9.6-150600.3.3.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libtpms-debugsource-0.9.6-150600.3.3.1 * libtpms-devel-0.9.6-150600.3.3.1 * libtpms0-debuginfo-0.9.6-150600.3.3.1 * libtpms0-0.9.6-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49133.html * https://bugzilla.suse.com/show_bug.cgi?id=1244528 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:31:29 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:31:29 -0000 Subject: SUSE-SU-2026:1387-1: important: Security update for vim Message-ID: <177635708914.5532.10185693517696374695@6fd1d05cebf0> # Security update for vim Announcement ID: SUSE-SU-2026:1387-1 Release Date: 2026-04-16T09:18:18Z Rating: important References: * bsc#1259985 * bsc#1261191 * bsc#1261271 Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: Update to version 9.2.0280. * CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution (bsc#1261271). * CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution (bsc#1261191). * CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to arbitrary code execution (bsc#1259985). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1387=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1387=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1387=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1387=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1387=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1387=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1387=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1387=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1387=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1387=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-debugsource-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-debugsource-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-debugsource-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-debugsource-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * vim-debugsource-9.2.0280-150000.5.89.1 * gvim-debuginfo-9.2.0280-150000.5.89.1 * gvim-9.2.0280-150000.5.89.1 * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * vim-data-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * vim-debugsource-9.2.0280-150000.5.89.1 * gvim-debuginfo-9.2.0280-150000.5.89.1 * gvim-9.2.0280-150000.5.89.1 * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * vim-data-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.2.0280-150000.5.89.1 * gvim-debuginfo-9.2.0280-150000.5.89.1 * gvim-9.2.0280-150000.5.89.1 * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * vim-data-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * vim-debugsource-9.2.0280-150000.5.89.1 * gvim-debuginfo-9.2.0280-150000.5.89.1 * gvim-9.2.0280-150000.5.89.1 * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * vim-data-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-debugsource-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * vim-data-common-9.2.0280-150000.5.89.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * vim-debuginfo-9.2.0280-150000.5.89.1 * vim-small-9.2.0280-150000.5.89.1 * vim-debugsource-9.2.0280-150000.5.89.1 * vim-small-debuginfo-9.2.0280-150000.5.89.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://bugzilla.suse.com/show_bug.cgi?id=1259985 * https://bugzilla.suse.com/show_bug.cgi?id=1261191 * https://bugzilla.suse.com/show_bug.cgi?id=1261271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:31:37 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:31:37 -0000 Subject: SUSE-SU-2026:1386-1: important: Security update for openssl-1_1 Message-ID: <177635709794.5532.7377669927217749546@6fd1d05cebf0> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2026:1386-1 Release Date: 2026-04-16T09:17:21Z Rating: important References: * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1261678 Cross-References: * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-28390 * CVE-2026-31789 CVSS scores: * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * Legacy Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). * CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1386=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1386=1 * Legacy Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2026-1386=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1w-150700.11.16.1 * libopenssl1_1-debuginfo-1.1.1w-150700.11.16.1 * libopenssl1_1-1.1.1w-150700.11.16.1 * openssl-1_1-debuginfo-1.1.1w-150700.11.16.1 * Basesystem Module 15-SP7 (x86_64) * libopenssl1_1-32bit-1.1.1w-150700.11.16.1 * libopenssl1_1-32bit-debuginfo-1.1.1w-150700.11.16.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libopenssl-1_1-devel-1.1.1w-150700.11.16.1 * openssl-1_1-debugsource-1.1.1w-150700.11.16.1 * openssl-1_1-debuginfo-1.1.1w-150700.11.16.1 * Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1w-150700.11.16.1 * openssl-1_1-debuginfo-1.1.1w-150700.11.16.1 * openssl-1_1-1.1.1w-150700.11.16.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-28390.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1261678 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:31:46 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:31:46 -0000 Subject: SUSE-SU-2026:1385-1: important: Security update for python3 Message-ID: <177635710617.5532.11454948359759643189@6fd1d05cebf0> # Security update for python3 Announcement ID: SUSE-SU-2026:1385-1 Release Date: 2026-04-16T09:16:55Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for python3 fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611). * CVE-2026-3479: improper resource argument validation can allow path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies (bsc#1259734). * CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735). * CVE-2026-4519: leading dashes in URLs are accepted by the `webbrowser.open()` API and allow for web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1385=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1385=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * python3-tk-debuginfo-3.4.10-25.180.1 * libpython3_4m1_0-debuginfo-3.4.10-25.180.1 * python3-debugsource-3.4.10-25.180.1 * python3-base-debuginfo-3.4.10-25.180.1 * python3-tk-3.4.10-25.180.1 * python3-devel-3.4.10-25.180.1 * python3-debuginfo-3.4.10-25.180.1 * python3-base-debugsource-3.4.10-25.180.1 * python3-3.4.10-25.180.1 * libpython3_4m1_0-3.4.10-25.180.1 * python3-curses-debuginfo-3.4.10-25.180.1 * python3-curses-3.4.10-25.180.1 * python3-base-3.4.10-25.180.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (ppc64le s390x x86_64) * python3-devel-debuginfo-3.4.10-25.180.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * python3-base-debuginfo-32bit-3.4.10-25.180.1 * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.180.1 * libpython3_4m1_0-32bit-3.4.10-25.180.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * python3-tk-debuginfo-3.4.10-25.180.1 * libpython3_4m1_0-debuginfo-3.4.10-25.180.1 * python3-debugsource-3.4.10-25.180.1 * python3-base-debuginfo-3.4.10-25.180.1 * libpython3_4m1_0-debuginfo-32bit-3.4.10-25.180.1 * python3-base-debuginfo-32bit-3.4.10-25.180.1 * python3-devel-3.4.10-25.180.1 * python3-tk-3.4.10-25.180.1 * python3-debuginfo-3.4.10-25.180.1 * python3-base-debugsource-3.4.10-25.180.1 * python3-3.4.10-25.180.1 * libpython3_4m1_0-3.4.10-25.180.1 * python3-curses-debuginfo-3.4.10-25.180.1 * python3-curses-3.4.10-25.180.1 * libpython3_4m1_0-32bit-3.4.10-25.180.1 * python3-devel-debuginfo-3.4.10-25.180.1 * python3-base-3.4.10-25.180.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:32:01 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:32:01 -0000 Subject: SUSE-RU-2026:1384-1: important: Recommended update for suseconnect-ng Message-ID: <177635712119.5532.1050067196486829288@6fd1d05cebf0> # Recommended update for suseconnect-ng Announcement ID: SUSE-RU-2026:1384-1 Release Date: 2026-04-16T09:15:16Z Rating: important References: * bsc#1230861 * bsc#1239439 * bsc#1241002 * bsc#1244550 * bsc#1257490 * bsc#1257625 * bsc#1257667 * bsc#1257825 * bsc#1261155 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has nine fixes can now be installed. ## Description: This update for suseconnect-ng fixes the following issues: * Update version to 1.21.1: * Fix nil token handling (bsc#1261155) * Switch to using go1.24-openssl as the default Go version to install to support building the package (jsc#SCC-585). * Update version to 1.21: * Add expanded metric collection for kernel modules and hardware detection (jsc#TEL-226). * Support new profile based metric collection * Fix ignored --root parameter hanbling when reading and writing configuration (bsc#1257667) * Add expanded metric collection for system vendor/manfacturer (jsc#TEL-260). * Removed backport patch * Add missing product id to allow yast2-registration to not break (bsc#1257825) * Fix libsuseconnect APIError detection logic (bsc#1257825) * Regressions found during QA test runs: * Ignore product in announce call (bsc#1257490) * Registration to SMT server with failed (bsc#1257625) * Update version to 1.20: * Update error message for Public Cloud instances with registercloudguest installed. SUSEConnect -d is disabled on PYAG and BYOS when the registercloudguest command is available. (bsc#1230861) * Enhanced SAP detected. Take TREX into account and remove empty values when only /usr/sap but no installation exists (bsc#1241002) * Fixed modules and extension link to point to version less documentation. (bsc#1239439) * Fixed SAP instance detection (bsc#1244550) * Remove link to extensions documentation (bsc#1239439) * Migrate to the public library * Version 1.14 public library release This version is only available on Github as a tag to release the new golang public library which can be consumed without the need to interface with SUSEConnect directly. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1384=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1384=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libsuseconnect-1.21.1-3.35.1 * suseconnect-ng-1.21.1-3.35.1 * suseconnect-ruby-bindings-1.21.1-3.35.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libsuseconnect-1.21.1-3.35.1 * suseconnect-ng-1.21.1-3.35.1 * suseconnect-ruby-bindings-1.21.1-3.35.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1230861 * https://bugzilla.suse.com/show_bug.cgi?id=1239439 * https://bugzilla.suse.com/show_bug.cgi?id=1241002 * https://bugzilla.suse.com/show_bug.cgi?id=1244550 * https://bugzilla.suse.com/show_bug.cgi?id=1257490 * https://bugzilla.suse.com/show_bug.cgi?id=1257625 * https://bugzilla.suse.com/show_bug.cgi?id=1257667 * https://bugzilla.suse.com/show_bug.cgi?id=1257825 * https://bugzilla.suse.com/show_bug.cgi?id=1261155 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:32:14 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:32:14 -0000 Subject: SUSE-RU-2026:1383-1: important: Recommended update for suseconnect-ng Message-ID: <177635713443.5532.5151410184236851409@6fd1d05cebf0> # Recommended update for suseconnect-ng Announcement ID: SUSE-RU-2026:1383-1 Release Date: 2026-04-16T09:15:03Z Rating: important References: * bsc#1230861 * bsc#1239439 * bsc#1241002 * bsc#1244550 * bsc#1257490 * bsc#1257625 * bsc#1257667 * bsc#1257825 * bsc#1261155 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that has nine fixes can now be installed. ## Description: This update for suseconnect-ng fixes the following issues: * Update version to 1.21.1: * Fix nil token handling (bsc#1261155) * Switch to using go1.24-openssl as the default Go version to install to support building the package (jsc#SCC-585). * Update version to 1.21: * Add expanded metric collection for kernel modules and hardware detection (jsc#TEL-226). * Support new profile based metric collection * Fix ignored --root parameter hanbling when reading and writing configuration (bsc#1257667) * Add expanded metric collection for system vendor/manfacturer (jsc#TEL-260). * Removed backport patch * Add missing product id to allow yast2-registration to not break (bsc#1257825) * Fix libsuseconnect APIError detection logic (bsc#1257825) * Regressions found during QA test runs: * Ignore product in announce call (bsc#1257490) * Registration to SMT server with failed (bsc#1257625) * Update version to 1.20: * Update error message for Public Cloud instances with registercloudguest installed. SUSEConnect -d is disabled on PYAG and BYOS when the registercloudguest command is available. (bsc#1230861) * Enhanced SAP detected. Take TREX into account and remove empty values when only /usr/sap but no installation exists (bsc#1241002) * Fixed modules and extension link to point to version less documentation. (bsc#1239439) * Fixed SAP instance detection (bsc#1244550) * Remove link to extensions documentation (bsc#1239439) * Migrate to the public library * Version 1.14 public library release This version is only available on Github as a tag to release the new golang public library which can be consumed without the need to interface with SUSEConnect directly. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1383=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1383=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1383=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1383=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1383=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1383=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1383=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1383=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1383=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * suseconnect-ng-1.21.1-150400.3.49.1 * suseconnect-ruby-bindings-1.21.1-150400.3.49.1 * libsuseconnect-1.21.1-150400.3.49.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * suseconnect-ng-1.21.1-150400.3.49.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * suseconnect-ng-1.21.1-150400.3.49.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * suseconnect-ng-1.21.1-150400.3.49.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * suseconnect-ng-1.21.1-150400.3.49.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * suseconnect-ng-1.21.1-150400.3.49.1 * suseconnect-ruby-bindings-1.21.1-150400.3.49.1 * libsuseconnect-1.21.1-150400.3.49.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * suseconnect-ng-1.21.1-150400.3.49.1 * suseconnect-ruby-bindings-1.21.1-150400.3.49.1 * libsuseconnect-1.21.1-150400.3.49.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * suseconnect-ng-1.21.1-150400.3.49.1 * suseconnect-ruby-bindings-1.21.1-150400.3.49.1 * libsuseconnect-1.21.1-150400.3.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * suseconnect-ng-1.21.1-150400.3.49.1 * suseconnect-ruby-bindings-1.21.1-150400.3.49.1 * libsuseconnect-1.21.1-150400.3.49.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1230861 * https://bugzilla.suse.com/show_bug.cgi?id=1239439 * https://bugzilla.suse.com/show_bug.cgi?id=1241002 * https://bugzilla.suse.com/show_bug.cgi?id=1244550 * https://bugzilla.suse.com/show_bug.cgi?id=1257490 * https://bugzilla.suse.com/show_bug.cgi?id=1257625 * https://bugzilla.suse.com/show_bug.cgi?id=1257667 * https://bugzilla.suse.com/show_bug.cgi?id=1257825 * https://bugzilla.suse.com/show_bug.cgi?id=1261155 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:32:29 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:32:29 -0000 Subject: SUSE-RU-2026:1382-1: important: Recommended update for suseconnect-ng Message-ID: <177635714971.5532.15033995883082514770@6fd1d05cebf0> # Recommended update for suseconnect-ng Announcement ID: SUSE-RU-2026:1382-1 Release Date: 2026-04-16T09:14:20Z Rating: important References: * bsc#1230861 * bsc#1239439 * bsc#1241002 * bsc#1244550 * bsc#1257490 * bsc#1257625 * bsc#1257667 * bsc#1257825 * bsc#1261155 Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has nine fixes can now be installed. ## Description: This update for suseconnect-ng fixes the following issues: * Update version to 1.21.1: * Fix nil token handling (bsc#1261155) * Switch to using go1.24-openssl as the default Go version to install to support building the package (jsc#SCC-585). * Update version to 1.21: * Add expanded metric collection for kernel modules and hardware detection (jsc#TEL-226). * Support new profile based metric collection * Fix ignored --root parameter hanbling when reading and writing configuration (bsc#1257667) * Add expanded metric collection for system vendor/manfacturer (jsc#TEL-260). * Removed backport patch * Add missing product id to allow yast2-registration to not break (bsc#1257825) * Fix libsuseconnect APIError detection logic (bsc#1257825) * Regressions found during QA test runs: * Ignore product in announce call (bsc#1257490) * Registration to SMT server with failed (bsc#1257625) * Update version to 1.20: * Update error message for Public Cloud instances with registercloudguest installed. SUSEConnect -d is disabled on PYAG and BYOS when the registercloudguest command is available. (bsc#1230861) * Enhanced SAP detected. Take TREX into account and remove empty values when only /usr/sap but no installation exists (bsc#1241002) * Fixed modules and extension link to point to version less documentation. (bsc#1239439) * Fixed SAP instance detection (bsc#1244550) * Remove link to extensions documentation (bsc#1239439) * Migrate to the public library * Version 1.14 public library release This version is only available on Github as a tag to release the new golang public library which can be consumed without the need to interface with SUSEConnect directly. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1382=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1382=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1382=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1382=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * suseconnect-ruby-bindings-1.21.1-150600.3.18.1 * suseconnect-ng-1.21.1-150600.3.18.1 * libsuseconnect-1.21.1-150600.3.18.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * suseconnect-ruby-bindings-1.21.1-150600.3.18.1 * suseconnect-ng-1.21.1-150600.3.18.1 * libsuseconnect-1.21.1-150600.3.18.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * suseconnect-ruby-bindings-1.21.1-150600.3.18.1 * suseconnect-ng-1.21.1-150600.3.18.1 * libsuseconnect-1.21.1-150600.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * suseconnect-ruby-bindings-1.21.1-150600.3.18.1 * suseconnect-ng-1.21.1-150600.3.18.1 * libsuseconnect-1.21.1-150600.3.18.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1230861 * https://bugzilla.suse.com/show_bug.cgi?id=1239439 * https://bugzilla.suse.com/show_bug.cgi?id=1241002 * https://bugzilla.suse.com/show_bug.cgi?id=1244550 * https://bugzilla.suse.com/show_bug.cgi?id=1257490 * https://bugzilla.suse.com/show_bug.cgi?id=1257625 * https://bugzilla.suse.com/show_bug.cgi?id=1257667 * https://bugzilla.suse.com/show_bug.cgi?id=1257825 * https://bugzilla.suse.com/show_bug.cgi?id=1261155 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:32:38 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:32:38 -0000 Subject: SUSE-RU-2026:1381-1: important: Recommended update for suseconnect-ng Message-ID: <177635715816.5532.9212328448541275515@6fd1d05cebf0> # Recommended update for suseconnect-ng Announcement ID: SUSE-RU-2026:1381-1 Release Date: 2026-04-16T09:14:02Z Rating: important References: * bsc#1257490 * bsc#1257625 * bsc#1257667 * bsc#1257825 * bsc#1261155 Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that has five fixes can now be installed. ## Description: This update for suseconnect-ng fixes the following issues: * Update version to 1.21.1: * Fix nil token handling (bsc#1261155) * Switch to using go1.24-openssl as the default Go version to install to support building the package (jsc#SCC-585). * Update version to 1.21: * Add expanded metric collection for kernel modules and hardware detection (jsc#TEL-226). * Support new profile based metric collection * Fix ignored --root parameter hanbling when reading and writing configuration (bsc#1257667) * Add expanded metric collection for system vendor/manfacturer (jsc#TEL-260). * Removed backport patch * Add missing product id to allow yast2-registration to not break (bsc#1257825) * Fix libsuseconnect APIError detection logic (bsc#1257825) * Regressions found during QA test runs: * Ignore product in announce call (bsc#1257490) * Registration to SMT server with failed (bsc#1257625) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1381=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1381=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * suseconnect-ng-1.21.1-150300.3.26.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * suseconnect-ng-1.21.1-150300.3.26.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1257490 * https://bugzilla.suse.com/show_bug.cgi?id=1257625 * https://bugzilla.suse.com/show_bug.cgi?id=1257667 * https://bugzilla.suse.com/show_bug.cgi?id=1257825 * https://bugzilla.suse.com/show_bug.cgi?id=1261155 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:32:43 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:32:43 -0000 Subject: SUSE-RU-2026:1380-1: important: Recommended update for suseconnect-ng Message-ID: <177635716353.5532.2185793561426644529@6fd1d05cebf0> # Recommended update for suseconnect-ng Announcement ID: SUSE-RU-2026:1380-1 Release Date: 2026-04-16T09:13:55Z Rating: important References: * bsc#1257667 * bsc#1257825 * bsc#1261155 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has three fixes can now be installed. ## Description: This update for suseconnect-ng fixes the following issues: * Update version to 1.21.1: * Fix nil token handling (bsc#1261155) * Switch to using go1.24-openssl as the default Go version to install to support building the package (jsc#SCC-585). * Update version to 1.21: * Add expanded metric collection for kernel modules and hardware detection (jsc#TEL-226). * Support new profile based metric collection * Fix ignored --root parameter hanbling when reading and writing configuration (bsc#1257667) * Add expanded metric collection for system vendor/manfacturer (jsc#TEL-260). * Removed backport patch * Add missing product id to allow yast2-registration to not break (bsc#1257825) * Fix libsuseconnect APIError detection logic (bsc#1257825) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1380=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1380=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1380=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1380=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1380=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1380=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libsuseconnect-1.21.1-150500.3.40.1 * suseconnect-ruby-bindings-1.21.1-150500.3.40.1 * suseconnect-ng-1.21.1-150500.3.40.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * suseconnect-ng-1.21.1-150500.3.40.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libsuseconnect-1.21.1-150500.3.40.1 * suseconnect-ruby-bindings-1.21.1-150500.3.40.1 * suseconnect-ng-1.21.1-150500.3.40.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libsuseconnect-1.21.1-150500.3.40.1 * suseconnect-ruby-bindings-1.21.1-150500.3.40.1 * suseconnect-ng-1.21.1-150500.3.40.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libsuseconnect-1.21.1-150500.3.40.1 * suseconnect-ruby-bindings-1.21.1-150500.3.40.1 * suseconnect-ng-1.21.1-150500.3.40.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libsuseconnect-1.21.1-150500.3.40.1 * suseconnect-ruby-bindings-1.21.1-150500.3.40.1 * suseconnect-ng-1.21.1-150500.3.40.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1257667 * https://bugzilla.suse.com/show_bug.cgi?id=1257825 * https://bugzilla.suse.com/show_bug.cgi?id=1261155 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 16:32:46 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 16:32:46 -0000 Subject: SUSE-SU-2026:1379-1: important: Security update for MozillaThunderbird Message-ID: <177635716648.5532.7884387542625733943@6fd1d05cebf0> # Security update for MozillaThunderbird Announcement ID: SUSE-SU-2026:1379-1 Release Date: 2026-04-16T08:42:00Z Rating: important References: * bsc#1261663 Cross-References: * CVE-2026-5731 * CVE-2026-5732 * CVE-2026-5734 CVSS scores: * CVE-2026-5731 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5731 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5732 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5732 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5734 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5734 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5734 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: * Update to 149.0.2 and 140.9.1esr (bsc#1261663). * CVE-2026-5731: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. * CVE-2026-5732: Incorrect boundary conditions, integer overflow in the Graphics: Text component. * CVE-2026-5734: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1379=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1379=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * MozillaThunderbird-translations-common-140.9.1-150200.8.266.1 * MozillaThunderbird-translations-other-140.9.1-150200.8.266.1 * MozillaThunderbird-debuginfo-140.9.1-150200.8.266.1 * MozillaThunderbird-140.9.1-150200.8.266.1 * MozillaThunderbird-debugsource-140.9.1-150200.8.266.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * MozillaThunderbird-translations-common-140.9.1-150200.8.266.1 * MozillaThunderbird-translations-other-140.9.1-150200.8.266.1 * MozillaThunderbird-debuginfo-140.9.1-150200.8.266.1 * MozillaThunderbird-140.9.1-150200.8.266.1 * MozillaThunderbird-debugsource-140.9.1-150200.8.266.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5731.html * https://www.suse.com/security/cve/CVE-2026-5732.html * https://www.suse.com/security/cve/CVE-2026-5734.html * https://bugzilla.suse.com/show_bug.cgi?id=1261663 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:05 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 20:30:05 -0000 Subject: SUSE-SU-2026:1416-1: low: Security update for python-pyOpenSSL Message-ID: <177637140536.6478.2322397360020531813@5d6d53449fb2> # Security update for python-pyOpenSSL Announcement ID: SUSE-SU-2026:1416-1 Release Date: 2026-04-16T15:36:01Z Rating: low References: * bsc#1259804 Cross-References: * CVE-2026-27448 CVSS scores: * CVE-2026-27448 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27448 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-27448 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27448 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for python-pyOpenSSL fixes the following issue: * CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1416=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1416=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1416=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-pyOpenSSL-19.0.0-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-pyOpenSSL-19.0.0-150300.3.3.1 * openSUSE Leap 15.3 (noarch) * python3-pyOpenSSL-19.0.0-150300.3.3.1 * python2-pyOpenSSL-19.0.0-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27448.html * https://bugzilla.suse.com/show_bug.cgi?id=1259804 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:11 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 20:30:11 -0000 Subject: SUSE-SU-2026:1415-1: moderate: Security update for rust1.93 Message-ID: <177637141184.6478.9679934565218927301@5d6d53449fb2> # Security update for rust1.93 Announcement ID: SUSE-SU-2026:1415-1 Release Date: 2026-04-16T15:05:20Z Rating: moderate References: * bsc#1253321 * bsc#1259623 Cross-References: * CVE-2026-31812 CVSS scores: * CVE-2026-31812 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-31812 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-31812 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * Development Tools Module 15-SP7 * openSUSE Leap 15.3 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for rust1.93 fixes the following issues: Security issue: * CVE-2026-31812: denial of service via crafted QUIC initial packet (bsc#1259623). Non security issue: * Resolve missing gcc requirement that may affect some crate buildin (bsc#1253321). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1415=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1415=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1415=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * cargo1.93-1.93.0-150300.7.6.1 * rust1.93-debuginfo-1.93.0-150300.7.6.1 * cargo1.93-debuginfo-1.93.0-150300.7.6.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586 nosrc) * rust1.93-1.93.0-150300.7.6.1 * openSUSE Leap 15.3 (noarch) * rust1.93-src-1.93.0-150300.7.6.1 * openSUSE Leap 15.3 (nosrc) * rust1.93-test-1.93.0-150300.7.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * cargo1.93-1.93.0-150300.7.6.1 * rust1.93-debuginfo-1.93.0-150300.7.6.1 * cargo1.93-debuginfo-1.93.0-150300.7.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.93-1.93.0-150300.7.6.1 * openSUSE Leap 15.6 (noarch) * rust1.93-src-1.93.0-150300.7.6.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * cargo1.93-1.93.0-150300.7.6.1 * rust1.93-debuginfo-1.93.0-150300.7.6.1 * cargo1.93-debuginfo-1.93.0-150300.7.6.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.93-1.93.0-150300.7.6.1 * Development Tools Module 15-SP7 (noarch) * rust1.93-src-1.93.0-150300.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31812.html * https://bugzilla.suse.com/show_bug.cgi?id=1253321 * https://bugzilla.suse.com/show_bug.cgi?id=1259623 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:16 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 20:30:16 -0000 Subject: SUSE-SU-2026:1414-1: moderate: Security update for shim Message-ID: <177637141636.6478.13607788075716543791@5d6d53449fb2> # Security update for shim Announcement ID: SUSE-SU-2026:1414-1 Release Date: 2026-04-16T14:25:29Z Rating: moderate References: * bsc#1240871 * bsc#1247432 Cross-References: * CVE-2024-2312 CVSS scores: * CVE-2024-2312 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-2312 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for shim fixes the following issues: shim is updated to version 16.1: * shim_start_image(): fix guid/handle pairing when uninstalling protocols * Fix uncompressed ipv6 netboot * fix test segfaults caused by uninitialized memory * SbatLevel_Variable.txt: minor typo fix. * Realloc() needs to allocate one more byte for sprintf() * IPv6: Add more check to avoid multiple double colon and illegal char * Loader proto v2 * loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages * Generate Authenticode for the entire PE file * README: mention new loader protocol and interaction with UKIs * shim: change automatically enable MOK_POLICY_REQUIRE_NX * Save var info * add SbatLevel entry 2025051000 for PSA-2025-00012-1 * Coverity fixes 20250804 * fix http boot * Fix double free and leak in the loader protocol shim is updated to version 16.0: * Validate that a supplied vendor cert is not in PEM format * sbat: Add grub.peimage,2 to latest (CVE-2024-2312) * sbat: Also bump latest for grub,4 (and to todays date) * undo change that limits certificate files to a single file * shim: don't set second_stage to the empty string * Fix SBAT.md for today's consensus about numbers * Update Code of Conduct contact address * make-certs: Handle missing OpenSSL installation * Update MokVars.txt * export DEFINES for sub makefile * Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition * Null-terminate 'arguments' in fallback * Fix "Verifiying" typo in error message * Update Fedora CI targets * Force gcc to produce DWARF4 so that gdb can use it * Minor housekeeping 2024121700 * Discard load-options that start with WINDOWS * Fix the issue that the gBS->LoadImage pointer was empty. * shim: Allow data after the end of device path node in load options * Handle network file not found like disks * Update gnu-efi submodule for EFI_HTTP_ERROR * Increase EFI file alignment * avoid EFIv2 runtime services on Apple x86 machines * Improve shortcut performance when comparing two boolean expressions * Provide better error message when MokManager is not found * tpm: Boot with a warning if the event log is full * MokManager: remove redundant logical constraints * Test import_mok_state() when MokListRT would be bigger than available size * test-mok-mirror: minor bug fix * Fix file system browser hang when enrolling MOK from disk * Ignore a minor clang-tidy nit * Allow fallback to default loader when encountering errors on network boot * test.mk: don't use a temporary random.bin * pe: Enhance debug report for update_mem_attrs * Multiple certificate handling improvements * Generate SbatLevel Metadata from SbatLevel_Variable.txt * Apply EKU check with compile option * Add configuration option to boot an alternative 2nd stage * Loader protocol (with Device Path resolution support) * netboot cleanup for additional files * Document how revocations can be delivered * post-process-pe: add tests to validate NX compliance * regression: CopyMem() in ad8692e copies out of bounds * Save the debug and error logs in mok-variables * Add features for the Host Security ID program * Mirror some more efi variables to mok-variables * This adds DXE Services measurements to HSI and uses them for NX * Add shim's current NX_COMPAT status to HSIStatus * README.tpm: reflect that vendor_db is in fact logged as "vendor_db" * Reject HTTP message with duplicate Content-Length header fields * Disable log saving * fallback: don't add new boot order entries backwards * README.tpm: Update MokList entry to MokListRT * SBAT Level update for February 2025 GRUB CVEs ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1414=1 * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1414=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * shim-16.1-25.34.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (x86_64) * shim-16.1-25.34.1 ## References: * https://www.suse.com/security/cve/CVE-2024-2312.html * https://bugzilla.suse.com/show_bug.cgi?id=1240871 * https://bugzilla.suse.com/show_bug.cgi?id=1247432 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:19 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 20:30:19 -0000 Subject: SUSE-SU-2026:1413-1: moderate: Security update for ovmf Message-ID: <177637141914.6478.9778222662400445732@5d6d53449fb2> # Security update for ovmf Announcement ID: SUSE-SU-2026:1413-1 Release Date: 2026-04-16T13:34:01Z Rating: moderate References: * bsc#1252441 Cross-References: * CVE-2025-59438 CVSS scores: * CVE-2025-59438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-59438 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-59438 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for ovmf fixes the following issue: * CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting (bsc#1252441). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1413=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1413=1 ## Package List: * SUSE Package Hub 15 15-SP7 (noarch) * qemu-uefi-aarch64-202408-150700.3.15.1 * qemu-ovmf-x86_64-202408-150700.3.15.1 * qemu-uefi-aarch32-202408-150700.3.15.1 * SUSE Package Hub 15 15-SP7 (x86_64) * qemu-ovmf-x86_64-debug-202408-150700.3.15.1 * Server Applications Module 15-SP7 (aarch64 x86_64) * ovmf-tools-202408-150700.3.15.1 * ovmf-202408-150700.3.15.1 * Server Applications Module 15-SP7 (noarch) * qemu-uefi-aarch64-202408-150700.3.15.1 * qemu-ovmf-x86_64-202408-150700.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59438.html * https://bugzilla.suse.com/show_bug.cgi?id=1252441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:26 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 20:30:26 -0000 Subject: SUSE-SU-2026:1412-1: moderate: Security update for python-urllib3 Message-ID: <177637142640.6478.9283419720431156656@5d6d53449fb2> # Security update for python-urllib3 Announcement ID: SUSE-SU-2026:1412-1 Release Date: 2026-04-16T13:06:27Z Rating: moderate References: * bsc#1254866 * bsc#1254867 * bsc#1256331 * bsc#1259829 * jsc#PED-15380 Cross-References: * CVE-2025-66418 * CVE-2025-66471 * CVE-2026-21441 CVSS scores: * CVE-2025-66418 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-66418 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-66418 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-66418 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-66471 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-66471 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-66471 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-66471 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21441 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21441 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-21441 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-21441 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities, contains one feature and has one security fix can now be installed. ## Description: This update for python-urllib3 fixes the following issues: Security issues: * CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866). * CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867). * CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331). Non-security issues: * Disabled response decompression with brotli due to missing brotli feature (jsc#PED-15380). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2026-1412=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1412=1 ## Package List: * Public Cloud Module 12 (noarch) * python-urllib3-1.25.10-3.48.4 * python3-urllib3-1.25.10-3.48.4 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * python-urllib3-1.25.10-3.48.4 * python3-urllib3-1.25.10-3.48.4 ## References: * https://www.suse.com/security/cve/CVE-2025-66418.html * https://www.suse.com/security/cve/CVE-2025-66471.html * https://www.suse.com/security/cve/CVE-2026-21441.html * https://bugzilla.suse.com/show_bug.cgi?id=1254866 * https://bugzilla.suse.com/show_bug.cgi?id=1254867 * https://bugzilla.suse.com/show_bug.cgi?id=1256331 * https://bugzilla.suse.com/show_bug.cgi?id=1259829 * https://jira.suse.com/browse/PED-15380 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:30 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 20:30:30 -0000 Subject: SUSE-SU-2026:1411-1: important: Security update for terraform-provider-local, terraform-provider-random, terraform-provider-tls Message-ID: <177637143075.6478.6075509247331696977@5d6d53449fb2> # Security update for terraform-provider-local, terraform-provider-random, terraform-provider-tls Announcement ID: SUSE-SU-2026:1411-1 Release Date: 2026-04-16T12:57:18Z Rating: important References: * bsc#1258097 * bsc#1260218 Cross-References: * CVE-2026-25934 * CVE-2026-33186 CVSS scores: * CVE-2026-25934 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-25934 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-25934 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-25934 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for terraform-provider-local, terraform-provider-random, terraform- provider-tls fixes the following issue: * CVE-2026-25934: github.com/go-git/go-git/v5: improper verification of data integrity values for `.pack` and `.idx` files can lead to the consumption of corrupted files (bsc#1258097). * CVE-2026-33186: google.golang.org/grpc: improper validation of the HTTP/2 `:path` pseudo-header can lead to authorization bypass (bsc#1260218). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1411=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1411=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2026-1411=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * terraform-provider-local-2.0.0-150200.6.8.1 * terraform-provider-null-3.0.0-150200.6.12.1 * terraform-provider-random-3.0.0-150200.6.6.2 * terraform-provider-tls-3.0.0-150200.5.6.2 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * terraform-provider-local-2.0.0-150200.6.8.1 * terraform-provider-null-3.0.0-150200.6.12.1 * terraform-provider-random-3.0.0-150200.6.6.2 * terraform-provider-tls-3.0.0-150200.5.6.2 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-local-2.0.0-150200.6.8.1 * terraform-provider-null-3.0.0-150200.6.12.1 * terraform-provider-random-3.0.0-150200.6.6.2 * terraform-provider-tls-3.0.0-150200.5.6.2 ## References: * https://www.suse.com/security/cve/CVE-2026-25934.html * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1258097 * https://bugzilla.suse.com/show_bug.cgi?id=1260218 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:35 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 20:30:35 -0000 Subject: SUSE-RU-2026:1410-1: moderate: Recommended update for util-linux Message-ID: <177637143538.6478.6504240500931051319@5d6d53449fb2> # Recommended update for util-linux Announcement ID: SUSE-RU-2026:1410-1 Release Date: 2026-04-16T12:41:51Z Rating: moderate References: * bsc#1222465 * bsc#1234736 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that has two fixes can now be installed. ## Description: This update for util-linux fixes the following issues: * recognize fuse "portal" as a virtual file system (bsc#1234736). * fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1410=1 SUSE-2026-1410=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1410=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1410=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * util-linux-2.39.3-150600.4.21.1 * util-linux-systemd-debuginfo-2.39.3-150600.4.21.1 * libsmartcols-devel-2.39.3-150600.4.21.1 * libmount1-2.39.3-150600.4.21.1 * util-linux-systemd-2.39.3-150600.4.21.1 * python3-libmount-debuginfo-2.39.3-150600.4.21.1 * util-linux-tty-tools-debuginfo-2.39.3-150600.4.21.1 * libuuid1-debuginfo-2.39.3-150600.4.21.1 * libuuid-devel-static-2.39.3-150600.4.21.1 * libfdisk1-debuginfo-2.39.3-150600.4.21.1 * libblkid-devel-static-2.39.3-150600.4.21.1 * libfdisk-devel-2.39.3-150600.4.21.1 * util-linux-debuginfo-2.39.3-150600.4.21.1 * libfdisk1-2.39.3-150600.4.21.1 * util-linux-debugsource-2.39.3-150600.4.21.1 * util-linux-tty-tools-2.39.3-150600.4.21.1 * uuidd-2.39.3-150600.4.21.1 * python3-libmount-2.39.3-150600.4.21.1 * libsmartcols1-2.39.3-150600.4.21.1 * util-linux-systemd-debugsource-2.39.3-150600.4.21.1 * libuuid-devel-2.39.3-150600.4.21.1 * libmount-devel-static-2.39.3-150600.4.21.1 * libsmartcols1-debuginfo-2.39.3-150600.4.21.1 * libuuid1-2.39.3-150600.4.21.1 * libfdisk-devel-static-2.39.3-150600.4.21.1 * libblkid-devel-2.39.3-150600.4.21.1 * libblkid1-2.39.3-150600.4.21.1 * python-libmount-debugsource-2.39.3-150600.4.21.1 * libblkid1-debuginfo-2.39.3-150600.4.21.1 * uuidd-debuginfo-2.39.3-150600.4.21.1 * libsmartcols-devel-static-2.39.3-150600.4.21.1 * libmount-devel-2.39.3-150600.4.21.1 * libmount1-debuginfo-2.39.3-150600.4.21.1 * openSUSE Leap 15.6 (x86_64) * libfdisk-devel-32bit-2.39.3-150600.4.21.1 * libmount-devel-32bit-2.39.3-150600.4.21.1 * libmount1-32bit-2.39.3-150600.4.21.1 * libblkid1-32bit-debuginfo-2.39.3-150600.4.21.1 * libsmartcols-devel-32bit-2.39.3-150600.4.21.1 * libblkid1-32bit-2.39.3-150600.4.21.1 * libblkid-devel-32bit-2.39.3-150600.4.21.1 * libuuid-devel-32bit-2.39.3-150600.4.21.1 * libuuid1-32bit-debuginfo-2.39.3-150600.4.21.1 * libfdisk1-32bit-2.39.3-150600.4.21.1 * libmount1-32bit-debuginfo-2.39.3-150600.4.21.1 * libsmartcols1-32bit-2.39.3-150600.4.21.1 * libsmartcols1-32bit-debuginfo-2.39.3-150600.4.21.1 * libfdisk1-32bit-debuginfo-2.39.3-150600.4.21.1 * libuuid1-32bit-2.39.3-150600.4.21.1 * openSUSE Leap 15.6 (noarch) * util-linux-lang-2.39.3-150600.4.21.1 * openSUSE Leap 15.6 (s390x) * util-linux-extra-debuginfo-2.39.3-150600.4.21.1 * util-linux-extra-2.39.3-150600.4.21.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libsmartcols-devel-64bit-2.39.3-150600.4.21.1 * libfdisk1-64bit-debuginfo-2.39.3-150600.4.21.1 * libblkid-devel-64bit-2.39.3-150600.4.21.1 * libuuid1-64bit-2.39.3-150600.4.21.1 * libmount1-64bit-2.39.3-150600.4.21.1 * libuuid1-64bit-debuginfo-2.39.3-150600.4.21.1 * libfdisk-devel-64bit-2.39.3-150600.4.21.1 * libfdisk1-64bit-2.39.3-150600.4.21.1 * libuuid-devel-64bit-2.39.3-150600.4.21.1 * libblkid1-64bit-2.39.3-150600.4.21.1 * libmount1-64bit-debuginfo-2.39.3-150600.4.21.1 * libmount-devel-64bit-2.39.3-150600.4.21.1 * libblkid1-64bit-debuginfo-2.39.3-150600.4.21.1 * libsmartcols1-64bit-debuginfo-2.39.3-150600.4.21.1 * libsmartcols1-64bit-2.39.3-150600.4.21.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * util-linux-2.39.3-150600.4.21.1 * util-linux-systemd-debuginfo-2.39.3-150600.4.21.1 * libsmartcols-devel-2.39.3-150600.4.21.1 * libmount1-2.39.3-150600.4.21.1 * util-linux-systemd-2.39.3-150600.4.21.1 * util-linux-tty-tools-debuginfo-2.39.3-150600.4.21.1 * libuuid1-debuginfo-2.39.3-150600.4.21.1 * libuuid-devel-static-2.39.3-150600.4.21.1 * libfdisk1-debuginfo-2.39.3-150600.4.21.1 * libblkid-devel-static-2.39.3-150600.4.21.1 * libfdisk-devel-2.39.3-150600.4.21.1 * util-linux-debuginfo-2.39.3-150600.4.21.1 * libfdisk1-2.39.3-150600.4.21.1 * util-linux-debugsource-2.39.3-150600.4.21.1 * util-linux-tty-tools-2.39.3-150600.4.21.1 * uuidd-2.39.3-150600.4.21.1 * libsmartcols1-2.39.3-150600.4.21.1 * util-linux-systemd-debugsource-2.39.3-150600.4.21.1 * libuuid-devel-2.39.3-150600.4.21.1 * libsmartcols1-debuginfo-2.39.3-150600.4.21.1 * libuuid1-2.39.3-150600.4.21.1 * libblkid-devel-2.39.3-150600.4.21.1 * libblkid1-2.39.3-150600.4.21.1 * libblkid1-debuginfo-2.39.3-150600.4.21.1 * uuidd-debuginfo-2.39.3-150600.4.21.1 * libmount-devel-2.39.3-150600.4.21.1 * libmount1-debuginfo-2.39.3-150600.4.21.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * util-linux-lang-2.39.3-150600.4.21.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (s390x) * util-linux-extra-debuginfo-2.39.3-150600.4.21.1 * util-linux-extra-2.39.3-150600.4.21.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libmount1-32bit-2.39.3-150600.4.21.1 * libblkid1-32bit-debuginfo-2.39.3-150600.4.21.1 * libblkid1-32bit-2.39.3-150600.4.21.1 * libuuid1-32bit-debuginfo-2.39.3-150600.4.21.1 * libmount1-32bit-debuginfo-2.39.3-150600.4.21.1 * libuuid1-32bit-2.39.3-150600.4.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * util-linux-2.39.3-150600.4.21.1 * util-linux-systemd-debuginfo-2.39.3-150600.4.21.1 * libsmartcols-devel-2.39.3-150600.4.21.1 * libmount1-2.39.3-150600.4.21.1 * util-linux-systemd-2.39.3-150600.4.21.1 * util-linux-tty-tools-debuginfo-2.39.3-150600.4.21.1 * libuuid1-debuginfo-2.39.3-150600.4.21.1 * libuuid-devel-static-2.39.3-150600.4.21.1 * libfdisk1-debuginfo-2.39.3-150600.4.21.1 * libblkid-devel-static-2.39.3-150600.4.21.1 * libfdisk-devel-2.39.3-150600.4.21.1 * util-linux-debuginfo-2.39.3-150600.4.21.1 * libfdisk1-2.39.3-150600.4.21.1 * util-linux-debugsource-2.39.3-150600.4.21.1 * util-linux-tty-tools-2.39.3-150600.4.21.1 * uuidd-2.39.3-150600.4.21.1 * libsmartcols1-2.39.3-150600.4.21.1 * util-linux-systemd-debugsource-2.39.3-150600.4.21.1 * libuuid-devel-2.39.3-150600.4.21.1 * libsmartcols1-debuginfo-2.39.3-150600.4.21.1 * libuuid1-2.39.3-150600.4.21.1 * libblkid-devel-2.39.3-150600.4.21.1 * libblkid1-2.39.3-150600.4.21.1 * libblkid1-debuginfo-2.39.3-150600.4.21.1 * uuidd-debuginfo-2.39.3-150600.4.21.1 * libmount-devel-2.39.3-150600.4.21.1 * libmount1-debuginfo-2.39.3-150600.4.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * util-linux-lang-2.39.3-150600.4.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libmount1-32bit-2.39.3-150600.4.21.1 * libblkid1-32bit-debuginfo-2.39.3-150600.4.21.1 * libblkid1-32bit-2.39.3-150600.4.21.1 * libuuid1-32bit-debuginfo-2.39.3-150600.4.21.1 * libmount1-32bit-debuginfo-2.39.3-150600.4.21.1 * libuuid1-32bit-2.39.3-150600.4.21.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1222465 * https://bugzilla.suse.com/show_bug.cgi?id=1234736 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:44 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 20:30:44 -0000 Subject: SUSE-RU-2026:1409-1: important: Recommended update for sssd Message-ID: <177637144404.6478.8106842432272082000@5d6d53449fb2> # Recommended update for sssd Announcement ID: SUSE-RU-2026:1409-1 Release Date: 2026-04-16T12:40:25Z Rating: important References: * bsc#1259253 * bsc#1259436 * bsc#1259545 * bsc#1260409 * bsc#1260413 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that has five fixes can now be installed. ## Description: This update for sssd fixes the following issues: * Do not package capabilities, will be applied by %set_permissions rpm macro (bsc#1259436); * Silence noisy warning from sss_cache if run prior starting the daemon and config.ldb does not exist (bsc#1259545); * Fix ldap_child process started by the backend process ending in defunc state. * Create the secrets directory for the KCM service (bsc#1259253); * Fix missing nss library in 32bit package (bsc#1260409); * Fix packaging wrong permissions for /usr/share/polkit-1/rules.d (bsc#1260413); ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1409=1 openSUSE-SLE-15.6-2026-1409=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1409=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1409=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * sssd-ipa-2.10.2-150600.3.44.1 * sssd-ldap-debuginfo-2.10.2-150600.3.44.1 * libsss_certmap-devel-2.10.2-150600.3.44.1 * libnfsidmap-sss-2.10.2-150600.3.44.1 * sssd-dbus-debuginfo-2.10.2-150600.3.44.1 * libsss_idmap-devel-2.10.2-150600.3.44.1 * sssd-krb5-debuginfo-2.10.2-150600.3.44.1 * sssd-kcm-2.10.2-150600.3.44.1 * sssd-ldap-2.10.2-150600.3.44.1 * python3-ipa_hbac-2.10.2-150600.3.44.1 * libsss_simpleifp0-debuginfo-2.10.2-150600.3.44.1 * sssd-ad-2.10.2-150600.3.44.1 * sssd-ad-debuginfo-2.10.2-150600.3.44.1 * sssd-tools-2.10.2-150600.3.44.1 * libsss_nss_idmap0-debuginfo-2.10.2-150600.3.44.1 * python3-ipa_hbac-debuginfo-2.10.2-150600.3.44.1 * libsss_idmap0-2.10.2-150600.3.44.1 * sssd-proxy-debuginfo-2.10.2-150600.3.44.1 * libsss_certmap0-2.10.2-150600.3.44.1 * libsss_idmap0-debuginfo-2.10.2-150600.3.44.1 * sssd-kcm-debuginfo-2.10.2-150600.3.44.1 * sssd-tools-debuginfo-2.10.2-150600.3.44.1 * sssd-debuginfo-2.10.2-150600.3.44.1 * sssd-proxy-2.10.2-150600.3.44.1 * python3-sss-murmur-2.10.2-150600.3.44.1 * libipa_hbac0-debuginfo-2.10.2-150600.3.44.1 * python3-sssd-config-2.10.2-150600.3.44.1 * python3-sssd-config-debuginfo-2.10.2-150600.3.44.1 * python3-sss_nss_idmap-2.10.2-150600.3.44.1 * sssd-krb5-common-debuginfo-2.10.2-150600.3.44.1 * libsss_simpleifp-devel-2.10.2-150600.3.44.1 * libipa_hbac0-2.10.2-150600.3.44.1 * sssd-krb5-common-2.10.2-150600.3.44.1 * libsss_simpleifp0-2.10.2-150600.3.44.1 * libsss_nss_idmap0-2.10.2-150600.3.44.1 * libipa_hbac-devel-2.10.2-150600.3.44.1 * libnfsidmap-sss-debuginfo-2.10.2-150600.3.44.1 * sssd-debugsource-2.10.2-150600.3.44.1 * sssd-ipa-debuginfo-2.10.2-150600.3.44.1 * libsss_nss_idmap-devel-2.10.2-150600.3.44.1 * sssd-krb5-2.10.2-150600.3.44.1 * sssd-winbind-idmap-debuginfo-2.10.2-150600.3.44.1 * sssd-2.10.2-150600.3.44.1 * sssd-dbus-2.10.2-150600.3.44.1 * python3-sss_nss_idmap-debuginfo-2.10.2-150600.3.44.1 * libsss_certmap0-debuginfo-2.10.2-150600.3.44.1 * sssd-winbind-idmap-2.10.2-150600.3.44.1 * python3-sss-murmur-debuginfo-2.10.2-150600.3.44.1 * openSUSE Leap 15.6 (x86_64) * sssd-32bit-debuginfo-2.10.2-150600.3.44.1 * sssd-32bit-2.10.2-150600.3.44.1 * openSUSE Leap 15.6 (aarch64_ilp32) * sssd-64bit-2.10.2-150600.3.44.1 * sssd-64bit-debuginfo-2.10.2-150600.3.44.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * sssd-ipa-2.10.2-150600.3.44.1 * sssd-ldap-debuginfo-2.10.2-150600.3.44.1 * libsss_certmap-devel-2.10.2-150600.3.44.1 * sssd-dbus-debuginfo-2.10.2-150600.3.44.1 * libsss_idmap-devel-2.10.2-150600.3.44.1 * sssd-krb5-debuginfo-2.10.2-150600.3.44.1 * sssd-kcm-2.10.2-150600.3.44.1 * sssd-ldap-2.10.2-150600.3.44.1 * sssd-ad-2.10.2-150600.3.44.1 * libsss_simpleifp0-debuginfo-2.10.2-150600.3.44.1 * sssd-ad-debuginfo-2.10.2-150600.3.44.1 * libsss_nss_idmap0-debuginfo-2.10.2-150600.3.44.1 * libsss_idmap0-2.10.2-150600.3.44.1 * sssd-proxy-debuginfo-2.10.2-150600.3.44.1 * libsss_certmap0-2.10.2-150600.3.44.1 * libsss_idmap0-debuginfo-2.10.2-150600.3.44.1 * sssd-kcm-debuginfo-2.10.2-150600.3.44.1 * sssd-tools-debuginfo-2.10.2-150600.3.44.1 * sssd-debuginfo-2.10.2-150600.3.44.1 * sssd-proxy-2.10.2-150600.3.44.1 * libipa_hbac0-debuginfo-2.10.2-150600.3.44.1 * python3-sssd-config-debuginfo-2.10.2-150600.3.44.1 * python3-sssd-config-2.10.2-150600.3.44.1 * sssd-krb5-common-debuginfo-2.10.2-150600.3.44.1 * libsss_simpleifp-devel-2.10.2-150600.3.44.1 * libipa_hbac0-2.10.2-150600.3.44.1 * sssd-krb5-common-2.10.2-150600.3.44.1 * libsss_simpleifp0-2.10.2-150600.3.44.1 * libsss_nss_idmap0-2.10.2-150600.3.44.1 * libipa_hbac-devel-2.10.2-150600.3.44.1 * sssd-debugsource-2.10.2-150600.3.44.1 * sssd-ipa-debuginfo-2.10.2-150600.3.44.1 * libsss_nss_idmap-devel-2.10.2-150600.3.44.1 * sssd-krb5-2.10.2-150600.3.44.1 * sssd-winbind-idmap-debuginfo-2.10.2-150600.3.44.1 * sssd-2.10.2-150600.3.44.1 * sssd-dbus-2.10.2-150600.3.44.1 * libsss_certmap0-debuginfo-2.10.2-150600.3.44.1 * sssd-winbind-idmap-2.10.2-150600.3.44.1 * sssd-tools-2.10.2-150600.3.44.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * sssd-32bit-debuginfo-2.10.2-150600.3.44.1 * sssd-32bit-2.10.2-150600.3.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * sssd-ipa-2.10.2-150600.3.44.1 * sssd-ldap-debuginfo-2.10.2-150600.3.44.1 * libsss_certmap-devel-2.10.2-150600.3.44.1 * sssd-dbus-debuginfo-2.10.2-150600.3.44.1 * libsss_idmap-devel-2.10.2-150600.3.44.1 * sssd-krb5-debuginfo-2.10.2-150600.3.44.1 * sssd-kcm-2.10.2-150600.3.44.1 * sssd-ldap-2.10.2-150600.3.44.1 * sssd-ad-2.10.2-150600.3.44.1 * libsss_simpleifp0-debuginfo-2.10.2-150600.3.44.1 * sssd-ad-debuginfo-2.10.2-150600.3.44.1 * libsss_nss_idmap0-debuginfo-2.10.2-150600.3.44.1 * libsss_idmap0-2.10.2-150600.3.44.1 * sssd-proxy-debuginfo-2.10.2-150600.3.44.1 * libsss_certmap0-2.10.2-150600.3.44.1 * libsss_idmap0-debuginfo-2.10.2-150600.3.44.1 * sssd-kcm-debuginfo-2.10.2-150600.3.44.1 * sssd-tools-debuginfo-2.10.2-150600.3.44.1 * sssd-debuginfo-2.10.2-150600.3.44.1 * sssd-proxy-2.10.2-150600.3.44.1 * libipa_hbac0-debuginfo-2.10.2-150600.3.44.1 * python3-sssd-config-debuginfo-2.10.2-150600.3.44.1 * python3-sssd-config-2.10.2-150600.3.44.1 * sssd-krb5-common-debuginfo-2.10.2-150600.3.44.1 * libsss_simpleifp-devel-2.10.2-150600.3.44.1 * libipa_hbac0-2.10.2-150600.3.44.1 * sssd-krb5-common-2.10.2-150600.3.44.1 * libsss_simpleifp0-2.10.2-150600.3.44.1 * libsss_nss_idmap0-2.10.2-150600.3.44.1 * libipa_hbac-devel-2.10.2-150600.3.44.1 * sssd-debugsource-2.10.2-150600.3.44.1 * sssd-ipa-debuginfo-2.10.2-150600.3.44.1 * libsss_nss_idmap-devel-2.10.2-150600.3.44.1 * sssd-krb5-2.10.2-150600.3.44.1 * sssd-winbind-idmap-debuginfo-2.10.2-150600.3.44.1 * sssd-2.10.2-150600.3.44.1 * sssd-dbus-2.10.2-150600.3.44.1 * libsss_certmap0-debuginfo-2.10.2-150600.3.44.1 * sssd-winbind-idmap-2.10.2-150600.3.44.1 * sssd-tools-2.10.2-150600.3.44.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * sssd-32bit-debuginfo-2.10.2-150600.3.44.1 * sssd-32bit-2.10.2-150600.3.44.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1259253 * https://bugzilla.suse.com/show_bug.cgi?id=1259436 * https://bugzilla.suse.com/show_bug.cgi?id=1259545 * https://bugzilla.suse.com/show_bug.cgi?id=1260409 * https://bugzilla.suse.com/show_bug.cgi?id=1260413 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:48 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 20:30:48 -0000 Subject: SUSE-SU-2026:1408-1: moderate: Security update for tiff Message-ID: <177637144823.6478.16084792333530533716@5d6d53449fb2> # Security update for tiff Announcement ID: SUSE-SU-2026:1408-1 Release Date: 2026-04-16T12:36:23Z Rating: moderate References: * bsc#1258798 * bsc#1258801 Cross-References: * CVE-2025-61143 * CVE-2025-61144 CVSS scores: * CVE-2025-61143 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-61143 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-61143 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-61144 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-61144 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-61144 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for tiff fixes the following issues: * CVE-2025-61143: Fixed NULL pointer dereference (bsc#1258798). * CVE-2025-61144: Fixed stack overflow in readSeparateStripsIntoBuffer() (bsc#1258801). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1408=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1408=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1408=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1408=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1408=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1408=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1408=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1408=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.63.1 * libtiff5-debuginfo-4.0.9-150000.45.63.1 * libtiff5-4.0.9-150000.45.63.1 * tiff-debuginfo-4.0.9-150000.45.63.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.63.1 * libtiff5-debuginfo-4.0.9-150000.45.63.1 * libtiff5-4.0.9-150000.45.63.1 * tiff-debuginfo-4.0.9-150000.45.63.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.63.1 * libtiff5-debuginfo-4.0.9-150000.45.63.1 * libtiff5-4.0.9-150000.45.63.1 * tiff-debuginfo-4.0.9-150000.45.63.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.63.1 * libtiff5-debuginfo-4.0.9-150000.45.63.1 * libtiff5-4.0.9-150000.45.63.1 * tiff-debuginfo-4.0.9-150000.45.63.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * tiff-debugsource-4.0.9-150000.45.63.1 * libtiff5-debuginfo-4.0.9-150000.45.63.1 * libtiff5-4.0.9-150000.45.63.1 * tiff-debuginfo-4.0.9-150000.45.63.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * tiff-debugsource-4.0.9-150000.45.63.1 * libtiff5-debuginfo-4.0.9-150000.45.63.1 * libtiff5-4.0.9-150000.45.63.1 * tiff-debuginfo-4.0.9-150000.45.63.1 * Basesystem Module 15-SP7 (x86_64) * libtiff5-32bit-4.0.9-150000.45.63.1 * libtiff5-32bit-debuginfo-4.0.9-150000.45.63.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.63.1 * libtiff5-debuginfo-4.0.9-150000.45.63.1 * libtiff5-4.0.9-150000.45.63.1 * tiff-debuginfo-4.0.9-150000.45.63.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * tiff-debugsource-4.0.9-150000.45.63.1 * libtiff5-debuginfo-4.0.9-150000.45.63.1 * libtiff5-4.0.9-150000.45.63.1 * tiff-debuginfo-4.0.9-150000.45.63.1 ## References: * https://www.suse.com/security/cve/CVE-2025-61143.html * https://www.suse.com/security/cve/CVE-2025-61144.html * https://bugzilla.suse.com/show_bug.cgi?id=1258798 * https://bugzilla.suse.com/show_bug.cgi?id=1258801 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:52 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 20:30:52 -0000 Subject: SUSE-SU-2026:1407-1: moderate: Security update for tiff Message-ID: <177637145268.6478.10892262274554722771@5d6d53449fb2> # Security update for tiff Announcement ID: SUSE-SU-2026:1407-1 Release Date: 2026-04-16T12:35:42Z Rating: moderate References: * bsc#1258798 * bsc#1258801 Cross-References: * CVE-2025-61143 * CVE-2025-61144 CVSS scores: * CVE-2025-61143 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-61143 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-61143 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-61144 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2025-61144 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-61144 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for tiff fixes the following issues: * CVE-2025-61143: Fixed NULL pointer dereference (bsc#1258798). * CVE-2025-61144: Fixed stack overflow in readSeparateStripsIntoBuffer() (bsc#1258801). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1407=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libtiff5-32bit-4.0.9-44.109.1 * tiff-4.0.9-44.109.1 * libtiff5-4.0.9-44.109.1 * tiff-debugsource-4.0.9-44.109.1 * libtiff5-debuginfo-32bit-4.0.9-44.109.1 * libtiff5-debuginfo-4.0.9-44.109.1 * tiff-debuginfo-4.0.9-44.109.1 * libtiff-devel-4.0.9-44.109.1 ## References: * https://www.suse.com/security/cve/CVE-2025-61143.html * https://www.suse.com/security/cve/CVE-2025-61144.html * https://bugzilla.suse.com/show_bug.cgi?id=1258798 * https://bugzilla.suse.com/show_bug.cgi?id=1258801 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:30:58 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 20:30:58 -0000 Subject: SUSE-SU-2026:1406-1: moderate: Security update for util-linux Message-ID: <177637145801.6478.11295995358185515985@5d6d53449fb2> # Security update for util-linux Announcement ID: SUSE-SU-2026:1406-1 Release Date: 2026-04-16T12:35:30Z Rating: moderate References: * bsc#1222465 * bsc#1234736 * bsc#1258859 Cross-References: * CVE-2026-3184 CVSS scores: * CVE-2026-3184 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-3184 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-3184 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability and has two security fixes can now be installed. ## Description: This update for util-linux fixes the following issues: Security issue: * CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859). Non security issues: * recognize fuse "portal" as a virtual file system (bsc#1234736). * fdisk: fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1406=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1406=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libblkid1-debuginfo-2.40.4-150700.4.10.1 * libmount-devel-2.40.4-150700.4.10.1 * libblkid1-2.40.4-150700.4.10.1 * libmount1-2.40.4-150700.4.10.1 * libuuid-devel-static-2.40.4-150700.4.10.1 * libsmartcols1-debuginfo-2.40.4-150700.4.10.1 * util-linux-debuginfo-2.40.4-150700.4.10.1 * libuuid1-debuginfo-2.40.4-150700.4.10.1 * util-linux-systemd-2.40.4-150700.4.10.1 * libfdisk1-2.40.4-150700.4.10.1 * libuuid1-2.40.4-150700.4.10.1 * util-linux-systemd-debugsource-2.40.4-150700.4.10.1 * util-linux-systemd-debuginfo-2.40.4-150700.4.10.1 * util-linux-2.40.4-150700.4.10.1 * libuuid-devel-2.40.4-150700.4.10.1 * util-linux-debugsource-2.40.4-150700.4.10.1 * libmount1-debuginfo-2.40.4-150700.4.10.1 * util-linux-tty-tools-debuginfo-2.40.4-150700.4.10.1 * libsmartcols1-2.40.4-150700.4.10.1 * libblkid-devel-static-2.40.4-150700.4.10.1 * util-linux-tty-tools-2.40.4-150700.4.10.1 * libsmartcols-devel-2.40.4-150700.4.10.1 * libblkid-devel-2.40.4-150700.4.10.1 * libfdisk1-debuginfo-2.40.4-150700.4.10.1 * libfdisk-devel-2.40.4-150700.4.10.1 * Basesystem Module 15-SP7 (noarch) * util-linux-lang-2.40.4-150700.4.10.1 * Basesystem Module 15-SP7 (s390x) * util-linux-extra-2.40.4-150700.4.10.1 * util-linux-extra-debuginfo-2.40.4-150700.4.10.1 * Basesystem Module 15-SP7 (x86_64) * libblkid1-32bit-2.40.4-150700.4.10.1 * libmount1-32bit-debuginfo-2.40.4-150700.4.10.1 * libuuid1-32bit-debuginfo-2.40.4-150700.4.10.1 * libuuid1-32bit-2.40.4-150700.4.10.1 * libmount1-32bit-2.40.4-150700.4.10.1 * libblkid1-32bit-debuginfo-2.40.4-150700.4.10.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * util-linux-systemd-debuginfo-2.40.4-150700.4.10.1 * uuidd-2.40.4-150700.4.10.1 * uuidd-debuginfo-2.40.4-150700.4.10.1 * util-linux-systemd-debugsource-2.40.4-150700.4.10.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3184.html * https://bugzilla.suse.com/show_bug.cgi?id=1222465 * https://bugzilla.suse.com/show_bug.cgi?id=1234736 * https://bugzilla.suse.com/show_bug.cgi?id=1258859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:31:00 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 20:31:00 -0000 Subject: SUSE-RU-2026:1405-1: important: Recommended update for fence-agents Message-ID: <177637146082.6478.12292217550485346614@5d6d53449fb2> # Recommended update for fence-agents Announcement ID: SUSE-RU-2026:1405-1 Release Date: 2026-04-16T12:27:45Z Rating: important References: * bsc#1250417 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for fence-agents fixes the following issues: * fence_aws: Fix shebang to be able to use python3.11 if it is installed (bsc#1250417). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1405=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2026-1405=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * fence-agents-debugsource-4.12.1+git.1677142927.bf55c675-150500.4.31.1 * fence-agents-4.12.1+git.1677142927.bf55c675-150500.4.31.1 * fence-agents-devel-4.12.1+git.1677142927.bf55c675-150500.4.31.1 * fence-agents-debuginfo-4.12.1+git.1677142927.bf55c675-150500.4.31.1 * fence-agents-amt_ws-4.12.1+git.1677142927.bf55c675-150500.4.31.1 * openSUSE Leap 15.5 (noarch) * fence-agents-azure-arm-4.12.1+git.1677142927.bf55c675-150500.4.31.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * fence-agents-debugsource-4.12.1+git.1677142927.bf55c675-150500.4.31.1 * fence-agents-4.12.1+git.1677142927.bf55c675-150500.4.31.1 * fence-agents-devel-4.12.1+git.1677142927.bf55c675-150500.4.31.1 * fence-agents-debuginfo-4.12.1+git.1677142927.bf55c675-150500.4.31.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (noarch) * fence-agents-azure-arm-4.12.1+git.1677142927.bf55c675-150500.4.31.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1250417 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Thu Apr 16 20:31:06 2026 From: null at suse.de (SLE-UPDATES) Date: Thu, 16 Apr 2026 20:31:06 -0000 Subject: SUSE-RU-2026:1404-1: important: Recommended update for fence-agents Message-ID: <177637146634.6478.16614552930155778611@5d6d53449fb2> # Recommended update for fence-agents Announcement ID: SUSE-RU-2026:1404-1 Release Date: 2026-04-16T12:27:32Z Rating: important References: * bsc#1218718 * bsc#1250417 * bsc#1261670 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise High Availability Extension 15 SP6 * SUSE Linux Enterprise High Availability Extension 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has three fixes can now be installed. ## Description: This update for fence-agents fixes the following issues: * fence_vmware_rest: * a fix seems to be missing in the latest version (bsc#1261670) * monitoring is not detecting problems accessing the fence device (bsc#1218718) * fence_aws: Fix shebang to be able to use python3.11 if it is installed (bsc#1250417). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2026-1404=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1404=1 openSUSE-SLE-15.6-2026-1404=1 * SUSE Linux Enterprise High Availability Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-1404=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le s390x x86_64) * fence-agents-debuginfo-4.13.1+git.1704296072.32469f29-150600.3.32.1 * fence-agents-debugsource-4.13.1+git.1704296072.32469f29-150600.3.32.1 * fence-agents-4.13.1+git.1704296072.32469f29-150600.3.32.1 * fence-agents-devel-4.13.1+git.1704296072.32469f29-150600.3.32.1 * SUSE Linux Enterprise High Availability Extension 15 SP7 (noarch) * fence-agents-azure-arm-4.13.1+git.1704296072.32469f29-150600.3.32.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * fence-agents-devel-4.13.1+git.1704296072.32469f29-150600.3.32.1 * fence-agents-debuginfo-4.13.1+git.1704296072.32469f29-150600.3.32.1 * fence-agents-4.13.1+git.1704296072.32469f29-150600.3.32.1 * fence-agents-amt_ws-4.13.1+git.1704296072.32469f29-150600.3.32.1 * fence-agents-debugsource-4.13.1+git.1704296072.32469f29-150600.3.32.1 * openSUSE Leap 15.6 (noarch) * fence-agents-azure-arm-4.13.1+git.1704296072.32469f29-150600.3.32.1 * SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le s390x x86_64) * fence-agents-debuginfo-4.13.1+git.1704296072.32469f29-150600.3.32.1 * fence-agents-debugsource-4.13.1+git.1704296072.32469f29-150600.3.32.1 * fence-agents-4.13.1+git.1704296072.32469f29-150600.3.32.1 * fence-agents-devel-4.13.1+git.1704296072.32469f29-150600.3.32.1 * SUSE Linux Enterprise High Availability Extension 15 SP6 (noarch) * fence-agents-azure-arm-4.13.1+git.1704296072.32469f29-150600.3.32.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1218718 * https://bugzilla.suse.com/show_bug.cgi?id=1250417 * https://bugzilla.suse.com/show_bug.cgi?id=1261670 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 08:30:14 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 08:30:14 -0000 Subject: SUSE-SU-2026:1420-1: moderate: Security update for NetworkManager Message-ID: <177641461442.6800.13448740749546935152@5d6d53449fb2> # Security update for NetworkManager Announcement ID: SUSE-SU-2026:1420-1 Release Date: 2026-04-16T16:44:58Z Rating: moderate References: * bsc#1257359 Cross-References: * CVE-2025-9615 CVSS scores: * CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-9615 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that solves one vulnerability can now be installed. ## Description: This update for NetworkManager fixes the following issues: * CVE-2025-9615: non-admin users are allowed to use certificates from other users (bsc#1257359). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1420=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1420=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * NetworkManager-wwan-debuginfo-1.38.2-150400.3.6.1 * libnm0-1.38.2-150400.3.6.1 * libnm0-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-cloud-setup-1.38.2-150400.3.6.1 * NetworkManager-bluetooth-1.38.2-150400.3.6.1 * NetworkManager-pppoe-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-tui-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-tui-1.38.2-150400.3.6.1 * NetworkManager-debugsource-1.38.2-150400.3.6.1 * NetworkManager-1.38.2-150400.3.6.1 * NetworkManager-pppoe-1.38.2-150400.3.6.1 * typelib-1_0-NM-1_0-1.38.2-150400.3.6.1 * NetworkManager-wwan-1.38.2-150400.3.6.1 * NetworkManager-cloud-setup-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-bluetooth-debuginfo-1.38.2-150400.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * NetworkManager-wwan-debuginfo-1.38.2-150400.3.6.1 * libnm0-1.38.2-150400.3.6.1 * libnm0-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-cloud-setup-1.38.2-150400.3.6.1 * NetworkManager-bluetooth-1.38.2-150400.3.6.1 * NetworkManager-pppoe-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-tui-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-tui-1.38.2-150400.3.6.1 * NetworkManager-debugsource-1.38.2-150400.3.6.1 * NetworkManager-1.38.2-150400.3.6.1 * NetworkManager-pppoe-1.38.2-150400.3.6.1 * typelib-1_0-NM-1_0-1.38.2-150400.3.6.1 * NetworkManager-wwan-1.38.2-150400.3.6.1 * NetworkManager-cloud-setup-debuginfo-1.38.2-150400.3.6.1 * NetworkManager-bluetooth-debuginfo-1.38.2-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9615.html * https://bugzilla.suse.com/show_bug.cgi?id=1257359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 08:30:31 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 08:30:31 -0000 Subject: SUSE-SU-2026:1419-1: moderate: Security update for NetworkManager Message-ID: <177641463175.6800.17175135363798622797@5d6d53449fb2> # Security update for NetworkManager Announcement ID: SUSE-SU-2026:1419-1 Release Date: 2026-04-16T16:44:23Z Rating: moderate References: * bsc#1257359 Cross-References: * CVE-2025-9615 CVSS scores: * CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-9615 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 An update that solves one vulnerability can now be installed. ## Description: This update for NetworkManager fixes the following issues: * CVE-2025-9615: non-admin users are allowed to use certificates from other users (bsc#1257359). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1419=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1419=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * NetworkManager-1.38.2-150400.3.5.1 * NetworkManager-bluetooth-1.38.2-150400.3.5.1 * NetworkManager-tui-1.38.2-150400.3.5.1 * libnm0-1.38.2-150400.3.5.1 * NetworkManager-wwan-1.38.2-150400.3.5.1 * NetworkManager-pppoe-1.38.2-150400.3.5.1 * NetworkManager-bluetooth-debuginfo-1.38.2-150400.3.5.1 * NetworkManager-debugsource-1.38.2-150400.3.5.1 * NetworkManager-debuginfo-1.38.2-150400.3.5.1 * NetworkManager-tui-debuginfo-1.38.2-150400.3.5.1 * NetworkManager-cloud-setup-1.38.2-150400.3.5.1 * NetworkManager-cloud-setup-debuginfo-1.38.2-150400.3.5.1 * libnm0-debuginfo-1.38.2-150400.3.5.1 * typelib-1_0-NM-1_0-1.38.2-150400.3.5.1 * NetworkManager-pppoe-debuginfo-1.38.2-150400.3.5.1 * NetworkManager-wwan-debuginfo-1.38.2-150400.3.5.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * NetworkManager-1.38.2-150400.3.5.1 * NetworkManager-bluetooth-1.38.2-150400.3.5.1 * NetworkManager-tui-1.38.2-150400.3.5.1 * libnm0-1.38.2-150400.3.5.1 * NetworkManager-wwan-1.38.2-150400.3.5.1 * NetworkManager-pppoe-1.38.2-150400.3.5.1 * NetworkManager-bluetooth-debuginfo-1.38.2-150400.3.5.1 * NetworkManager-debugsource-1.38.2-150400.3.5.1 * NetworkManager-debuginfo-1.38.2-150400.3.5.1 * NetworkManager-tui-debuginfo-1.38.2-150400.3.5.1 * NetworkManager-cloud-setup-1.38.2-150400.3.5.1 * NetworkManager-cloud-setup-debuginfo-1.38.2-150400.3.5.1 * libnm0-debuginfo-1.38.2-150400.3.5.1 * typelib-1_0-NM-1_0-1.38.2-150400.3.5.1 * NetworkManager-pppoe-debuginfo-1.38.2-150400.3.5.1 * NetworkManager-wwan-debuginfo-1.38.2-150400.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9615.html * https://bugzilla.suse.com/show_bug.cgi?id=1257359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 08:30:35 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 08:30:35 -0000 Subject: SUSE-SU-2026:1418-1: low: Security update for iproute2 Message-ID: <177641463538.6800.5488838488067823396@5d6d53449fb2> # Security update for iproute2 Announcement ID: SUSE-SU-2026:1418-1 Release Date: 2026-04-16T16:43:07Z Rating: low References: * bsc#1254324 Cross-References: * CVE-2024-58251 CVSS scores: * CVE-2024-58251 ( SUSE ): 2.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-58251 ( SUSE ): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2024-58251 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for iproute2 fixes the following issue: * CVE-2024-58251: denial of service via terminal escape sequences (bsc#1254324). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1418=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1418=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * iproute2-arpd-debuginfo-6.4-150600.7.12.1 * libnetlink-devel-6.4-150600.7.12.1 * iproute2-6.4-150600.7.12.1 * iproute2-debugsource-6.4-150600.7.12.1 * iproute2-bash-completion-6.4-150600.7.12.1 * iproute2-debuginfo-6.4-150600.7.12.1 * iproute2-arpd-6.4-150600.7.12.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * iproute2-arpd-debuginfo-6.4-150600.7.12.1 * libnetlink-devel-6.4-150600.7.12.1 * iproute2-6.4-150600.7.12.1 * iproute2-debugsource-6.4-150600.7.12.1 * iproute2-bash-completion-6.4-150600.7.12.1 * iproute2-debuginfo-6.4-150600.7.12.1 * iproute2-arpd-6.4-150600.7.12.1 ## References: * https://www.suse.com/security/cve/CVE-2024-58251.html * https://bugzilla.suse.com/show_bug.cgi?id=1254324 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 08:30:48 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 08:30:48 -0000 Subject: SUSE-SU-2026:1417-1: important: Security update for python Message-ID: <177641464862.6800.6439177514800291193@5d6d53449fb2> # Security update for python Announcement ID: SUSE-SU-2026:1417-1 Release Date: 2026-04-16T16:41:23Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for python fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611). * CVE-2026-3479: improper resource argument validation can allow path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in `http.cookies` (bsc#1259734). * CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735). * CVE-2026-4519: leading dashes in URLs are accepted by the `webbrowser.open()` API and allow for web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1417=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1417=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * python-gdbm-debuginfo-2.7.18-33.74.1 * python-curses-debuginfo-2.7.18-33.74.1 * python-xml-2.7.18-33.74.1 * python-debuginfo-2.7.18-33.74.1 * python-curses-2.7.18-33.74.1 * python-gdbm-2.7.18-33.74.1 * python-debugsource-2.7.18-33.74.1 * python-tk-debuginfo-2.7.18-33.74.1 * python-base-2.7.18-33.74.1 * libpython2_7-1_0-2.7.18-33.74.1 * python-base-debugsource-2.7.18-33.74.1 * python-tk-2.7.18-33.74.1 * python-devel-2.7.18-33.74.1 * python-demo-2.7.18-33.74.1 * python-xml-debuginfo-2.7.18-33.74.1 * libpython2_7-1_0-debuginfo-2.7.18-33.74.1 * python-2.7.18-33.74.1 * python-idle-2.7.18-33.74.1 * python-base-debuginfo-2.7.18-33.74.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * python-doc-2.7.18-33.74.1 * python-doc-pdf-2.7.18-33.74.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * python-32bit-2.7.18-33.74.1 * libpython2_7-1_0-debuginfo-32bit-2.7.18-33.74.1 * python-base-32bit-2.7.18-33.74.1 * python-debuginfo-32bit-2.7.18-33.74.1 * python-base-debuginfo-32bit-2.7.18-33.74.1 * libpython2_7-1_0-32bit-2.7.18-33.74.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * python-gdbm-debuginfo-2.7.18-33.74.1 * python-debugsource-2.7.18-33.74.1 * python-base-debuginfo-32bit-2.7.18-33.74.1 * python-base-debugsource-2.7.18-33.74.1 * python-devel-2.7.18-33.74.1 * python-demo-2.7.18-33.74.1 * python-idle-2.7.18-33.74.1 * libpython2_7-1_0-32bit-2.7.18-33.74.1 * python-32bit-2.7.18-33.74.1 * python-curses-debuginfo-2.7.18-33.74.1 * python-tk-debuginfo-2.7.18-33.74.1 * python-debuginfo-32bit-2.7.18-33.74.1 * python-base-debuginfo-2.7.18-33.74.1 * libpython2_7-1_0-2.7.18-33.74.1 * python-tk-2.7.18-33.74.1 * libpython2_7-1_0-debuginfo-2.7.18-33.74.1 * python-2.7.18-33.74.1 * python-xml-2.7.18-33.74.1 * python-debuginfo-2.7.18-33.74.1 * libpython2_7-1_0-debuginfo-32bit-2.7.18-33.74.1 * python-curses-2.7.18-33.74.1 * python-gdbm-2.7.18-33.74.1 * python-base-32bit-2.7.18-33.74.1 * python-base-2.7.18-33.74.1 * python-xml-debuginfo-2.7.18-33.74.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * python-doc-2.7.18-33.74.1 * python-doc-pdf-2.7.18-33.74.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 12:30:08 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 12:30:08 -0000 Subject: SUSE-SU-2026:1422-1: moderate: Security update for smc-tools Message-ID: <177642900898.6061.16817109980429565442@6fd1d05cebf0> # Security update for smc-tools Announcement ID: SUSE-SU-2026:1422-1 Release Date: 2026-04-17T07:21:34Z Rating: moderate References: * bsc#1230052 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS An update that has one security fix can now be installed. ## Description: This update for smc-tools fixes the following issue: Update to smc-tools v1.8.7: * predictable /tmp file allows for local denial of service (bsc#1230052). Changelog: Update to v1.8.7: * smc_rnics: fix regression when PFT not available * smcd/smcr: prevent DoS on statistics workfile present in /tmp/ Update to v1.8.6: * man pages: Update man page for smc_pnet * smc-tools: Display sndbuf/RMB stats only if supported by the kernel Update to v1.8.5: * smc_rnics: Add support for Network Express RNIC in smc_rnics * smc_rnics: Add PFT and VF columns to smc_rnics output * libnetlink..: Fix function declaration to use a void prototype * smc_rnics: Update smc_chk to extract PNetID from column 9 * man pages: Update man page for --rawids option and PFT and VF columns * smc_rnics: Fix missing PPrt values in smc_rnics -r output ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1422=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1422=1 openSUSE-SLE-15.6-2026-1422=1 ## Package List: * SUSE Linux Enterprise Server 15 SP6 LTSS (s390x) * smc-tools-debuginfo-1.8.7-150600.3.6.1 * smc-tools-debugsource-1.8.7-150600.3.6.1 * smc-tools-completion-1.8.7-150600.3.6.1 * smc-tools-1.8.7-150600.3.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * smc-tools-debuginfo-1.8.7-150600.3.6.1 * smc-tools-debugsource-1.8.7-150600.3.6.1 * smc-tools-completion-1.8.7-150600.3.6.1 * smc-tools-1.8.7-150600.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1230052 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 12:30:16 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 12:30:16 -0000 Subject: SUSE-SU-2026:1421-1: moderate: Security update for python-CairoSVG Message-ID: <177642901677.6061.3941796373853670465@6fd1d05cebf0> # Security update for python-CairoSVG Announcement ID: SUSE-SU-2026:1421-1 Release Date: 2026-04-17T06:46:50Z Rating: moderate References: * bsc#1259690 Cross-References: * CVE-2026-31899 CVSS scores: * CVE-2026-31899 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31899 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-31899 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-CairoSVG fixes the following issue: * CVE-2026-31899: denial of service via recursive element amplification (bsc#1259690). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1421=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1421=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1421=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-CairoSVG-2.7.1-150400.9.6.1 * openSUSE Leap 15.6 (noarch) * python311-CairoSVG-2.7.1-150400.9.6.1 * Python 3 Module 15-SP7 (noarch) * python311-CairoSVG-2.7.1-150400.9.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31899.html * https://bugzilla.suse.com/show_bug.cgi?id=1259690 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:30:08 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:30:08 -0000 Subject: SUSE-SU-2026:21132-1: important: Security update for vim Message-ID: <177644340899.6118.12249652002946541539@2ec35c3f4c39> # Security update for vim Announcement ID: SUSE-SU-2026:21132-1 Release Date: 2026-04-14T08:35:51Z Rating: important References: * bsc#1259985 * bsc#1261191 * bsc#1261271 Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.1 * SUSE Linux Micro Extras 6.1 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * Update to 9.2.0280 * CVE-2026-33412: command injection via newline in glob() (bsc#1259985). * CVE-2026-34714: crafted file can allow code execution (bsc#1261191). * CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.1 zypper in -t patch SUSE-SLE-Micro-Extras-6.1-486=1 ## Package List: * SUSE Linux Micro Extras 6.1 (aarch64 ppc64le s390x x86_64) * vim-debuginfo-9.2.0280-slfo.1.1_1.1 * vim-debugsource-9.2.0280-slfo.1.1_1.1 * vim-9.2.0280-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://bugzilla.suse.com/show_bug.cgi?id=1259985 * https://bugzilla.suse.com/show_bug.cgi?id=1261191 * https://bugzilla.suse.com/show_bug.cgi?id=1261271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:32:25 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:32:25 -0000 Subject: SUSE-SU-2026:21131-1: important: Security update for the Linux Kernel Message-ID: <177644354598.6118.5402130662670309694@2ec35c3f4c39> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21131-1 Release Date: 2026-04-13T18:28:29Z Rating: important References: * bsc#1226591 * bsc#1245728 * bsc#1249998 * bsc#1251135 * bsc#1251186 * bsc#1251971 * bsc#1252073 * bsc#1252266 * bsc#1253049 * bsc#1253455 * bsc#1254306 * bsc#1255084 * bsc#1256645 * bsc#1256647 * bsc#1256690 * bsc#1256784 * bsc#1257183 * bsc#1257466 * bsc#1257472 * bsc#1257473 * bsc#1257506 * bsc#1257561 * bsc#1257682 * bsc#1257732 * bsc#1257755 * bsc#1257773 * bsc#1257777 * bsc#1257814 * bsc#1257952 * bsc#1258280 * bsc#1258286 * bsc#1258293 * bsc#1258303 * bsc#1258305 * bsc#1258330 * bsc#1258337 * bsc#1258338 * bsc#1258340 * bsc#1258376 * bsc#1258389 * bsc#1258414 * bsc#1258424 * bsc#1258447 * bsc#1258524 * bsc#1258832 * bsc#1258849 * bsc#1259188 * bsc#1259461 * bsc#1259580 * bsc#1259707 * bsc#1259795 * bsc#1259797 * bsc#1259865 * bsc#1259870 * bsc#1259886 * bsc#1259889 * bsc#1259891 * bsc#1259997 * bsc#1259998 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260464 * bsc#1260471 * bsc#1260481 * bsc#1260486 * bsc#1260497 * bsc#1260500 * bsc#1260527 * bsc#1260544 * bsc#1260550 * bsc#1260562 * bsc#1260580 * bsc#1260730 * bsc#1260732 * bsc#1260735 * bsc#1260799 * bsc#1261412 * bsc#1261496 * bsc#1261498 * bsc#1261507 * bsc#1261669 Cross-References: * CVE-2024-38542 * CVE-2025-39817 * CVE-2025-39998 * CVE-2025-40201 * CVE-2025-40253 * CVE-2025-68794 * CVE-2025-71066 * CVE-2025-71125 * CVE-2025-71231 * CVE-2025-71268 * CVE-2025-71269 * CVE-2026-23030 * CVE-2026-23047 * CVE-2026-23054 * CVE-2026-23069 * CVE-2026-23088 * CVE-2026-23103 * CVE-2026-23120 * CVE-2026-23125 * CVE-2026-23136 * CVE-2026-23140 * CVE-2026-23154 * CVE-2026-23157 * CVE-2026-23169 * CVE-2026-23187 * CVE-2026-23193 * CVE-2026-23201 * CVE-2026-23202 * CVE-2026-23204 * CVE-2026-23207 * CVE-2026-23216 * CVE-2026-23231 * CVE-2026-23242 * CVE-2026-23243 * CVE-2026-23255 * CVE-2026-23262 * CVE-2026-23270 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23277 * CVE-2026-23278 * CVE-2026-23281 * CVE-2026-23292 * CVE-2026-23293 * CVE-2026-23304 * CVE-2026-23317 * CVE-2026-23319 * CVE-2026-23335 * CVE-2026-23343 * CVE-2026-23361 * CVE-2026-23379 * CVE-2026-23381 * CVE-2026-23383 * CVE-2026-23386 * CVE-2026-23395 * CVE-2026-23398 * CVE-2026-23412 * CVE-2026-23413 * CVE-2026-23414 * CVE-2026-23419 * CVE-2026-31788 CVSS scores: * CVE-2024-38542 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2024-38542 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39817 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68794 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71125 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71125 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71231 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-71231 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71231 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71268 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71268 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71269 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71269 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23030 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23030 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23047 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23047 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23054 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23088 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23136 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23157 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23169 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23187 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23202 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23202 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23202 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23207 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23207 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23207 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23242 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23262 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23262 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23281 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23304 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23304 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23319 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23335 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23335 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-23343 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23343 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23361 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23395 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23412 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23412 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23414 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23419 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 * SUSE Linux Micro Extras 6.1 An update that solves 61 vulnerabilities and has 21 fixes can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591). * CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998). * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455). * CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). * CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). * CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784). * CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865). * CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889). * CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561). * CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682). * CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755). * CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). * CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303). * CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). * CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286). * CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389). * CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). * CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). * CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). * CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). * CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). * CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). * CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). * CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). * CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735). * CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550). * CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527). * CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). * CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). * CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23395: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (bsc#1260580). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). * CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non-security bugs were fixed: * ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes). * ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes). * ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes). * ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes). * ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes). * ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes). * ALSA: firewire-lib: fix uninitialized local variable (git-fixes). * ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes). * ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable- fixes). * ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes). * ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes). * ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git- fixes). * ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes). * ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes). * ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes). * ASoC: Intel: catpt: Fix the device initialization (git-fixes). * ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git- fixes). * ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes). * ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes). * ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes). * ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes). * ASoC: detect empty DMI strings (git-fixes). * ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable- fixes). * ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes). * ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes). * ASoC: soc-core: flush delayed work before removing DAIs and widgets (git- fixes). * Bluetooth: HIDP: Fix possible UAF (git-fixes). * Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git- fixes). * Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes). * Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes). * Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git- fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes). * Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git- fixes). * Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes). * Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git- fixes). * Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git- fixes). * Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes). * Bluetooth: MGMT: validate LTK enc_size on load (git-fixes). * Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes). * Bluetooth: Remove 3 repeated macro definitions (stable-fixes). * Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes). * Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes). * Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes). * Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes). * Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes). * Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes). * Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes). * Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes). * Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes). * Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes). * Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable- fixes). * Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git- fixes). * Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). * Drivers: hv: remove stale comment (git-fixes). * Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes). * Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git- fixes). * Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes). * HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes). * HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes). * HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes). * HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable- fixes). * HID: mcp2221: cancel last I2C command on read error (stable-fixes). * Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes). * KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). * NFC: nxp-nci: allow GPIOs to sleep (git-fixes). * NFC: pn533: bound the UART receive buffer (git-fixes). * PCI: Update BAR # and window messages (stable-fixes). * PCI: hv: Correct a comment (git-fixes). * PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). * PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). * PCI: hv: remove unnecessary module_init/exit functions (git-fixes). * PM: runtime: Fix a race condition related to device removal (git-fixes). * RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135). * RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes). * RDMA/mana_ib: Add device statistics support (git-fixes). * RDMA/mana_ib: Add device-memory support (git-fixes). * RDMA/mana_ib: Add port statistics support (git-fixes). * RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). * RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). * RDMA/mana_ib: Adding and deleting GIDs (git-fixes). * RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes). * RDMA/mana_ib: Configure mac address in RNIC (git-fixes). * RDMA/mana_ib: Create and destroy RC QP (git-fixes). * RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes). * RDMA/mana_ib: Create and destroy rnic adapter (git-fixes). * RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes). * RDMA/mana_ib: Enable RoCE on port 1 (git-fixes). * RDMA/mana_ib: Extend modify QP (git-fixes). * RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). * RDMA/mana_ib: Fix error code in probe() (git-fixes). * RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135). * RDMA/mana_ib: Fix missing ret value (git-fixes). * RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690). * RDMA/mana_ib: Implement DMABUF MR support (git-fixes). * RDMA/mana_ib: Implement port parameters (git-fixes). * RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes). * RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git- fixes). * RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes). * RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes). * RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes). * RDMA/mana_ib: Modify QP state (git-fixes). * RDMA/mana_ib: Process QP error events in mana_ib (git-fixes). * RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes). * RDMA/mana_ib: Set correct device into ib (git-fixes). * RDMA/mana_ib: Take CQ type from the device type (git-fixes). * RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes). * RDMA/mana_ib: UD/GSI work requests (git-fixes). * RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes). * RDMA/mana_ib: Use safer allocation function() (bsc#1251135). * RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes). * RDMA/mana_ib: add additional port counters (bsc#1251135). * RDMA/mana_ib: add support of multiple ports (bsc#1251135). * RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). * RDMA/mana_ib: create EQs for RNIC CQs (git-fixes). * RDMA/mana_ib: create and destroy RNIC cqs (git-fixes). * RDMA/mana_ib: create kernel-level CQs (git-fixes). * RDMA/mana_ib: create/destroy AH (git-fixes). * RDMA/mana_ib: extend mana QP table (git-fixes). * RDMA/mana_ib: extend query device (git-fixes). * RDMA/mana_ib: helpers to allocate kernel queues (git-fixes). * RDMA/mana_ib: implement get_dma_mr (git-fixes). * RDMA/mana_ib: implement req_notify_cq (git-fixes). * RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes). * RDMA/mana_ib: indicate CM support (git-fixes). * RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes). * RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes). * RDMA/mana_ib: remove useless return values from dbg prints (git-fixes). * RDMA/mana_ib: request error CQEs when supported (git-fixes). * RDMA/mana_ib: set node_guid (git-fixes). * RDMA/mana_ib: support of the zero based MRs (bsc#1251135). * RDMA/mana_ib: unify mana_ib functions to support any gdma device (git- fixes). * Remove "scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans" changes (bsc#1257506). * USB: core: Limit the length of unkillable synchronous timeouts (git-fixes). * USB: dummy-hcd: Fix interrupt synchronization error (git-fixes). * USB: dummy-hcd: Fix locking/synchronization error (git-fixes). * USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable- fixes). * USB: serial: f81232: fix incomplete serial port generation (stable-fixes). * USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes). * USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git- fixes). * accel/qaic: Handle DBC deactivation if the owner went away (git-fixes). * apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). * apparmor: fix differential encoding verification (bsc#1258849). * apparmor: fix memory leak in verify_header (bsc#1258849). * apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). * apparmor: fix race between freeing data and fs accessing it (bsc#1258849). * apparmor: fix race on rawdata dereference (bsc#1258849). * apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). * apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). * apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). * apparmor: replace recursive profile removal with iterative approach (bsc#1258849). * apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). * batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). * bonding: do not set usable_slaves for broadcast mode (git-fixes). * btrfs: fix zero size inode with non-zero size after log replay (git-fixes). * btrfs: log new dentries when logging parent dir of a conflicting inode (git- fixes). * btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). * can: bcm: fix locking for bcm_op runtime updates (git-fixes). * can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). * can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes). * can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes). * can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes). * can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). * can: ucan: Fix infinite loop from zero-length messages (git-fixes). * can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). * comedi: Reinit dev->spinlock between attachments to low-level drivers (git- fixes). * comedi: me4000: Fix potential overrun of firmware buffer (git-fixes). * comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes). * comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes). * crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes). * crypto: caam - fix DMA corruption on long hmac keys (git-fixes). * crypto: caam - fix overflow on long hmac keys (git-fixes). * dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes). * dmaengine: idxd: Fix leaking event log memory (git-fixes). * dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes). * dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes). * dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable- fixes). * dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes). * dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). * dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes). * dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git- fixes). * dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes). * drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable- fixes). * drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes). * drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes). * drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes). * drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git- fixes). * drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes). * drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable- fixes). * drm/ast: dp501: Fix initialization of SCU2C (git-fixes). * drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes). * drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable- fixes). * drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (git-fixes). * drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes). * drm/i915/gt: Check set_default_submission() before deferencing (git-fixes). * drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes). * drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes). * drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git- fixes). * drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes). * drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). * drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). * firmware: arm_scpi: Fix device_node reference leak in probe path (git- fixes). * gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes). * hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git- fixes). * hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes). * hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git- fixes). * hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes). * hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes). * hwmon: (it87) Check the it87_lock() return value (git-fixes). * hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes). * hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes). * hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes). * hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes). * hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes). * hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes). * hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). * hwmon: (pxe1610) Check return value of page-select write in probe (git- fixes). * hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes). * hwmon: axi-fan: do not use driver_override as IRQ name (git-fixes). * i2c: cp2615: fix serial string NULL-deref at probe (git-fixes). * i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes). * i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes). * i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes). * idpf: nullify pointers after they are freed (git-fixes). * iio: accel: fix ADXL355 temperature signature value (git-fixes). * iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes). * iio: chemical: bme680: Fix measurement wait duration calculation (git- fixes). * iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git- fixes). * iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes). * iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes). * iio: dac: ds4424: reject -128 RAW value (git-fixes). * iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes). * iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes). * iio: gyro: mpu3050: Fix irq resource leak (git-fixes). * iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes). * iio: gyro: mpu3050: Move iio_device_register() to correct location (git- fixes). * iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes). * iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes). * iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes). * iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes). * iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes). * iio: potentiometer: mcp4131: fix double application of wiper shift (git- fixes). * media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git- fixes). * media: tegra-video: Use accessors for pad config 'try_*' fields (stable- fixes). * mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes). * mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). * mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes). * mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). * misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes). * mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes). * mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes). * mtd: Avoid boot crash in RedBoot partition table parser (git-fixes). * mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes). * mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes). * mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes). * mtd: rawnand: serialize lock/unlock against other NAND operations (git- fixes). * mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable- fixes). * mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes). * net/mana: Null service_wq on setup error to prevent double destroy (git- fix). * net/mlx5: Fix crash when moving to switchdev mode (git-fixes). * net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes). * net/x25: Fix overflow when accumulating packets (git-fixes). * net/x25: Fix potential double free of skb (git-fixes). * net: mana: Add metadata support for xdp mode (git-fixes). * net: mana: Add standard counter rx_missed_errors (git-fixes). * net: mana: Add support for auxiliary device servicing events (bsc#1251971). * net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690). * net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). * net: mana: Fix double destroy_workqueue on service rescan PCI path (git- fixes). * net: mana: Fix use-after-free in reset service rescan path (git-fixes). * net: mana: Fix warnings for missing export.h header inclusion (git-fixes). * net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971). * net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). * net: mana: Handle hardware recovery events when probing the device (bsc#1257466). * net: mana: Handle unsupported HWC commands (git-fixes). * net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). * net: mana: Move hardware counter stats from per-port to per-VF context (git- fixes). * net: mana: Probe rdma device in mana driver (git-fixes). * net: mana: Reduce waiting time if HWC not responding (bsc#1252266). * net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). * net: mana: Support HW link state events (bsc#1253049). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes). * net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). * net: mana: fix use-after-free in add_adev() error path (git-fixes). * net: mana: use ethtool string helpers (git-fixes). * net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). * net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes). * net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes). * net: usb: lan78xx: fix silent drop of packets with checksum errors (git- fixes). * net: usb: pegasus: validate USB endpoints (stable-fixes). * nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git- fixes). * nfc: nci: fix circular locking dependency in nci_close_device (git-fixes). * nfc: nci: free skb on nci_transceive early error paths (git-fixes). * nfc: rawsock: cancel tx_work before socket teardown (git-fixes). * nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). * phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes). * pinctrl: equilibrium: fix warning trace on load (git-fixes). * pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes). * pinctrl: mediatek: common: Fix probe failure for devices without EINT (git- fixes). * pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes). * platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes). * platform/x86: ISST: Correct locked bit width (git-fixes). * platform/x86: dell-wmi-sysman: Do not hex dump plaintext password data (git- fixes). * platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes). * platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes). * platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes). * platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes). * qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes). * regmap: Synchronize cache for the page selector (git-fixes). * regulator: pca9450: Correct interrupt type (git-fixes). * regulator: pca9450: Make IRQ optional (stable-fixes). * remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes). * rename Hyper-v patch files to simplify further SP6-SP7 merges * s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). * scsi: mpi3mr: Event processing debug improvement (bsc#1251186, bsc#1258832). * scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). * scsi: storvsc: Remove redundant ternary operators (git-fixes). * selftests/powerpc: Re-order *FLAGS to follow lib.mk (bsc#1261669). * selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669). * selftests/powerpc: make sub-folders buildable on their own (bsc#1261669). * serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes). * serial: 8250: Fix TX deadlock when using DMA (git-fixes). * serial: 8250_pci: add support for the AX99100 (stable-fixes). * serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes). * soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git- fixes). * soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes). * spi: fix statistics allocation (git-fixes). * spi: fix use-after-free on controller registration failure (git-fixes). * spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes). * staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable- fixes). * tg3: Fix race for querying speed/duplex (bsc#1257183). * thunderbolt: Fix property read in nhi_wake_supported() (git-fixes). * tools/hv: add a .gitignore file (git-fixes). * tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes). * tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes). * tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). * tools: hv: lsvmbus: change shebang to use python3 (git-fixes). * usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes). * usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes). * usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable- fixes). * usb: cdns3: fix role switching during resume (git-fixes). * usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes). * usb: cdns3: gadget: fix state inconsistency on gadget init failure (git- fixes). * usb: cdns3: remove redundant if branch (stable-fixes). * usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes). * usb: core: do not power off roothub PHYs if phy_set_mode() fails (git- fixes). * usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes). * usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes). * usb: ehci-brcm: fix sleep during atomic (git-fixes). * usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes). * usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes). * usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes). * usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git- fixes). * usb: gadget: uvc: fix NULL pointer dereference during unbind race (git- fixes). * usb: image: mdc800: kill download URB on timeout (stable-fixes). * usb: mdc800: handle signal and read racing (stable-fixes). * usb: misc: uss720: properly clean up reference in uss720_probe() (stable- fixes). * usb: renesas_usbhs: fix use-after-free in ISR during device removal (git- fixes). * usb: roles: get usb role switch from parent only for usb-b-connector (git- fixes). * usb: ulpi: fix double free in ulpi_register_interface() error path (git- fixes). * usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes). * usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes). * usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable- fixes). * usb: yurex: fix race in probe (stable-fixes). * wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes). * wifi: cw1200: Fix locking in error paths (git-fixes). * wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes). * wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git- fixes). * wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes). * wifi: mac80211: set default WMM parameters on all links (stable-fixes). * wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). * wifi: rsi: Do not default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). * wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git- fixes). * wifi: wlcore: Fix a locking bug (git-fixes). * wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). * xen/privcmd: unregister xenstore notifier on module exit (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.1 zypper in -t patch SUSE-SLE-Micro-Extras-6.1-kernel-340=1 ## Package List: * SUSE Linux Micro Extras 6.1 (nosrc) * kernel-64kb-6.4.0-41.1 * SUSE Linux Micro Extras 6.1 (aarch64) * kernel-64kb-debugsource-6.4.0-41.1 * kernel-64kb-devel-6.4.0-41.1 * SUSE Linux Micro Extras 6.1 (aarch64 ppc64le s390x x86_64) * kernel-syms-6.4.0-41.1 * kernel-obs-build-debugsource-6.4.0-41.1 * kernel-obs-build-6.4.0-41.1 ## References: * https://www.suse.com/security/cve/CVE-2024-38542.html * https://www.suse.com/security/cve/CVE-2025-39817.html * https://www.suse.com/security/cve/CVE-2025-39998.html * https://www.suse.com/security/cve/CVE-2025-40201.html * https://www.suse.com/security/cve/CVE-2025-40253.html * https://www.suse.com/security/cve/CVE-2025-68794.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2025-71125.html * https://www.suse.com/security/cve/CVE-2025-71231.html * https://www.suse.com/security/cve/CVE-2025-71268.html * https://www.suse.com/security/cve/CVE-2025-71269.html * https://www.suse.com/security/cve/CVE-2026-23030.html * https://www.suse.com/security/cve/CVE-2026-23047.html * https://www.suse.com/security/cve/CVE-2026-23054.html * https://www.suse.com/security/cve/CVE-2026-23069.html * https://www.suse.com/security/cve/CVE-2026-23088.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23120.html * https://www.suse.com/security/cve/CVE-2026-23125.html * https://www.suse.com/security/cve/CVE-2026-23136.html * https://www.suse.com/security/cve/CVE-2026-23140.html * https://www.suse.com/security/cve/CVE-2026-23154.html * https://www.suse.com/security/cve/CVE-2026-23157.html * https://www.suse.com/security/cve/CVE-2026-23169.html * https://www.suse.com/security/cve/CVE-2026-23187.html * https://www.suse.com/security/cve/CVE-2026-23193.html * https://www.suse.com/security/cve/CVE-2026-23201.html * https://www.suse.com/security/cve/CVE-2026-23202.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23207.html * https://www.suse.com/security/cve/CVE-2026-23216.html * https://www.suse.com/security/cve/CVE-2026-23231.html * https://www.suse.com/security/cve/CVE-2026-23242.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23255.html * https://www.suse.com/security/cve/CVE-2026-23262.html * https://www.suse.com/security/cve/CVE-2026-23270.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23277.html * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-23281.html * https://www.suse.com/security/cve/CVE-2026-23292.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23304.html * https://www.suse.com/security/cve/CVE-2026-23317.html * https://www.suse.com/security/cve/CVE-2026-23319.html * https://www.suse.com/security/cve/CVE-2026-23335.html * https://www.suse.com/security/cve/CVE-2026-23343.html * https://www.suse.com/security/cve/CVE-2026-23361.html * https://www.suse.com/security/cve/CVE-2026-23379.html * https://www.suse.com/security/cve/CVE-2026-23381.html * https://www.suse.com/security/cve/CVE-2026-23383.html * https://www.suse.com/security/cve/CVE-2026-23386.html * https://www.suse.com/security/cve/CVE-2026-23395.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://www.suse.com/security/cve/CVE-2026-23412.html * https://www.suse.com/security/cve/CVE-2026-23413.html * https://www.suse.com/security/cve/CVE-2026-23414.html * https://www.suse.com/security/cve/CVE-2026-23419.html * https://www.suse.com/security/cve/CVE-2026-31788.html * https://bugzilla.suse.com/show_bug.cgi?id=1226591 * https://bugzilla.suse.com/show_bug.cgi?id=1245728 * https://bugzilla.suse.com/show_bug.cgi?id=1249998 * https://bugzilla.suse.com/show_bug.cgi?id=1251135 * https://bugzilla.suse.com/show_bug.cgi?id=1251186 * https://bugzilla.suse.com/show_bug.cgi?id=1251971 * https://bugzilla.suse.com/show_bug.cgi?id=1252073 * https://bugzilla.suse.com/show_bug.cgi?id=1252266 * https://bugzilla.suse.com/show_bug.cgi?id=1253049 * https://bugzilla.suse.com/show_bug.cgi?id=1253455 * https://bugzilla.suse.com/show_bug.cgi?id=1254306 * https://bugzilla.suse.com/show_bug.cgi?id=1255084 * https://bugzilla.suse.com/show_bug.cgi?id=1256645 * https://bugzilla.suse.com/show_bug.cgi?id=1256647 * https://bugzilla.suse.com/show_bug.cgi?id=1256690 * https://bugzilla.suse.com/show_bug.cgi?id=1256784 * https://bugzilla.suse.com/show_bug.cgi?id=1257183 * https://bugzilla.suse.com/show_bug.cgi?id=1257466 * https://bugzilla.suse.com/show_bug.cgi?id=1257472 * https://bugzilla.suse.com/show_bug.cgi?id=1257473 * https://bugzilla.suse.com/show_bug.cgi?id=1257506 * https://bugzilla.suse.com/show_bug.cgi?id=1257561 * https://bugzilla.suse.com/show_bug.cgi?id=1257682 * https://bugzilla.suse.com/show_bug.cgi?id=1257732 * https://bugzilla.suse.com/show_bug.cgi?id=1257755 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1257777 * https://bugzilla.suse.com/show_bug.cgi?id=1257814 * https://bugzilla.suse.com/show_bug.cgi?id=1257952 * https://bugzilla.suse.com/show_bug.cgi?id=1258280 * https://bugzilla.suse.com/show_bug.cgi?id=1258286 * https://bugzilla.suse.com/show_bug.cgi?id=1258293 * https://bugzilla.suse.com/show_bug.cgi?id=1258303 * https://bugzilla.suse.com/show_bug.cgi?id=1258305 * https://bugzilla.suse.com/show_bug.cgi?id=1258330 * https://bugzilla.suse.com/show_bug.cgi?id=1258337 * https://bugzilla.suse.com/show_bug.cgi?id=1258338 * https://bugzilla.suse.com/show_bug.cgi?id=1258340 * https://bugzilla.suse.com/show_bug.cgi?id=1258376 * https://bugzilla.suse.com/show_bug.cgi?id=1258389 * https://bugzilla.suse.com/show_bug.cgi?id=1258414 * https://bugzilla.suse.com/show_bug.cgi?id=1258424 * https://bugzilla.suse.com/show_bug.cgi?id=1258447 * https://bugzilla.suse.com/show_bug.cgi?id=1258524 * https://bugzilla.suse.com/show_bug.cgi?id=1258832 * https://bugzilla.suse.com/show_bug.cgi?id=1258849 * https://bugzilla.suse.com/show_bug.cgi?id=1259188 * https://bugzilla.suse.com/show_bug.cgi?id=1259461 * https://bugzilla.suse.com/show_bug.cgi?id=1259580 * https://bugzilla.suse.com/show_bug.cgi?id=1259707 * https://bugzilla.suse.com/show_bug.cgi?id=1259795 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259865 * https://bugzilla.suse.com/show_bug.cgi?id=1259870 * https://bugzilla.suse.com/show_bug.cgi?id=1259886 * https://bugzilla.suse.com/show_bug.cgi?id=1259889 * https://bugzilla.suse.com/show_bug.cgi?id=1259891 * https://bugzilla.suse.com/show_bug.cgi?id=1259997 * https://bugzilla.suse.com/show_bug.cgi?id=1259998 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260464 * https://bugzilla.suse.com/show_bug.cgi?id=1260471 * https://bugzilla.suse.com/show_bug.cgi?id=1260481 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260497 * https://bugzilla.suse.com/show_bug.cgi?id=1260500 * https://bugzilla.suse.com/show_bug.cgi?id=1260527 * https://bugzilla.suse.com/show_bug.cgi?id=1260544 * https://bugzilla.suse.com/show_bug.cgi?id=1260550 * https://bugzilla.suse.com/show_bug.cgi?id=1260562 * https://bugzilla.suse.com/show_bug.cgi?id=1260580 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1260732 * https://bugzilla.suse.com/show_bug.cgi?id=1260735 * https://bugzilla.suse.com/show_bug.cgi?id=1260799 * https://bugzilla.suse.com/show_bug.cgi?id=1261412 * https://bugzilla.suse.com/show_bug.cgi?id=1261496 * https://bugzilla.suse.com/show_bug.cgi?id=1261498 * https://bugzilla.suse.com/show_bug.cgi?id=1261507 * https://bugzilla.suse.com/show_bug.cgi?id=1261669 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:32:40 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:32:40 -0000 Subject: SUSE-SU-2026:21130-1: important: Security update for vim Message-ID: <177644356090.6118.10471265022235069580@2ec35c3f4c39> # Security update for vim Announcement ID: SUSE-SU-2026:21130-1 Release Date: 2026-04-14T07:55:35Z Rating: important References: * bsc#1259985 * bsc#1261191 * bsc#1261271 Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro Extras 6.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * Update to 9.2.0280 * CVE-2026-33412: command injection via newline in glob() (bsc#1259985). * CVE-2026-34714: crafted file can allow code execution (bsc#1261191). * CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.0 zypper in -t patch SUSE-SLE-Micro-Extras-6.0-665=1 ## Package List: * SUSE Linux Micro Extras 6.0 (aarch64 s390x x86_64) * vim-debugsource-9.2.0280-1.1 * vim-9.2.0280-1.1 * vim-debuginfo-9.2.0280-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://bugzilla.suse.com/show_bug.cgi?id=1259985 * https://bugzilla.suse.com/show_bug.cgi?id=1261191 * https://bugzilla.suse.com/show_bug.cgi?id=1261271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:34:48 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:34:48 -0000 Subject: SUSE-SU-2026:21129-1: important: Security update for the Linux Kernel Message-ID: <177644368854.6118.12066532257002314364@2ec35c3f4c39> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21129-1 Release Date: 2026-04-13T18:28:29Z Rating: important References: * bsc#1226591 * bsc#1245728 * bsc#1249998 * bsc#1251135 * bsc#1251186 * bsc#1251971 * bsc#1252073 * bsc#1252266 * bsc#1253049 * bsc#1253455 * bsc#1254306 * bsc#1255084 * bsc#1256645 * bsc#1256647 * bsc#1256690 * bsc#1256784 * bsc#1257183 * bsc#1257466 * bsc#1257472 * bsc#1257473 * bsc#1257506 * bsc#1257561 * bsc#1257682 * bsc#1257732 * bsc#1257755 * bsc#1257773 * bsc#1257777 * bsc#1257814 * bsc#1257952 * bsc#1258280 * bsc#1258286 * bsc#1258293 * bsc#1258303 * bsc#1258305 * bsc#1258330 * bsc#1258337 * bsc#1258338 * bsc#1258340 * bsc#1258376 * bsc#1258389 * bsc#1258414 * bsc#1258424 * bsc#1258447 * bsc#1258524 * bsc#1258832 * bsc#1258849 * bsc#1259188 * bsc#1259461 * bsc#1259580 * bsc#1259707 * bsc#1259795 * bsc#1259797 * bsc#1259865 * bsc#1259870 * bsc#1259886 * bsc#1259889 * bsc#1259891 * bsc#1259997 * bsc#1259998 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260464 * bsc#1260471 * bsc#1260481 * bsc#1260486 * bsc#1260497 * bsc#1260500 * bsc#1260527 * bsc#1260544 * bsc#1260550 * bsc#1260562 * bsc#1260580 * bsc#1260730 * bsc#1260732 * bsc#1260735 * bsc#1260799 * bsc#1261412 * bsc#1261496 * bsc#1261498 * bsc#1261507 * bsc#1261669 Cross-References: * CVE-2024-38542 * CVE-2025-39817 * CVE-2025-39998 * CVE-2025-40201 * CVE-2025-40253 * CVE-2025-68794 * CVE-2025-71066 * CVE-2025-71125 * CVE-2025-71231 * CVE-2025-71268 * CVE-2025-71269 * CVE-2026-23030 * CVE-2026-23047 * CVE-2026-23054 * CVE-2026-23069 * CVE-2026-23088 * CVE-2026-23103 * CVE-2026-23120 * CVE-2026-23125 * CVE-2026-23136 * CVE-2026-23140 * CVE-2026-23154 * CVE-2026-23157 * CVE-2026-23169 * CVE-2026-23187 * CVE-2026-23193 * CVE-2026-23201 * CVE-2026-23202 * CVE-2026-23204 * CVE-2026-23207 * CVE-2026-23216 * CVE-2026-23231 * CVE-2026-23242 * CVE-2026-23243 * CVE-2026-23255 * CVE-2026-23262 * CVE-2026-23270 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23277 * CVE-2026-23278 * CVE-2026-23281 * CVE-2026-23292 * CVE-2026-23293 * CVE-2026-23304 * CVE-2026-23317 * CVE-2026-23319 * CVE-2026-23335 * CVE-2026-23343 * CVE-2026-23361 * CVE-2026-23379 * CVE-2026-23381 * CVE-2026-23383 * CVE-2026-23386 * CVE-2026-23395 * CVE-2026-23398 * CVE-2026-23412 * CVE-2026-23413 * CVE-2026-23414 * CVE-2026-23419 * CVE-2026-31788 CVSS scores: * CVE-2024-38542 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2024-38542 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39817 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68794 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71125 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71125 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71231 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-71231 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71231 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71268 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71268 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71269 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71269 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23030 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23030 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23047 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23047 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23054 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23088 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23136 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23157 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23169 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23187 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23202 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23202 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23202 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23207 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23207 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23207 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23242 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23262 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23262 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23281 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23304 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23304 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23319 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23335 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23335 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-23343 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23343 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23361 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23395 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23412 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23412 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23414 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23419 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 * SUSE Linux Micro Extras 6.0 An update that solves 61 vulnerabilities and has 21 fixes can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591). * CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998). * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455). * CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). * CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). * CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784). * CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865). * CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889). * CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561). * CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682). * CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755). * CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). * CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303). * CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). * CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286). * CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389). * CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). * CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). * CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). * CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). * CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). * CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). * CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). * CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). * CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735). * CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550). * CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527). * CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). * CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). * CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23395: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (bsc#1260580). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). * CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non-security bugs were fixed: * ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes). * ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes). * ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes). * ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes). * ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes). * ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes). * ALSA: firewire-lib: fix uninitialized local variable (git-fixes). * ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes). * ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable- fixes). * ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes). * ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes). * ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git- fixes). * ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes). * ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes). * ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes). * ASoC: Intel: catpt: Fix the device initialization (git-fixes). * ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git- fixes). * ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes). * ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes). * ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes). * ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes). * ASoC: detect empty DMI strings (git-fixes). * ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable- fixes). * ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes). * ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes). * ASoC: soc-core: flush delayed work before removing DAIs and widgets (git- fixes). * Bluetooth: HIDP: Fix possible UAF (git-fixes). * Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git- fixes). * Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes). * Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes). * Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git- fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes). * Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git- fixes). * Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes). * Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git- fixes). * Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git- fixes). * Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes). * Bluetooth: MGMT: validate LTK enc_size on load (git-fixes). * Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes). * Bluetooth: Remove 3 repeated macro definitions (stable-fixes). * Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes). * Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes). * Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes). * Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes). * Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes). * Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes). * Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes). * Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes). * Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes). * Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes). * Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable- fixes). * Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git- fixes). * Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). * Drivers: hv: remove stale comment (git-fixes). * Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes). * Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git- fixes). * Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes). * HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes). * HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes). * HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes). * HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable- fixes). * HID: mcp2221: cancel last I2C command on read error (stable-fixes). * Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes). * KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). * NFC: nxp-nci: allow GPIOs to sleep (git-fixes). * NFC: pn533: bound the UART receive buffer (git-fixes). * PCI: Update BAR # and window messages (stable-fixes). * PCI: hv: Correct a comment (git-fixes). * PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). * PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). * PCI: hv: remove unnecessary module_init/exit functions (git-fixes). * PM: runtime: Fix a race condition related to device removal (git-fixes). * RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135). * RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes). * RDMA/mana_ib: Add device statistics support (git-fixes). * RDMA/mana_ib: Add device-memory support (git-fixes). * RDMA/mana_ib: Add port statistics support (git-fixes). * RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). * RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). * RDMA/mana_ib: Adding and deleting GIDs (git-fixes). * RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes). * RDMA/mana_ib: Configure mac address in RNIC (git-fixes). * RDMA/mana_ib: Create and destroy RC QP (git-fixes). * RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes). * RDMA/mana_ib: Create and destroy rnic adapter (git-fixes). * RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes). * RDMA/mana_ib: Enable RoCE on port 1 (git-fixes). * RDMA/mana_ib: Extend modify QP (git-fixes). * RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). * RDMA/mana_ib: Fix error code in probe() (git-fixes). * RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135). * RDMA/mana_ib: Fix missing ret value (git-fixes). * RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690). * RDMA/mana_ib: Implement DMABUF MR support (git-fixes). * RDMA/mana_ib: Implement port parameters (git-fixes). * RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes). * RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git- fixes). * RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes). * RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes). * RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes). * RDMA/mana_ib: Modify QP state (git-fixes). * RDMA/mana_ib: Process QP error events in mana_ib (git-fixes). * RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes). * RDMA/mana_ib: Set correct device into ib (git-fixes). * RDMA/mana_ib: Take CQ type from the device type (git-fixes). * RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes). * RDMA/mana_ib: UD/GSI work requests (git-fixes). * RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes). * RDMA/mana_ib: Use safer allocation function() (bsc#1251135). * RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes). * RDMA/mana_ib: add additional port counters (bsc#1251135). * RDMA/mana_ib: add support of multiple ports (bsc#1251135). * RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). * RDMA/mana_ib: create EQs for RNIC CQs (git-fixes). * RDMA/mana_ib: create and destroy RNIC cqs (git-fixes). * RDMA/mana_ib: create kernel-level CQs (git-fixes). * RDMA/mana_ib: create/destroy AH (git-fixes). * RDMA/mana_ib: extend mana QP table (git-fixes). * RDMA/mana_ib: extend query device (git-fixes). * RDMA/mana_ib: helpers to allocate kernel queues (git-fixes). * RDMA/mana_ib: implement get_dma_mr (git-fixes). * RDMA/mana_ib: implement req_notify_cq (git-fixes). * RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes). * RDMA/mana_ib: indicate CM support (git-fixes). * RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes). * RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes). * RDMA/mana_ib: remove useless return values from dbg prints (git-fixes). * RDMA/mana_ib: request error CQEs when supported (git-fixes). * RDMA/mana_ib: set node_guid (git-fixes). * RDMA/mana_ib: support of the zero based MRs (bsc#1251135). * RDMA/mana_ib: unify mana_ib functions to support any gdma device (git- fixes). * Remove "scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans" changes (bsc#1257506). * USB: core: Limit the length of unkillable synchronous timeouts (git-fixes). * USB: dummy-hcd: Fix interrupt synchronization error (git-fixes). * USB: dummy-hcd: Fix locking/synchronization error (git-fixes). * USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable- fixes). * USB: serial: f81232: fix incomplete serial port generation (stable-fixes). * USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes). * USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git- fixes). * accel/qaic: Handle DBC deactivation if the owner went away (git-fixes). * apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). * apparmor: fix differential encoding verification (bsc#1258849). * apparmor: fix memory leak in verify_header (bsc#1258849). * apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). * apparmor: fix race between freeing data and fs accessing it (bsc#1258849). * apparmor: fix race on rawdata dereference (bsc#1258849). * apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). * apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). * apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). * apparmor: replace recursive profile removal with iterative approach (bsc#1258849). * apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). * batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). * bonding: do not set usable_slaves for broadcast mode (git-fixes). * btrfs: fix zero size inode with non-zero size after log replay (git-fixes). * btrfs: log new dentries when logging parent dir of a conflicting inode (git- fixes). * btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). * can: bcm: fix locking for bcm_op runtime updates (git-fixes). * can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). * can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes). * can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes). * can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes). * can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). * can: ucan: Fix infinite loop from zero-length messages (git-fixes). * can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). * comedi: Reinit dev->spinlock between attachments to low-level drivers (git- fixes). * comedi: me4000: Fix potential overrun of firmware buffer (git-fixes). * comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes). * comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes). * crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes). * crypto: caam - fix DMA corruption on long hmac keys (git-fixes). * crypto: caam - fix overflow on long hmac keys (git-fixes). * dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes). * dmaengine: idxd: Fix leaking event log memory (git-fixes). * dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes). * dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes). * dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable- fixes). * dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes). * dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). * dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes). * dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git- fixes). * dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes). * drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable- fixes). * drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes). * drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes). * drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes). * drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git- fixes). * drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes). * drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable- fixes). * drm/ast: dp501: Fix initialization of SCU2C (git-fixes). * drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes). * drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable- fixes). * drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (git-fixes). * drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes). * drm/i915/gt: Check set_default_submission() before deferencing (git-fixes). * drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes). * drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes). * drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git- fixes). * drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes). * drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). * drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). * firmware: arm_scpi: Fix device_node reference leak in probe path (git- fixes). * gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes). * hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git- fixes). * hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes). * hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git- fixes). * hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes). * hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes). * hwmon: (it87) Check the it87_lock() return value (git-fixes). * hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes). * hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes). * hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes). * hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes). * hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes). * hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes). * hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). * hwmon: (pxe1610) Check return value of page-select write in probe (git- fixes). * hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes). * hwmon: axi-fan: do not use driver_override as IRQ name (git-fixes). * i2c: cp2615: fix serial string NULL-deref at probe (git-fixes). * i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes). * i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes). * i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes). * idpf: nullify pointers after they are freed (git-fixes). * iio: accel: fix ADXL355 temperature signature value (git-fixes). * iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes). * iio: chemical: bme680: Fix measurement wait duration calculation (git- fixes). * iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git- fixes). * iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes). * iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes). * iio: dac: ds4424: reject -128 RAW value (git-fixes). * iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes). * iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes). * iio: gyro: mpu3050: Fix irq resource leak (git-fixes). * iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes). * iio: gyro: mpu3050: Move iio_device_register() to correct location (git- fixes). * iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes). * iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes). * iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes). * iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes). * iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes). * iio: potentiometer: mcp4131: fix double application of wiper shift (git- fixes). * media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git- fixes). * media: tegra-video: Use accessors for pad config 'try_*' fields (stable- fixes). * mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes). * mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). * mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes). * mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). * misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes). * mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes). * mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes). * mtd: Avoid boot crash in RedBoot partition table parser (git-fixes). * mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes). * mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes). * mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes). * mtd: rawnand: serialize lock/unlock against other NAND operations (git- fixes). * mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable- fixes). * mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes). * net/mana: Null service_wq on setup error to prevent double destroy (git- fix). * net/mlx5: Fix crash when moving to switchdev mode (git-fixes). * net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes). * net/x25: Fix overflow when accumulating packets (git-fixes). * net/x25: Fix potential double free of skb (git-fixes). * net: mana: Add metadata support for xdp mode (git-fixes). * net: mana: Add standard counter rx_missed_errors (git-fixes). * net: mana: Add support for auxiliary device servicing events (bsc#1251971). * net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690). * net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). * net: mana: Fix double destroy_workqueue on service rescan PCI path (git- fixes). * net: mana: Fix use-after-free in reset service rescan path (git-fixes). * net: mana: Fix warnings for missing export.h header inclusion (git-fixes). * net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971). * net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). * net: mana: Handle hardware recovery events when probing the device (bsc#1257466). * net: mana: Handle unsupported HWC commands (git-fixes). * net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). * net: mana: Move hardware counter stats from per-port to per-VF context (git- fixes). * net: mana: Probe rdma device in mana driver (git-fixes). * net: mana: Reduce waiting time if HWC not responding (bsc#1252266). * net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). * net: mana: Support HW link state events (bsc#1253049). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes). * net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). * net: mana: fix use-after-free in add_adev() error path (git-fixes). * net: mana: use ethtool string helpers (git-fixes). * net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). * net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes). * net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes). * net: usb: lan78xx: fix silent drop of packets with checksum errors (git- fixes). * net: usb: pegasus: validate USB endpoints (stable-fixes). * nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git- fixes). * nfc: nci: fix circular locking dependency in nci_close_device (git-fixes). * nfc: nci: free skb on nci_transceive early error paths (git-fixes). * nfc: rawsock: cancel tx_work before socket teardown (git-fixes). * nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). * phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes). * pinctrl: equilibrium: fix warning trace on load (git-fixes). * pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes). * pinctrl: mediatek: common: Fix probe failure for devices without EINT (git- fixes). * pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes). * platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes). * platform/x86: ISST: Correct locked bit width (git-fixes). * platform/x86: dell-wmi-sysman: Do not hex dump plaintext password data (git- fixes). * platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes). * platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes). * platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes). * platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes). * qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes). * regmap: Synchronize cache for the page selector (git-fixes). * regulator: pca9450: Correct interrupt type (git-fixes). * regulator: pca9450: Make IRQ optional (stable-fixes). * remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes). * rename Hyper-v patch files to simplify further SP6-SP7 merges * s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). * scsi: mpi3mr: Event processing debug improvement (bsc#1251186, bsc#1258832). * scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). * scsi: storvsc: Remove redundant ternary operators (git-fixes). * selftests/powerpc: Re-order *FLAGS to follow lib.mk (bsc#1261669). * selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669). * selftests/powerpc: make sub-folders buildable on their own (bsc#1261669). * serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes). * serial: 8250: Fix TX deadlock when using DMA (git-fixes). * serial: 8250_pci: add support for the AX99100 (stable-fixes). * serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes). * soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git- fixes). * soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes). * spi: fix statistics allocation (git-fixes). * spi: fix use-after-free on controller registration failure (git-fixes). * spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes). * staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable- fixes). * tg3: Fix race for querying speed/duplex (bsc#1257183). * thunderbolt: Fix property read in nhi_wake_supported() (git-fixes). * tools/hv: add a .gitignore file (git-fixes). * tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes). * tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes). * tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). * tools: hv: lsvmbus: change shebang to use python3 (git-fixes). * usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes). * usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes). * usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable- fixes). * usb: cdns3: fix role switching during resume (git-fixes). * usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes). * usb: cdns3: gadget: fix state inconsistency on gadget init failure (git- fixes). * usb: cdns3: remove redundant if branch (stable-fixes). * usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes). * usb: core: do not power off roothub PHYs if phy_set_mode() fails (git- fixes). * usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes). * usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes). * usb: ehci-brcm: fix sleep during atomic (git-fixes). * usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes). * usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes). * usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes). * usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git- fixes). * usb: gadget: uvc: fix NULL pointer dereference during unbind race (git- fixes). * usb: image: mdc800: kill download URB on timeout (stable-fixes). * usb: mdc800: handle signal and read racing (stable-fixes). * usb: misc: uss720: properly clean up reference in uss720_probe() (stable- fixes). * usb: renesas_usbhs: fix use-after-free in ISR during device removal (git- fixes). * usb: roles: get usb role switch from parent only for usb-b-connector (git- fixes). * usb: ulpi: fix double free in ulpi_register_interface() error path (git- fixes). * usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes). * usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes). * usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable- fixes). * usb: yurex: fix race in probe (stable-fixes). * wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes). * wifi: cw1200: Fix locking in error paths (git-fixes). * wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes). * wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git- fixes). * wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes). * wifi: mac80211: set default WMM parameters on all links (stable-fixes). * wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). * wifi: rsi: Do not default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). * wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git- fixes). * wifi: wlcore: Fix a locking bug (git-fixes). * wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). * xen/privcmd: unregister xenstore notifier on module exit (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.0 zypper in -t patch SUSE-SLE-Micro-Extras-6.0-kernel-340=1 ## Package List: * SUSE Linux Micro Extras 6.0 (nosrc) * kernel-64kb-6.4.0-41.1 * kernel-default-6.4.0-41.1 * SUSE Linux Micro Extras 6.0 (aarch64) * kernel-64kb-debugsource-6.4.0-41.1 * kernel-64kb-devel-6.4.0-41.1 * SUSE Linux Micro Extras 6.0 (aarch64 s390x x86_64) * kernel-obs-build-debugsource-6.4.0-41.1 * kernel-obs-build-6.4.0-41.1 * kernel-syms-6.4.0-41.1 * kernel-default-devel-6.4.0-41.1 * kernel-default-debugsource-6.4.0-41.1 * SUSE Linux Micro Extras 6.0 (x86_64) * kernel-default-devel-debuginfo-6.4.0-41.1 ## References: * https://www.suse.com/security/cve/CVE-2024-38542.html * https://www.suse.com/security/cve/CVE-2025-39817.html * https://www.suse.com/security/cve/CVE-2025-39998.html * https://www.suse.com/security/cve/CVE-2025-40201.html * https://www.suse.com/security/cve/CVE-2025-40253.html * https://www.suse.com/security/cve/CVE-2025-68794.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2025-71125.html * https://www.suse.com/security/cve/CVE-2025-71231.html * https://www.suse.com/security/cve/CVE-2025-71268.html * https://www.suse.com/security/cve/CVE-2025-71269.html * https://www.suse.com/security/cve/CVE-2026-23030.html * https://www.suse.com/security/cve/CVE-2026-23047.html * https://www.suse.com/security/cve/CVE-2026-23054.html * https://www.suse.com/security/cve/CVE-2026-23069.html * https://www.suse.com/security/cve/CVE-2026-23088.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23120.html * https://www.suse.com/security/cve/CVE-2026-23125.html * https://www.suse.com/security/cve/CVE-2026-23136.html * https://www.suse.com/security/cve/CVE-2026-23140.html * https://www.suse.com/security/cve/CVE-2026-23154.html * https://www.suse.com/security/cve/CVE-2026-23157.html * https://www.suse.com/security/cve/CVE-2026-23169.html * https://www.suse.com/security/cve/CVE-2026-23187.html * https://www.suse.com/security/cve/CVE-2026-23193.html * https://www.suse.com/security/cve/CVE-2026-23201.html * https://www.suse.com/security/cve/CVE-2026-23202.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23207.html * https://www.suse.com/security/cve/CVE-2026-23216.html * https://www.suse.com/security/cve/CVE-2026-23231.html * https://www.suse.com/security/cve/CVE-2026-23242.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23255.html * https://www.suse.com/security/cve/CVE-2026-23262.html * https://www.suse.com/security/cve/CVE-2026-23270.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23277.html * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-23281.html * https://www.suse.com/security/cve/CVE-2026-23292.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23304.html * https://www.suse.com/security/cve/CVE-2026-23317.html * https://www.suse.com/security/cve/CVE-2026-23319.html * https://www.suse.com/security/cve/CVE-2026-23335.html * https://www.suse.com/security/cve/CVE-2026-23343.html * https://www.suse.com/security/cve/CVE-2026-23361.html * https://www.suse.com/security/cve/CVE-2026-23379.html * https://www.suse.com/security/cve/CVE-2026-23381.html * https://www.suse.com/security/cve/CVE-2026-23383.html * https://www.suse.com/security/cve/CVE-2026-23386.html * https://www.suse.com/security/cve/CVE-2026-23395.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://www.suse.com/security/cve/CVE-2026-23412.html * https://www.suse.com/security/cve/CVE-2026-23413.html * https://www.suse.com/security/cve/CVE-2026-23414.html * https://www.suse.com/security/cve/CVE-2026-23419.html * https://www.suse.com/security/cve/CVE-2026-31788.html * https://bugzilla.suse.com/show_bug.cgi?id=1226591 * https://bugzilla.suse.com/show_bug.cgi?id=1245728 * https://bugzilla.suse.com/show_bug.cgi?id=1249998 * https://bugzilla.suse.com/show_bug.cgi?id=1251135 * https://bugzilla.suse.com/show_bug.cgi?id=1251186 * https://bugzilla.suse.com/show_bug.cgi?id=1251971 * https://bugzilla.suse.com/show_bug.cgi?id=1252073 * https://bugzilla.suse.com/show_bug.cgi?id=1252266 * https://bugzilla.suse.com/show_bug.cgi?id=1253049 * https://bugzilla.suse.com/show_bug.cgi?id=1253455 * https://bugzilla.suse.com/show_bug.cgi?id=1254306 * https://bugzilla.suse.com/show_bug.cgi?id=1255084 * https://bugzilla.suse.com/show_bug.cgi?id=1256645 * https://bugzilla.suse.com/show_bug.cgi?id=1256647 * https://bugzilla.suse.com/show_bug.cgi?id=1256690 * https://bugzilla.suse.com/show_bug.cgi?id=1256784 * https://bugzilla.suse.com/show_bug.cgi?id=1257183 * https://bugzilla.suse.com/show_bug.cgi?id=1257466 * https://bugzilla.suse.com/show_bug.cgi?id=1257472 * https://bugzilla.suse.com/show_bug.cgi?id=1257473 * https://bugzilla.suse.com/show_bug.cgi?id=1257506 * https://bugzilla.suse.com/show_bug.cgi?id=1257561 * https://bugzilla.suse.com/show_bug.cgi?id=1257682 * https://bugzilla.suse.com/show_bug.cgi?id=1257732 * https://bugzilla.suse.com/show_bug.cgi?id=1257755 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1257777 * https://bugzilla.suse.com/show_bug.cgi?id=1257814 * https://bugzilla.suse.com/show_bug.cgi?id=1257952 * https://bugzilla.suse.com/show_bug.cgi?id=1258280 * https://bugzilla.suse.com/show_bug.cgi?id=1258286 * https://bugzilla.suse.com/show_bug.cgi?id=1258293 * https://bugzilla.suse.com/show_bug.cgi?id=1258303 * https://bugzilla.suse.com/show_bug.cgi?id=1258305 * https://bugzilla.suse.com/show_bug.cgi?id=1258330 * https://bugzilla.suse.com/show_bug.cgi?id=1258337 * https://bugzilla.suse.com/show_bug.cgi?id=1258338 * https://bugzilla.suse.com/show_bug.cgi?id=1258340 * https://bugzilla.suse.com/show_bug.cgi?id=1258376 * https://bugzilla.suse.com/show_bug.cgi?id=1258389 * https://bugzilla.suse.com/show_bug.cgi?id=1258414 * https://bugzilla.suse.com/show_bug.cgi?id=1258424 * https://bugzilla.suse.com/show_bug.cgi?id=1258447 * https://bugzilla.suse.com/show_bug.cgi?id=1258524 * https://bugzilla.suse.com/show_bug.cgi?id=1258832 * https://bugzilla.suse.com/show_bug.cgi?id=1258849 * https://bugzilla.suse.com/show_bug.cgi?id=1259188 * https://bugzilla.suse.com/show_bug.cgi?id=1259461 * https://bugzilla.suse.com/show_bug.cgi?id=1259580 * https://bugzilla.suse.com/show_bug.cgi?id=1259707 * https://bugzilla.suse.com/show_bug.cgi?id=1259795 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259865 * https://bugzilla.suse.com/show_bug.cgi?id=1259870 * https://bugzilla.suse.com/show_bug.cgi?id=1259886 * https://bugzilla.suse.com/show_bug.cgi?id=1259889 * https://bugzilla.suse.com/show_bug.cgi?id=1259891 * https://bugzilla.suse.com/show_bug.cgi?id=1259997 * https://bugzilla.suse.com/show_bug.cgi?id=1259998 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260464 * https://bugzilla.suse.com/show_bug.cgi?id=1260471 * https://bugzilla.suse.com/show_bug.cgi?id=1260481 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260497 * https://bugzilla.suse.com/show_bug.cgi?id=1260500 * https://bugzilla.suse.com/show_bug.cgi?id=1260527 * https://bugzilla.suse.com/show_bug.cgi?id=1260544 * https://bugzilla.suse.com/show_bug.cgi?id=1260550 * https://bugzilla.suse.com/show_bug.cgi?id=1260562 * https://bugzilla.suse.com/show_bug.cgi?id=1260580 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1260732 * https://bugzilla.suse.com/show_bug.cgi?id=1260735 * https://bugzilla.suse.com/show_bug.cgi?id=1260799 * https://bugzilla.suse.com/show_bug.cgi?id=1261412 * https://bugzilla.suse.com/show_bug.cgi?id=1261496 * https://bugzilla.suse.com/show_bug.cgi?id=1261498 * https://bugzilla.suse.com/show_bug.cgi?id=1261507 * https://bugzilla.suse.com/show_bug.cgi?id=1261669 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:34:56 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:34:56 -0000 Subject: SUSE-SU-2026:21128-1: important: Security update for ignition Message-ID: <177644369600.6118.14260274928970832858@2ec35c3f4c39> # Security update for ignition Announcement ID: SUSE-SU-2026:21128-1 Release Date: 2026-04-14T08:01:42Z Rating: important References: * bsc#1260251 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for ignition fixes the following issue: * CVE-2026-33186: Fixed an authorization bypass due to improper validation of the HTTP/2: path pseudo-header (bsc#1260251). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-668=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * ignition-debuginfo-2.19.0-3.1 * ignition-2.19.0-3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:34:59 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:34:59 -0000 Subject: SUSE-SU-2026:21127-1: moderate: Security update for avahi Message-ID: <177644369961.6118.14504271612438902019@2ec35c3f4c39> # Security update for avahi Announcement ID: SUSE-SU-2026:21127-1 Release Date: 2026-04-14T08:01:42Z Rating: moderate References: * bsc#1257235 Cross-References: * CVE-2026-24401 CVSS scores: * CVE-2026-24401 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2026-24401: Fix unsolicited mDNS response containing a recursive CNAME record. (bsc#1257235) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-667=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libavahi-common3-0.8-8.1 * libavahi-core7-0.8-8.1 * avahi-debugsource-0.8-8.1 * libavahi-common3-debuginfo-0.8-8.1 * avahi-debuginfo-0.8-8.1 * libavahi-client3-debuginfo-0.8-8.1 * libavahi-client3-0.8-8.1 * avahi-0.8-8.1 * libavahi-core7-debuginfo-0.8-8.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24401.html * https://bugzilla.suse.com/show_bug.cgi?id=1257235 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:35:02 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:35:02 -0000 Subject: SUSE-SU-2026:21126-1: moderate: Security update for python-cryptography Message-ID: <177644370248.6118.11570340399059739975@2ec35c3f4c39> # Security update for python-cryptography Announcement ID: SUSE-SU-2026:21126-1 Release Date: 2026-04-14T07:57:49Z Rating: moderate References: * bsc#1260876 Cross-References: * CVE-2026-34073 CVSS scores: * CVE-2026-34073 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34073 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-34073 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34073 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-cryptography fixes the following issues: * CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. (bsc#1260876) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-666=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * python311-cryptography-42.0.4-4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34073.html * https://bugzilla.suse.com/show_bug.cgi?id=1260876 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:35:05 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:35:05 -0000 Subject: SUSE-RU-2026:21125-1: moderate: Recommended update for dpdk Message-ID: <177644370507.6118.12537065387147563900@2ec35c3f4c39> # Recommended update for dpdk Announcement ID: SUSE-RU-2026:21125-1 Release Date: 2026-04-14T07:54:40Z Rating: moderate References: * bsc#1260007 Affected Products: * SUSE Linux Micro 6.0 An update that has one fix can now be installed. ## Description: This update for dpdk fixes the following issues: * Update to version 22.11.11: * upstream bugfix release * Summary: * app/testpmd: fix conntrack action query, fix DCB Rx queues, fix DCB Tx port, fix flex item link parsing * common/cnxk: fix async event handling * common/mlx5: release unused mempool entries * crypto/ipsec_mb: fix QP release in secondary * dmadev: fix debug build with tracepoints * dma/hisilicon: fix stop with pending transfers * doc: improve documentation for conntrack state inspect command, device argument in txgbe and ionic * eal: fix DMA mask validation with IOVA mode option * efd: fix AVX2 support * event/cnxk: fix Rx offload flags * eventdev: fix listing timer adapters with telemetry * fib6: fix tbl8 allocation check logic * graph: fix unaligned access in stats * hash: fix unaligned access in predictable RSS * net/af_packet: fix crash in secondary process * net/ark: remove double mbuf free * net/bonding: fix MAC address propagation in 802.3ad mode * net/dpaa2: fix duplicate call of close * net/dpaa2: fix L3/L4 checksum results * net/dpaa2: receive packets with additional parse errors * net/dpaa: fix resource leak * net/ena/base: fix unsafe memcpy on invalid memory * net/ena: fix PCI BAR mapping on 64K page size * net/enetfec: fix checksum flag handling and error return * net/enetfec: fix file descriptor leak on read error * net/enetfec: fix memory leak in Rx buffer cleanup * net/enetfec: fix out-of-bounds access in UIO mapping * net/enetfec: fix Tx queue free * net: fix L2 length for GRE packets * net/hns3: fix VLAN resources freeing * net/hns3: fix VLAN tag loss for short tunnel frame * net/i40e: fix symmetric Toeplitz hashing for SCTP * net/ice/base: fix integer overflow on NVM init * net/ice/base: fix memory leak in HW profile handling * net/ice/base: fix memory leak in recipe handling * net/ice: fix initialization with 8 ports * net/ice: fix memory leak in raw pattern parse * net/ice: fix path selection for QinQ Tx offload * net/ice: fix vector Rx VLAN offload flags * net/mlx5: fix connection tracking state item validation * net/mlx5: fix control flow leakage for external SQ * net/mlx5: fix ESP header match after UDP for group 0 * net/mlx5: fix flow aging race condition * net/mlx5: fix min and max MTU reporting * net/mlx5/hws: fix buddy memory allocation * net/ngbe: reduce memory size of ring descriptors * net/tap: fix interrupt callback crash after failed start * net/txgbe: various FDIR fixes * net/vmxnet3: fix mapping of mempools to queues * test/crypto: fix vector initialization * test/debug: fix crash with mlx5 devices * test/debug: fix IOVA mode on PPC64 without huge pages * vfio: fix custom containers in multiprocess * vhost: fix double fetch when dequeue offloading * Add libarchive as dependency, avoid errors like '/lib/firmware/... cannot be decompressed' (bsc#1260007) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-664=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 x86_64) * dpdk-debuginfo-22.11.11-1.1 * dpdk-tools-22.11.11-1.1 * dpdk-debugsource-22.11.11-1.1 * libdpdk-23-22.11.11-1.1 * dpdk-22.11.11-1.1 * libdpdk-23-debuginfo-22.11.11-1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1260007 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:35:10 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:35:10 -0000 Subject: SUSE-SU-2026:21124-1: important: Security update for vim Message-ID: <177644371035.6118.10335077794822339789@2ec35c3f4c39> # Security update for vim Announcement ID: SUSE-SU-2026:21124-1 Release Date: 2026-04-14T07:54:09Z Rating: important References: * bsc#1259985 * bsc#1261191 * bsc#1261271 Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * Update to 9.2.0280 * CVE-2026-33412: command injection via newline in glob() (bsc#1259985). * CVE-2026-34714: crafted file can allow code execution (bsc#1261191). * CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-665=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * vim-data-common-9.2.0280-1.1 * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * vim-debugsource-9.2.0280-1.1 * vim-small-9.2.0280-1.1 * vim-small-debuginfo-9.2.0280-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://bugzilla.suse.com/show_bug.cgi?id=1259985 * https://bugzilla.suse.com/show_bug.cgi?id=1261191 * https://bugzilla.suse.com/show_bug.cgi?id=1261271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:37:08 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:37:08 -0000 Subject: SUSE-SU-2026:21123-1: important: Security update for the Linux Kernel Message-ID: <177644382898.6118.5754715688251717473@2ec35c3f4c39> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21123-1 Release Date: 2026-04-13T16:48:50Z Rating: important References: * bsc#1226591 * bsc#1245728 * bsc#1249998 * bsc#1251135 * bsc#1251186 * bsc#1251971 * bsc#1252073 * bsc#1252266 * bsc#1253049 * bsc#1253455 * bsc#1254306 * bsc#1255084 * bsc#1256645 * bsc#1256647 * bsc#1256690 * bsc#1256784 * bsc#1257183 * bsc#1257466 * bsc#1257472 * bsc#1257473 * bsc#1257506 * bsc#1257561 * bsc#1257682 * bsc#1257732 * bsc#1257755 * bsc#1257773 * bsc#1257777 * bsc#1257814 * bsc#1257952 * bsc#1258280 * bsc#1258286 * bsc#1258293 * bsc#1258303 * bsc#1258305 * bsc#1258330 * bsc#1258337 * bsc#1258338 * bsc#1258340 * bsc#1258376 * bsc#1258389 * bsc#1258414 * bsc#1258424 * bsc#1258447 * bsc#1258524 * bsc#1258832 * bsc#1258849 * bsc#1259188 * bsc#1259461 * bsc#1259580 * bsc#1259707 * bsc#1259795 * bsc#1259797 * bsc#1259865 * bsc#1259870 * bsc#1259886 * bsc#1259889 * bsc#1259891 * bsc#1259997 * bsc#1259998 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260464 * bsc#1260471 * bsc#1260481 * bsc#1260486 * bsc#1260497 * bsc#1260500 * bsc#1260527 * bsc#1260544 * bsc#1260550 * bsc#1260562 * bsc#1260580 * bsc#1260730 * bsc#1260732 * bsc#1260735 * bsc#1260799 * bsc#1261412 * bsc#1261496 * bsc#1261498 * bsc#1261507 * bsc#1261669 Cross-References: * CVE-2024-38542 * CVE-2025-39817 * CVE-2025-39998 * CVE-2025-40201 * CVE-2025-40253 * CVE-2025-68794 * CVE-2025-71066 * CVE-2025-71125 * CVE-2025-71231 * CVE-2025-71268 * CVE-2025-71269 * CVE-2026-23030 * CVE-2026-23047 * CVE-2026-23054 * CVE-2026-23069 * CVE-2026-23088 * CVE-2026-23103 * CVE-2026-23120 * CVE-2026-23125 * CVE-2026-23136 * CVE-2026-23140 * CVE-2026-23154 * CVE-2026-23157 * CVE-2026-23169 * CVE-2026-23187 * CVE-2026-23193 * CVE-2026-23201 * CVE-2026-23202 * CVE-2026-23204 * CVE-2026-23207 * CVE-2026-23216 * CVE-2026-23231 * CVE-2026-23242 * CVE-2026-23243 * CVE-2026-23255 * CVE-2026-23262 * CVE-2026-23270 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23277 * CVE-2026-23278 * CVE-2026-23281 * CVE-2026-23292 * CVE-2026-23293 * CVE-2026-23304 * CVE-2026-23317 * CVE-2026-23319 * CVE-2026-23335 * CVE-2026-23343 * CVE-2026-23361 * CVE-2026-23379 * CVE-2026-23381 * CVE-2026-23383 * CVE-2026-23386 * CVE-2026-23395 * CVE-2026-23398 * CVE-2026-23412 * CVE-2026-23413 * CVE-2026-23414 * CVE-2026-23419 * CVE-2026-31788 CVSS scores: * CVE-2024-38542 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2024-38542 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39817 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68794 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71125 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71125 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71231 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-71231 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71231 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71268 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71268 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71269 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71269 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23030 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23030 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23047 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23047 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23054 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23088 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23136 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23157 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23169 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23187 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23202 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23202 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23202 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23207 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23207 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23207 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23242 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23262 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23262 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23281 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23304 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23304 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23319 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23335 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23335 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-23343 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23343 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23361 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23395 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23412 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23412 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23414 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23419 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves 61 vulnerabilities and has 21 fixes can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591). * CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998). * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455). * CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). * CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). * CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784). * CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865). * CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889). * CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561). * CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682). * CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755). * CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). * CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303). * CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). * CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286). * CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389). * CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). * CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). * CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). * CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). * CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). * CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). * CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). * CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). * CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735). * CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550). * CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527). * CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). * CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). * CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23395: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (bsc#1260580). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). * CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non-security bugs were fixed: * ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes). * ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes). * ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes). * ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes). * ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes). * ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes). * ALSA: firewire-lib: fix uninitialized local variable (git-fixes). * ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes). * ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable- fixes). * ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes). * ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes). * ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git- fixes). * ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes). * ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes). * ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes). * ASoC: Intel: catpt: Fix the device initialization (git-fixes). * ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git- fixes). * ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes). * ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes). * ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes). * ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes). * ASoC: detect empty DMI strings (git-fixes). * ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable- fixes). * ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes). * ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes). * ASoC: soc-core: flush delayed work before removing DAIs and widgets (git- fixes). * Bluetooth: HIDP: Fix possible UAF (git-fixes). * Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git- fixes). * Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes). * Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes). * Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git- fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes). * Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git- fixes). * Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes). * Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git- fixes). * Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git- fixes). * Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes). * Bluetooth: MGMT: validate LTK enc_size on load (git-fixes). * Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes). * Bluetooth: Remove 3 repeated macro definitions (stable-fixes). * Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes). * Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes). * Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes). * Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes). * Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes). * Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes). * Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes). * Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes). * Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes). * Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes). * Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable- fixes). * Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git- fixes). * Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). * Drivers: hv: remove stale comment (git-fixes). * Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes). * Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git- fixes). * Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes). * HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes). * HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes). * HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes). * HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable- fixes). * HID: mcp2221: cancel last I2C command on read error (stable-fixes). * Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes). * KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). * NFC: nxp-nci: allow GPIOs to sleep (git-fixes). * NFC: pn533: bound the UART receive buffer (git-fixes). * PCI: Update BAR # and window messages (stable-fixes). * PCI: hv: Correct a comment (git-fixes). * PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). * PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). * PCI: hv: remove unnecessary module_init/exit functions (git-fixes). * PM: runtime: Fix a race condition related to device removal (git-fixes). * RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135). * RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes). * RDMA/mana_ib: Add device statistics support (git-fixes). * RDMA/mana_ib: Add device-memory support (git-fixes). * RDMA/mana_ib: Add port statistics support (git-fixes). * RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). * RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). * RDMA/mana_ib: Adding and deleting GIDs (git-fixes). * RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes). * RDMA/mana_ib: Configure mac address in RNIC (git-fixes). * RDMA/mana_ib: Create and destroy RC QP (git-fixes). * RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes). * RDMA/mana_ib: Create and destroy rnic adapter (git-fixes). * RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes). * RDMA/mana_ib: Enable RoCE on port 1 (git-fixes). * RDMA/mana_ib: Extend modify QP (git-fixes). * RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). * RDMA/mana_ib: Fix error code in probe() (git-fixes). * RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135). * RDMA/mana_ib: Fix missing ret value (git-fixes). * RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690). * RDMA/mana_ib: Implement DMABUF MR support (git-fixes). * RDMA/mana_ib: Implement port parameters (git-fixes). * RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes). * RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git- fixes). * RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes). * RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes). * RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes). * RDMA/mana_ib: Modify QP state (git-fixes). * RDMA/mana_ib: Process QP error events in mana_ib (git-fixes). * RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes). * RDMA/mana_ib: Set correct device into ib (git-fixes). * RDMA/mana_ib: Take CQ type from the device type (git-fixes). * RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes). * RDMA/mana_ib: UD/GSI work requests (git-fixes). * RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes). * RDMA/mana_ib: Use safer allocation function() (bsc#1251135). * RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes). * RDMA/mana_ib: add additional port counters (bsc#1251135). * RDMA/mana_ib: add support of multiple ports (bsc#1251135). * RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). * RDMA/mana_ib: create EQs for RNIC CQs (git-fixes). * RDMA/mana_ib: create and destroy RNIC cqs (git-fixes). * RDMA/mana_ib: create kernel-level CQs (git-fixes). * RDMA/mana_ib: create/destroy AH (git-fixes). * RDMA/mana_ib: extend mana QP table (git-fixes). * RDMA/mana_ib: extend query device (git-fixes). * RDMA/mana_ib: helpers to allocate kernel queues (git-fixes). * RDMA/mana_ib: implement get_dma_mr (git-fixes). * RDMA/mana_ib: implement req_notify_cq (git-fixes). * RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes). * RDMA/mana_ib: indicate CM support (git-fixes). * RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes). * RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes). * RDMA/mana_ib: remove useless return values from dbg prints (git-fixes). * RDMA/mana_ib: request error CQEs when supported (git-fixes). * RDMA/mana_ib: set node_guid (git-fixes). * RDMA/mana_ib: support of the zero based MRs (bsc#1251135). * RDMA/mana_ib: unify mana_ib functions to support any gdma device (git- fixes). * Remove "scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans" changes (bsc#1257506). * USB: core: Limit the length of unkillable synchronous timeouts (git-fixes). * USB: dummy-hcd: Fix interrupt synchronization error (git-fixes). * USB: dummy-hcd: Fix locking/synchronization error (git-fixes). * USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable- fixes). * USB: serial: f81232: fix incomplete serial port generation (stable-fixes). * USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes). * USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git- fixes). * accel/qaic: Handle DBC deactivation if the owner went away (git-fixes). * apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). * apparmor: fix differential encoding verification (bsc#1258849). * apparmor: fix memory leak in verify_header (bsc#1258849). * apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). * apparmor: fix race between freeing data and fs accessing it (bsc#1258849). * apparmor: fix race on rawdata dereference (bsc#1258849). * apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). * apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). * apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). * apparmor: replace recursive profile removal with iterative approach (bsc#1258849). * apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). * batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). * bonding: do not set usable_slaves for broadcast mode (git-fixes). * btrfs: fix zero size inode with non-zero size after log replay (git-fixes). * btrfs: log new dentries when logging parent dir of a conflicting inode (git- fixes). * btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). * can: bcm: fix locking for bcm_op runtime updates (git-fixes). * can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). * can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes). * can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes). * can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes). * can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). * can: ucan: Fix infinite loop from zero-length messages (git-fixes). * can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). * comedi: Reinit dev->spinlock between attachments to low-level drivers (git- fixes). * comedi: me4000: Fix potential overrun of firmware buffer (git-fixes). * comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes). * comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes). * crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes). * crypto: caam - fix DMA corruption on long hmac keys (git-fixes). * crypto: caam - fix overflow on long hmac keys (git-fixes). * dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes). * dmaengine: idxd: Fix leaking event log memory (git-fixes). * dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes). * dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes). * dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable- fixes). * dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes). * dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). * dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes). * dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git- fixes). * dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes). * drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable- fixes). * drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes). * drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes). * drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes). * drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git- fixes). * drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes). * drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable- fixes). * drm/ast: dp501: Fix initialization of SCU2C (git-fixes). * drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes). * drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable- fixes). * drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (git-fixes). * drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes). * drm/i915/gt: Check set_default_submission() before deferencing (git-fixes). * drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes). * drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes). * drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git- fixes). * drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes). * drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). * drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). * firmware: arm_scpi: Fix device_node reference leak in probe path (git- fixes). * gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes). * hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git- fixes). * hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes). * hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git- fixes). * hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes). * hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes). * hwmon: (it87) Check the it87_lock() return value (git-fixes). * hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes). * hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes). * hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes). * hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes). * hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes). * hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes). * hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). * hwmon: (pxe1610) Check return value of page-select write in probe (git- fixes). * hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes). * hwmon: axi-fan: do not use driver_override as IRQ name (git-fixes). * i2c: cp2615: fix serial string NULL-deref at probe (git-fixes). * i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes). * i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes). * i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes). * idpf: nullify pointers after they are freed (git-fixes). * iio: accel: fix ADXL355 temperature signature value (git-fixes). * iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes). * iio: chemical: bme680: Fix measurement wait duration calculation (git- fixes). * iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git- fixes). * iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes). * iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes). * iio: dac: ds4424: reject -128 RAW value (git-fixes). * iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes). * iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes). * iio: gyro: mpu3050: Fix irq resource leak (git-fixes). * iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes). * iio: gyro: mpu3050: Move iio_device_register() to correct location (git- fixes). * iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes). * iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes). * iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes). * iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes). * iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes). * iio: potentiometer: mcp4131: fix double application of wiper shift (git- fixes). * media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git- fixes). * media: tegra-video: Use accessors for pad config 'try_*' fields (stable- fixes). * mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes). * mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). * mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes). * mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). * misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes). * mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes). * mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes). * mtd: Avoid boot crash in RedBoot partition table parser (git-fixes). * mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes). * mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes). * mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes). * mtd: rawnand: serialize lock/unlock against other NAND operations (git- fixes). * mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable- fixes). * mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes). * net/mana: Null service_wq on setup error to prevent double destroy (git- fix). * net/mlx5: Fix crash when moving to switchdev mode (git-fixes). * net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes). * net/x25: Fix overflow when accumulating packets (git-fixes). * net/x25: Fix potential double free of skb (git-fixes). * net: mana: Add metadata support for xdp mode (git-fixes). * net: mana: Add standard counter rx_missed_errors (git-fixes). * net: mana: Add support for auxiliary device servicing events (bsc#1251971). * net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690). * net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). * net: mana: Fix double destroy_workqueue on service rescan PCI path (git- fixes). * net: mana: Fix use-after-free in reset service rescan path (git-fixes). * net: mana: Fix warnings for missing export.h header inclusion (git-fixes). * net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971). * net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). * net: mana: Handle hardware recovery events when probing the device (bsc#1257466). * net: mana: Handle unsupported HWC commands (git-fixes). * net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). * net: mana: Move hardware counter stats from per-port to per-VF context (git- fixes). * net: mana: Probe rdma device in mana driver (git-fixes). * net: mana: Reduce waiting time if HWC not responding (bsc#1252266). * net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). * net: mana: Support HW link state events (bsc#1253049). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes). * net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). * net: mana: fix use-after-free in add_adev() error path (git-fixes). * net: mana: use ethtool string helpers (git-fixes). * net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). * net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes). * net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes). * net: usb: lan78xx: fix silent drop of packets with checksum errors (git- fixes). * net: usb: pegasus: validate USB endpoints (stable-fixes). * nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git- fixes). * nfc: nci: fix circular locking dependency in nci_close_device (git-fixes). * nfc: nci: free skb on nci_transceive early error paths (git-fixes). * nfc: rawsock: cancel tx_work before socket teardown (git-fixes). * nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). * phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes). * pinctrl: equilibrium: fix warning trace on load (git-fixes). * pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes). * pinctrl: mediatek: common: Fix probe failure for devices without EINT (git- fixes). * pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes). * platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes). * platform/x86: ISST: Correct locked bit width (git-fixes). * platform/x86: dell-wmi-sysman: Do not hex dump plaintext password data (git- fixes). * platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes). * platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes). * platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes). * platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes). * qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes). * regmap: Synchronize cache for the page selector (git-fixes). * regulator: pca9450: Correct interrupt type (git-fixes). * regulator: pca9450: Make IRQ optional (stable-fixes). * remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes). * rename Hyper-v patch files to simplify further SP6-SP7 merges * s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). * scsi: mpi3mr: Event processing debug improvement (bsc#1251186, bsc#1258832). * scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). * scsi: storvsc: Remove redundant ternary operators (git-fixes). * selftests/powerpc: Re-order *FLAGS to follow lib.mk (bsc#1261669). * selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669). * selftests/powerpc: make sub-folders buildable on their own (bsc#1261669). * serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes). * serial: 8250: Fix TX deadlock when using DMA (git-fixes). * serial: 8250_pci: add support for the AX99100 (stable-fixes). * serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes). * soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git- fixes). * soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes). * spi: fix statistics allocation (git-fixes). * spi: fix use-after-free on controller registration failure (git-fixes). * spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes). * staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable- fixes). * tg3: Fix race for querying speed/duplex (bsc#1257183). * thunderbolt: Fix property read in nhi_wake_supported() (git-fixes). * tools/hv: add a .gitignore file (git-fixes). * tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes). * tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes). * tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). * tools: hv: lsvmbus: change shebang to use python3 (git-fixes). * usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes). * usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes). * usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable- fixes). * usb: cdns3: fix role switching during resume (git-fixes). * usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes). * usb: cdns3: gadget: fix state inconsistency on gadget init failure (git- fixes). * usb: cdns3: remove redundant if branch (stable-fixes). * usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes). * usb: core: do not power off roothub PHYs if phy_set_mode() fails (git- fixes). * usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes). * usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes). * usb: ehci-brcm: fix sleep during atomic (git-fixes). * usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes). * usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes). * usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes). * usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git- fixes). * usb: gadget: uvc: fix NULL pointer dereference during unbind race (git- fixes). * usb: image: mdc800: kill download URB on timeout (stable-fixes). * usb: mdc800: handle signal and read racing (stable-fixes). * usb: misc: uss720: properly clean up reference in uss720_probe() (stable- fixes). * usb: renesas_usbhs: fix use-after-free in ISR during device removal (git- fixes). * usb: roles: get usb role switch from parent only for usb-b-connector (git- fixes). * usb: ulpi: fix double free in ulpi_register_interface() error path (git- fixes). * usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes). * usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes). * usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable- fixes). * usb: yurex: fix race in probe (stable-fixes). * wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes). * wifi: cw1200: Fix locking in error paths (git-fixes). * wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes). * wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git- fixes). * wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes). * wifi: mac80211: set default WMM parameters on all links (stable-fixes). * wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). * wifi: rsi: Do not default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). * wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git- fixes). * wifi: wlcore: Fix a locking bug (git-fixes). * wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). * xen/privcmd: unregister xenstore notifier on module exit (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-340=1 ## Package List: * SUSE Linux Micro 6.0 (noarch) * kernel-source-6.4.0-41.1 * kernel-macros-6.4.0-41.1 * kernel-devel-6.4.0-41.1 * SUSE Linux Micro 6.0 (aarch64 nosrc s390x x86_64) * kernel-default-6.4.0-41.1 * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * kernel-default-debuginfo-6.4.0-41.1 * kernel-default-debugsource-6.4.0-41.1 * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-default-livepatch-6.4.0-41.1 * SUSE Linux Micro 6.0 (nosrc x86_64) * kernel-kvmsmall-6.4.0-41.1 * SUSE Linux Micro 6.0 (x86_64) * kernel-kvmsmall-debuginfo-6.4.0-41.1 * kernel-kvmsmall-debugsource-6.4.0-41.1 * SUSE Linux Micro 6.0 (aarch64 x86_64) * kernel-default-base-6.4.0-41.1.21.18 ## References: * https://www.suse.com/security/cve/CVE-2024-38542.html * https://www.suse.com/security/cve/CVE-2025-39817.html * https://www.suse.com/security/cve/CVE-2025-39998.html * https://www.suse.com/security/cve/CVE-2025-40201.html * https://www.suse.com/security/cve/CVE-2025-40253.html * https://www.suse.com/security/cve/CVE-2025-68794.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2025-71125.html * https://www.suse.com/security/cve/CVE-2025-71231.html * https://www.suse.com/security/cve/CVE-2025-71268.html * https://www.suse.com/security/cve/CVE-2025-71269.html * https://www.suse.com/security/cve/CVE-2026-23030.html * https://www.suse.com/security/cve/CVE-2026-23047.html * https://www.suse.com/security/cve/CVE-2026-23054.html * https://www.suse.com/security/cve/CVE-2026-23069.html * https://www.suse.com/security/cve/CVE-2026-23088.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23120.html * https://www.suse.com/security/cve/CVE-2026-23125.html * https://www.suse.com/security/cve/CVE-2026-23136.html * https://www.suse.com/security/cve/CVE-2026-23140.html * https://www.suse.com/security/cve/CVE-2026-23154.html * https://www.suse.com/security/cve/CVE-2026-23157.html * https://www.suse.com/security/cve/CVE-2026-23169.html * https://www.suse.com/security/cve/CVE-2026-23187.html * https://www.suse.com/security/cve/CVE-2026-23193.html * https://www.suse.com/security/cve/CVE-2026-23201.html * https://www.suse.com/security/cve/CVE-2026-23202.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23207.html * https://www.suse.com/security/cve/CVE-2026-23216.html * https://www.suse.com/security/cve/CVE-2026-23231.html * https://www.suse.com/security/cve/CVE-2026-23242.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23255.html * https://www.suse.com/security/cve/CVE-2026-23262.html * https://www.suse.com/security/cve/CVE-2026-23270.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23277.html * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-23281.html * https://www.suse.com/security/cve/CVE-2026-23292.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23304.html * https://www.suse.com/security/cve/CVE-2026-23317.html * https://www.suse.com/security/cve/CVE-2026-23319.html * https://www.suse.com/security/cve/CVE-2026-23335.html * https://www.suse.com/security/cve/CVE-2026-23343.html * https://www.suse.com/security/cve/CVE-2026-23361.html * https://www.suse.com/security/cve/CVE-2026-23379.html * https://www.suse.com/security/cve/CVE-2026-23381.html * https://www.suse.com/security/cve/CVE-2026-23383.html * https://www.suse.com/security/cve/CVE-2026-23386.html * https://www.suse.com/security/cve/CVE-2026-23395.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://www.suse.com/security/cve/CVE-2026-23412.html * https://www.suse.com/security/cve/CVE-2026-23413.html * https://www.suse.com/security/cve/CVE-2026-23414.html * https://www.suse.com/security/cve/CVE-2026-23419.html * https://www.suse.com/security/cve/CVE-2026-31788.html * https://bugzilla.suse.com/show_bug.cgi?id=1226591 * https://bugzilla.suse.com/show_bug.cgi?id=1245728 * https://bugzilla.suse.com/show_bug.cgi?id=1249998 * https://bugzilla.suse.com/show_bug.cgi?id=1251135 * https://bugzilla.suse.com/show_bug.cgi?id=1251186 * https://bugzilla.suse.com/show_bug.cgi?id=1251971 * https://bugzilla.suse.com/show_bug.cgi?id=1252073 * https://bugzilla.suse.com/show_bug.cgi?id=1252266 * https://bugzilla.suse.com/show_bug.cgi?id=1253049 * https://bugzilla.suse.com/show_bug.cgi?id=1253455 * https://bugzilla.suse.com/show_bug.cgi?id=1254306 * https://bugzilla.suse.com/show_bug.cgi?id=1255084 * https://bugzilla.suse.com/show_bug.cgi?id=1256645 * https://bugzilla.suse.com/show_bug.cgi?id=1256647 * https://bugzilla.suse.com/show_bug.cgi?id=1256690 * https://bugzilla.suse.com/show_bug.cgi?id=1256784 * https://bugzilla.suse.com/show_bug.cgi?id=1257183 * https://bugzilla.suse.com/show_bug.cgi?id=1257466 * https://bugzilla.suse.com/show_bug.cgi?id=1257472 * https://bugzilla.suse.com/show_bug.cgi?id=1257473 * https://bugzilla.suse.com/show_bug.cgi?id=1257506 * https://bugzilla.suse.com/show_bug.cgi?id=1257561 * https://bugzilla.suse.com/show_bug.cgi?id=1257682 * https://bugzilla.suse.com/show_bug.cgi?id=1257732 * https://bugzilla.suse.com/show_bug.cgi?id=1257755 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1257777 * https://bugzilla.suse.com/show_bug.cgi?id=1257814 * https://bugzilla.suse.com/show_bug.cgi?id=1257952 * https://bugzilla.suse.com/show_bug.cgi?id=1258280 * https://bugzilla.suse.com/show_bug.cgi?id=1258286 * https://bugzilla.suse.com/show_bug.cgi?id=1258293 * https://bugzilla.suse.com/show_bug.cgi?id=1258303 * https://bugzilla.suse.com/show_bug.cgi?id=1258305 * https://bugzilla.suse.com/show_bug.cgi?id=1258330 * https://bugzilla.suse.com/show_bug.cgi?id=1258337 * https://bugzilla.suse.com/show_bug.cgi?id=1258338 * https://bugzilla.suse.com/show_bug.cgi?id=1258340 * https://bugzilla.suse.com/show_bug.cgi?id=1258376 * https://bugzilla.suse.com/show_bug.cgi?id=1258389 * https://bugzilla.suse.com/show_bug.cgi?id=1258414 * https://bugzilla.suse.com/show_bug.cgi?id=1258424 * https://bugzilla.suse.com/show_bug.cgi?id=1258447 * https://bugzilla.suse.com/show_bug.cgi?id=1258524 * https://bugzilla.suse.com/show_bug.cgi?id=1258832 * https://bugzilla.suse.com/show_bug.cgi?id=1258849 * https://bugzilla.suse.com/show_bug.cgi?id=1259188 * https://bugzilla.suse.com/show_bug.cgi?id=1259461 * https://bugzilla.suse.com/show_bug.cgi?id=1259580 * https://bugzilla.suse.com/show_bug.cgi?id=1259707 * https://bugzilla.suse.com/show_bug.cgi?id=1259795 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259865 * https://bugzilla.suse.com/show_bug.cgi?id=1259870 * https://bugzilla.suse.com/show_bug.cgi?id=1259886 * https://bugzilla.suse.com/show_bug.cgi?id=1259889 * https://bugzilla.suse.com/show_bug.cgi?id=1259891 * https://bugzilla.suse.com/show_bug.cgi?id=1259997 * https://bugzilla.suse.com/show_bug.cgi?id=1259998 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260464 * https://bugzilla.suse.com/show_bug.cgi?id=1260471 * https://bugzilla.suse.com/show_bug.cgi?id=1260481 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260497 * https://bugzilla.suse.com/show_bug.cgi?id=1260500 * https://bugzilla.suse.com/show_bug.cgi?id=1260527 * https://bugzilla.suse.com/show_bug.cgi?id=1260544 * https://bugzilla.suse.com/show_bug.cgi?id=1260550 * https://bugzilla.suse.com/show_bug.cgi?id=1260562 * https://bugzilla.suse.com/show_bug.cgi?id=1260580 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1260732 * https://bugzilla.suse.com/show_bug.cgi?id=1260735 * https://bugzilla.suse.com/show_bug.cgi?id=1260799 * https://bugzilla.suse.com/show_bug.cgi?id=1261412 * https://bugzilla.suse.com/show_bug.cgi?id=1261496 * https://bugzilla.suse.com/show_bug.cgi?id=1261498 * https://bugzilla.suse.com/show_bug.cgi?id=1261507 * https://bugzilla.suse.com/show_bug.cgi?id=1261669 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:37:19 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:37:19 -0000 Subject: SUSE-SU-2026:21122-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_18 Message-ID: <177644383900.6118.4443192583878856861@2ec35c3f4c39> # Security update for kernel-livepatch-MICRO-6-0_Update_18 Announcement ID: SUSE-SU-2026:21122-1 Release Date: 2026-04-13T16:45:36Z Rating: important References: Affected Products: * SUSE Linux Micro 6.0 An update that can now be installed. ## Description: New livepatch SLE Micro 6.0/6.1 kernel update 18. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-341=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-41-default-1-1.1 * kernel-livepatch-MICRO-6-0_Update_18-debugsource-1-1.1 * kernel-livepatch-6_4_0-41-default-debuginfo-1-1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:37:21 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:37:21 -0000 Subject: SUSE-SU-2026:21121-1: moderate: Security update for NetworkManager Message-ID: <177644384174.6118.15222011545838826134@2ec35c3f4c39> # Security update for NetworkManager Announcement ID: SUSE-SU-2026:21121-1 Release Date: 2026-04-10T12:43:49Z Rating: moderate References: * bsc#1257359 Cross-References: * CVE-2025-9615 CVSS scores: * CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-9615 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for NetworkManager fixes the following issues: * CVE-2025-9615: Fixed non-admin user using others' certificates (bsc#1257359). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-662=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * NetworkManager-cloud-setup-debuginfo-1.42.6-8.1 * NetworkManager-1.42.6-8.1 * NetworkManager-bluetooth-1.42.6-8.1 * NetworkManager-cloud-setup-1.42.6-8.1 * libnm0-1.42.6-8.1 * typelib-1_0-NM-1_0-1.42.6-8.1 * NetworkManager-debuginfo-1.42.6-8.1 * NetworkManager-wwan-1.42.6-8.1 * NetworkManager-wwan-debuginfo-1.42.6-8.1 * NetworkManager-tui-debuginfo-1.42.6-8.1 * NetworkManager-pppoe-1.42.6-8.1 * NetworkManager-tui-1.42.6-8.1 * libnm0-debuginfo-1.42.6-8.1 * NetworkManager-bluetooth-debuginfo-1.42.6-8.1 * NetworkManager-debugsource-1.42.6-8.1 * NetworkManager-pppoe-debuginfo-1.42.6-8.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9615.html * https://bugzilla.suse.com/show_bug.cgi?id=1257359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:37:35 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:37:35 -0000 Subject: SUSE-SU-2026:21120-1: important: Security update for kernel-livepatch-MICRO-6-0_Update_18 Message-ID: <177644385540.6118.17916675051378032348@2ec35c3f4c39> # Security update for kernel-livepatch-MICRO-6-0_Update_18 Announcement ID: SUSE-SU-2026:21120-1 Release Date: 2026-04-13T16:42:46Z Rating: important References: Affected Products: * SUSE Linux Micro 6.1 An update that can now be installed. ## Description: New livepatch SLE Micro 6.0/6.1 kernel update 18. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-341=1 ## Package List: * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-livepatch-6_4_0-41-default-1-1.1 * kernel-livepatch-MICRO-6-0_Update_18-debugsource-1-1.1 * kernel-livepatch-6_4_0-41-default-debuginfo-1-1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:37:42 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:37:42 -0000 Subject: SUSE-RU-2026:21119-1: moderate: Recommended update for dpdk Message-ID: <177644386213.6118.4533551311577754177@2ec35c3f4c39> # Recommended update for dpdk Announcement ID: SUSE-RU-2026:21119-1 Release Date: 2026-04-14T09:13:28Z Rating: moderate References: * bsc#1260007 Affected Products: * SUSE Linux Micro 6.1 An update that has one fix can now be installed. ## Description: This update for dpdk fixes the following issues: * Update to version 22.11.11: * upstream bugfix release * Summary: * app/testpmd: fix conntrack action query, fix DCB Rx queues, fix DCB Tx port, fix flex item link parsing * common/cnxk: fix async event handling * common/mlx5: release unused mempool entries * crypto/ipsec_mb: fix QP release in secondary * dmadev: fix debug build with tracepoints * dma/hisilicon: fix stop with pending transfers * doc: improve documentation for conntrack state inspect command, device argument in txgbe and ionic * eal: fix DMA mask validation with IOVA mode option * efd: fix AVX2 support * event/cnxk: fix Rx offload flags * eventdev: fix listing timer adapters with telemetry * fib6: fix tbl8 allocation check logic * graph: fix unaligned access in stats * hash: fix unaligned access in predictable RSS * net/af_packet: fix crash in secondary process * net/ark: remove double mbuf free * net/bonding: fix MAC address propagation in 802.3ad mode * net/dpaa2: fix duplicate call of close * net/dpaa2: fix L3/L4 checksum results * net/dpaa2: receive packets with additional parse errors * net/dpaa: fix resource leak * net/ena/base: fix unsafe memcpy on invalid memory * net/ena: fix PCI BAR mapping on 64K page size * net/enetfec: fix checksum flag handling and error return * net/enetfec: fix file descriptor leak on read error * net/enetfec: fix memory leak in Rx buffer cleanup * net/enetfec: fix out-of-bounds access in UIO mapping * net/enetfec: fix Tx queue free * net: fix L2 length for GRE packets * net/hns3: fix VLAN resources freeing * net/hns3: fix VLAN tag loss for short tunnel frame * net/i40e: fix symmetric Toeplitz hashing for SCTP * net/ice/base: fix integer overflow on NVM init * net/ice/base: fix memory leak in HW profile handling * net/ice/base: fix memory leak in recipe handling * net/ice: fix initialization with 8 ports * net/ice: fix memory leak in raw pattern parse * net/ice: fix path selection for QinQ Tx offload * net/ice: fix vector Rx VLAN offload flags * net/mlx5: fix connection tracking state item validation * net/mlx5: fix control flow leakage for external SQ * net/mlx5: fix ESP header match after UDP for group 0 * net/mlx5: fix flow aging race condition * net/mlx5: fix min and max MTU reporting * net/mlx5/hws: fix buddy memory allocation * net/ngbe: reduce memory size of ring descriptors * net/tap: fix interrupt callback crash after failed start * net/txgbe: various FDIR fixes * net/vmxnet3: fix mapping of mempools to queues * test/crypto: fix vector initialization * test/debug: fix crash with mlx5 devices * test/debug: fix IOVA mode on PPC64 without huge pages * vfio: fix custom containers in multiprocess * vhost: fix double fetch when dequeue offloading * Add libarchive as dependency, avoid errors like '/lib/firmware/... cannot be decompressed' (bsc#1260007) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-483=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le x86_64) * dpdk-debuginfo-22.11.11-slfo.1.1_1.1 * dpdk-22.11.11-slfo.1.1_1.1 * libdpdk-23-22.11.11-slfo.1.1_1.1 * libdpdk-23-debuginfo-22.11.11-slfo.1.1_1.1 * dpdk-debugsource-22.11.11-slfo.1.1_1.1 * dpdk-tools-22.11.11-slfo.1.1_1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1260007 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:37:47 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:37:47 -0000 Subject: SUSE-SU-2026:21118-1: important: Security update for vim Message-ID: <177644386735.6118.14988629229217864700@2ec35c3f4c39> # Security update for vim Announcement ID: SUSE-SU-2026:21118-1 Release Date: 2026-04-14T08:35:51Z Rating: important References: * bsc#1259985 * bsc#1261191 * bsc#1261271 Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * Update to 9.2.0280 * CVE-2026-33412: command injection via newline in glob() (bsc#1259985). * CVE-2026-34714: crafted file can allow code execution (bsc#1261191). * CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-486=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * vim-data-common-9.2.0280-slfo.1.1_1.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * vim-small-9.2.0280-slfo.1.1_1.1 * vim-debugsource-9.2.0280-slfo.1.1_1.1 * vim-small-debuginfo-9.2.0280-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://bugzilla.suse.com/show_bug.cgi?id=1259985 * https://bugzilla.suse.com/show_bug.cgi?id=1261191 * https://bugzilla.suse.com/show_bug.cgi?id=1261271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:37:50 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:37:50 -0000 Subject: SUSE-SU-2026:21117-1: moderate: Security update for avahi Message-ID: <177644387066.6118.16708468332400341333@2ec35c3f4c39> # Security update for avahi Announcement ID: SUSE-SU-2026:21117-1 Release Date: 2026-04-14T08:31:54Z Rating: moderate References: * bsc#1257235 Cross-References: * CVE-2026-24401 CVSS scores: * CVE-2026-24401 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for avahi fixes the following issues: * CVE-2026-24401: Fix unsolicited mDNS response containing a recursive CNAME record. (bsc#1257235) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-485=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * avahi-debuginfo-0.8-slfo.1.1_5.1 * libavahi-client3-0.8-slfo.1.1_5.1 * avahi-0.8-slfo.1.1_5.1 * libavahi-core7-0.8-slfo.1.1_5.1 * libavahi-common3-debuginfo-0.8-slfo.1.1_5.1 * avahi-debugsource-0.8-slfo.1.1_5.1 * libavahi-common3-0.8-slfo.1.1_5.1 * libavahi-core7-debuginfo-0.8-slfo.1.1_5.1 * libavahi-client3-debuginfo-0.8-slfo.1.1_5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24401.html * https://bugzilla.suse.com/show_bug.cgi?id=1257235 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:37:53 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:37:53 -0000 Subject: SUSE-SU-2026:21116-1: moderate: Security update for python-cryptography Message-ID: <177644387328.6118.1604221044903582348@2ec35c3f4c39> # Security update for python-cryptography Announcement ID: SUSE-SU-2026:21116-1 Release Date: 2026-04-14T08:31:54Z Rating: moderate References: * bsc#1260876 Cross-References: * CVE-2026-34073 CVSS scores: * CVE-2026-34073 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34073 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-34073 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34073 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for python-cryptography fixes the following issues: * CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. (bsc#1260876) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-484=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * python311-cryptography-42.0.4-slfo.1.1_4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34073.html * https://bugzilla.suse.com/show_bug.cgi?id=1260876 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:37:56 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:37:56 -0000 Subject: SUSE-SU-2026:21115-1: important: Security update for ignition Message-ID: <177644387603.6118.13120529521680331881@2ec35c3f4c39> # Security update for ignition Announcement ID: SUSE-SU-2026:21115-1 Release Date: 2026-04-14T08:30:32Z Rating: important References: * bsc#1260251 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for ignition fixes the following issue: * CVE-2026-33186: Fixed an authorization bypass due to improper validation of the HTTP/2: path pseudo-header (bsc#1260251). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-487=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * ignition-2.19.0-slfo.1.1_3.1 * ignition-debuginfo-2.19.0-slfo.1.1_3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1260251 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:39:54 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:39:54 -0000 Subject: SUSE-SU-2026:21114-1: important: Security update for the Linux Kernel Message-ID: <177644399464.6118.17470851560381183086@2ec35c3f4c39> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21114-1 Release Date: 2026-04-13T18:28:29Z Rating: important References: * bsc#1226591 * bsc#1245728 * bsc#1249998 * bsc#1251135 * bsc#1251186 * bsc#1251971 * bsc#1252073 * bsc#1252266 * bsc#1253049 * bsc#1253455 * bsc#1254306 * bsc#1255084 * bsc#1256645 * bsc#1256647 * bsc#1256690 * bsc#1256784 * bsc#1257183 * bsc#1257466 * bsc#1257472 * bsc#1257473 * bsc#1257506 * bsc#1257561 * bsc#1257682 * bsc#1257732 * bsc#1257755 * bsc#1257773 * bsc#1257777 * bsc#1257814 * bsc#1257952 * bsc#1258280 * bsc#1258286 * bsc#1258293 * bsc#1258303 * bsc#1258305 * bsc#1258330 * bsc#1258337 * bsc#1258338 * bsc#1258340 * bsc#1258376 * bsc#1258389 * bsc#1258414 * bsc#1258424 * bsc#1258447 * bsc#1258524 * bsc#1258832 * bsc#1258849 * bsc#1259188 * bsc#1259461 * bsc#1259580 * bsc#1259707 * bsc#1259795 * bsc#1259797 * bsc#1259865 * bsc#1259870 * bsc#1259886 * bsc#1259889 * bsc#1259891 * bsc#1259997 * bsc#1259998 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260464 * bsc#1260471 * bsc#1260481 * bsc#1260486 * bsc#1260497 * bsc#1260500 * bsc#1260527 * bsc#1260544 * bsc#1260550 * bsc#1260562 * bsc#1260580 * bsc#1260730 * bsc#1260732 * bsc#1260735 * bsc#1260799 * bsc#1261412 * bsc#1261496 * bsc#1261498 * bsc#1261507 * bsc#1261669 Cross-References: * CVE-2024-38542 * CVE-2025-39817 * CVE-2025-39998 * CVE-2025-40201 * CVE-2025-40253 * CVE-2025-68794 * CVE-2025-71066 * CVE-2025-71125 * CVE-2025-71231 * CVE-2025-71268 * CVE-2025-71269 * CVE-2026-23030 * CVE-2026-23047 * CVE-2026-23054 * CVE-2026-23069 * CVE-2026-23088 * CVE-2026-23103 * CVE-2026-23120 * CVE-2026-23125 * CVE-2026-23136 * CVE-2026-23140 * CVE-2026-23154 * CVE-2026-23157 * CVE-2026-23169 * CVE-2026-23187 * CVE-2026-23193 * CVE-2026-23201 * CVE-2026-23202 * CVE-2026-23204 * CVE-2026-23207 * CVE-2026-23216 * CVE-2026-23231 * CVE-2026-23242 * CVE-2026-23243 * CVE-2026-23255 * CVE-2026-23262 * CVE-2026-23270 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23277 * CVE-2026-23278 * CVE-2026-23281 * CVE-2026-23292 * CVE-2026-23293 * CVE-2026-23304 * CVE-2026-23317 * CVE-2026-23319 * CVE-2026-23335 * CVE-2026-23343 * CVE-2026-23361 * CVE-2026-23379 * CVE-2026-23381 * CVE-2026-23383 * CVE-2026-23386 * CVE-2026-23395 * CVE-2026-23398 * CVE-2026-23412 * CVE-2026-23413 * CVE-2026-23414 * CVE-2026-23419 * CVE-2026-31788 CVSS scores: * CVE-2024-38542 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2024-38542 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-39817 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-40201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-40253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68794 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71125 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-71125 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-71125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71231 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-71231 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71231 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71268 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71268 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71269 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71269 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23030 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23030 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23047 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23047 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23054 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23069 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23088 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23088 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23136 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23136 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23154 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23154 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23157 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23157 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23169 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23169 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23187 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23202 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23202 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23202 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23207 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23207 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23207 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23242 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23262 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23262 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23281 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23304 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23304 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23319 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23335 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23335 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-23343 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23343 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23361 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23395 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23395 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23412 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23412 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23414 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23419 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves 61 vulnerabilities and has 21 fixes can now be installed. ## Description: The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591). * CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998). * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455). * CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). * CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). * CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784). * CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865). * CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889). * CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561). * CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682). * CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755). * CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). * CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303). * CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). * CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286). * CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389). * CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). * CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). * CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). * CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). * CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). * CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). * CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). * CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). * CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544). * CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). * CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735). * CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550). * CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527). * CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). * CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). * CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23395: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (bsc#1260580). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). * CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non-security bugs were fixed: * ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes). * ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes). * ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes). * ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes). * ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes). * ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes). * ALSA: firewire-lib: fix uninitialized local variable (git-fixes). * ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes). * ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable- fixes). * ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes). * ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes). * ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git- fixes). * ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes). * ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes). * ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes). * ASoC: Intel: catpt: Fix the device initialization (git-fixes). * ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git- fixes). * ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes). * ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes). * ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes). * ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes). * ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes). * ASoC: detect empty DMI strings (git-fixes). * ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes). * ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable- fixes). * ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes). * ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes). * ASoC: soc-core: flush delayed work before removing DAIs and widgets (git- fixes). * Bluetooth: HIDP: Fix possible UAF (git-fixes). * Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git- fixes). * Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes). * Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes). * Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git- fixes). * Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes). * Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git- fixes). * Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes). * Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git- fixes). * Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git- fixes). * Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes). * Bluetooth: MGMT: validate LTK enc_size on load (git-fixes). * Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes). * Bluetooth: Remove 3 repeated macro definitions (stable-fixes). * Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes). * Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes). * Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes). * Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes). * Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes). * Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes). * Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes). * Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes). * Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes). * Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes). * Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable- fixes). * Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git- fixes). * Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). * Drivers: hv: remove stale comment (git-fixes). * Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes). * Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git- fixes). * Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes). * HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes). * HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes). * HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes). * HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable- fixes). * HID: mcp2221: cancel last I2C command on read error (stable-fixes). * Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes). * KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). * NFC: nxp-nci: allow GPIOs to sleep (git-fixes). * NFC: pn533: bound the UART receive buffer (git-fixes). * PCI: Update BAR # and window messages (stable-fixes). * PCI: hv: Correct a comment (git-fixes). * PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). * PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). * PCI: hv: remove unnecessary module_init/exit functions (git-fixes). * PM: runtime: Fix a race condition related to device removal (git-fixes). * RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135). * RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes). * RDMA/mana_ib: Add device statistics support (git-fixes). * RDMA/mana_ib: Add device-memory support (git-fixes). * RDMA/mana_ib: Add port statistics support (git-fixes). * RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). * RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). * RDMA/mana_ib: Adding and deleting GIDs (git-fixes). * RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes). * RDMA/mana_ib: Configure mac address in RNIC (git-fixes). * RDMA/mana_ib: Create and destroy RC QP (git-fixes). * RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes). * RDMA/mana_ib: Create and destroy rnic adapter (git-fixes). * RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes). * RDMA/mana_ib: Enable RoCE on port 1 (git-fixes). * RDMA/mana_ib: Extend modify QP (git-fixes). * RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). * RDMA/mana_ib: Fix error code in probe() (git-fixes). * RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135). * RDMA/mana_ib: Fix missing ret value (git-fixes). * RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690). * RDMA/mana_ib: Implement DMABUF MR support (git-fixes). * RDMA/mana_ib: Implement port parameters (git-fixes). * RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes). * RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git- fixes). * RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes). * RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes). * RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes). * RDMA/mana_ib: Modify QP state (git-fixes). * RDMA/mana_ib: Process QP error events in mana_ib (git-fixes). * RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes). * RDMA/mana_ib: Set correct device into ib (git-fixes). * RDMA/mana_ib: Take CQ type from the device type (git-fixes). * RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes). * RDMA/mana_ib: UD/GSI work requests (git-fixes). * RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes). * RDMA/mana_ib: Use safer allocation function() (bsc#1251135). * RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes). * RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes). * RDMA/mana_ib: add additional port counters (bsc#1251135). * RDMA/mana_ib: add support of multiple ports (bsc#1251135). * RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). * RDMA/mana_ib: create EQs for RNIC CQs (git-fixes). * RDMA/mana_ib: create and destroy RNIC cqs (git-fixes). * RDMA/mana_ib: create kernel-level CQs (git-fixes). * RDMA/mana_ib: create/destroy AH (git-fixes). * RDMA/mana_ib: extend mana QP table (git-fixes). * RDMA/mana_ib: extend query device (git-fixes). * RDMA/mana_ib: helpers to allocate kernel queues (git-fixes). * RDMA/mana_ib: implement get_dma_mr (git-fixes). * RDMA/mana_ib: implement req_notify_cq (git-fixes). * RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes). * RDMA/mana_ib: indicate CM support (git-fixes). * RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes). * RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes). * RDMA/mana_ib: remove useless return values from dbg prints (git-fixes). * RDMA/mana_ib: request error CQEs when supported (git-fixes). * RDMA/mana_ib: set node_guid (git-fixes). * RDMA/mana_ib: support of the zero based MRs (bsc#1251135). * RDMA/mana_ib: unify mana_ib functions to support any gdma device (git- fixes). * Remove "scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans" changes (bsc#1257506). * USB: core: Limit the length of unkillable synchronous timeouts (git-fixes). * USB: dummy-hcd: Fix interrupt synchronization error (git-fixes). * USB: dummy-hcd: Fix locking/synchronization error (git-fixes). * USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable- fixes). * USB: serial: f81232: fix incomplete serial port generation (stable-fixes). * USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes). * USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git- fixes). * accel/qaic: Handle DBC deactivation if the owner went away (git-fixes). * apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). * apparmor: fix differential encoding verification (bsc#1258849). * apparmor: fix memory leak in verify_header (bsc#1258849). * apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). * apparmor: fix race between freeing data and fs accessing it (bsc#1258849). * apparmor: fix race on rawdata dereference (bsc#1258849). * apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). * apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). * apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). * apparmor: replace recursive profile removal with iterative approach (bsc#1258849). * apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). * batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes). * bonding: do not set usable_slaves for broadcast mode (git-fixes). * btrfs: fix zero size inode with non-zero size after log replay (git-fixes). * btrfs: log new dentries when logging parent dir of a conflicting inode (git- fixes). * btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). * can: bcm: fix locking for bcm_op runtime updates (git-fixes). * can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes). * can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes). * can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes). * can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes). * can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes). * can: ucan: Fix infinite loop from zero-length messages (git-fixes). * can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes). * comedi: Reinit dev->spinlock between attachments to low-level drivers (git- fixes). * comedi: me4000: Fix potential overrun of firmware buffer (git-fixes). * comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes). * comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes). * crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes). * crypto: caam - fix DMA corruption on long hmac keys (git-fixes). * crypto: caam - fix overflow on long hmac keys (git-fixes). * dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes). * dmaengine: idxd: Fix leaking event log memory (git-fixes). * dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes). * dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes). * dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable- fixes). * dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes). * dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). * dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes). * dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes). * dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git- fixes). * dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes). * drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable- fixes). * drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes). * drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes). * drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes). * drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes). * drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git- fixes). * drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes). * drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable- fixes). * drm/ast: dp501: Fix initialization of SCU2C (git-fixes). * drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes). * drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable- fixes). * drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (git-fixes). * drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes). * drm/i915/gt: Check set_default_submission() before deferencing (git-fixes). * drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes). * drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes). * drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git- fixes). * drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes). * drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes). * drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes). * drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes). * firmware: arm_scpi: Fix device_node reference leak in probe path (git- fixes). * gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes). * hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git- fixes). * hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes). * hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git- fixes). * hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes). * hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes). * hwmon: (it87) Check the it87_lock() return value (git-fixes). * hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes). * hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes). * hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes). * hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes). * hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes). * hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes). * hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes). * hwmon: (pxe1610) Check return value of page-select write in probe (git- fixes). * hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes). * hwmon: axi-fan: do not use driver_override as IRQ name (git-fixes). * i2c: cp2615: fix serial string NULL-deref at probe (git-fixes). * i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes). * i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes). * i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes). * idpf: nullify pointers after they are freed (git-fixes). * iio: accel: fix ADXL355 temperature signature value (git-fixes). * iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes). * iio: chemical: bme680: Fix measurement wait duration calculation (git- fixes). * iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git- fixes). * iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes). * iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes). * iio: dac: ds4424: reject -128 RAW value (git-fixes). * iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes). * iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes). * iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes). * iio: gyro: mpu3050: Fix irq resource leak (git-fixes). * iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes). * iio: gyro: mpu3050: Move iio_device_register() to correct location (git- fixes). * iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes). * iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes). * iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes). * iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes). * iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes). * iio: potentiometer: mcp4131: fix double application of wiper shift (git- fixes). * media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git- fixes). * media: tegra-video: Use accessors for pad config 'try_*' fields (stable- fixes). * mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes). * mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). * mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes). * mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). * misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes). * mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes). * mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes). * mtd: Avoid boot crash in RedBoot partition table parser (git-fixes). * mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes). * mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes). * mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes). * mtd: rawnand: serialize lock/unlock against other NAND operations (git- fixes). * mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable- fixes). * mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes). * net/mana: Null service_wq on setup error to prevent double destroy (git- fix). * net/mlx5: Fix crash when moving to switchdev mode (git-fixes). * net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes). * net/x25: Fix overflow when accumulating packets (git-fixes). * net/x25: Fix potential double free of skb (git-fixes). * net: mana: Add metadata support for xdp mode (git-fixes). * net: mana: Add standard counter rx_missed_errors (git-fixes). * net: mana: Add support for auxiliary device servicing events (bsc#1251971). * net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690). * net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). * net: mana: Fix double destroy_workqueue on service rescan PCI path (git- fixes). * net: mana: Fix use-after-free in reset service rescan path (git-fixes). * net: mana: Fix warnings for missing export.h header inclusion (git-fixes). * net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971). * net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). * net: mana: Handle hardware recovery events when probing the device (bsc#1257466). * net: mana: Handle unsupported HWC commands (git-fixes). * net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). * net: mana: Move hardware counter stats from per-port to per-VF context (git- fixes). * net: mana: Probe rdma device in mana driver (git-fixes). * net: mana: Reduce waiting time if HWC not responding (bsc#1252266). * net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). * net: mana: Support HW link state events (bsc#1253049). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes). * net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). * net: mana: fix use-after-free in add_adev() error path (git-fixes). * net: mana: use ethtool string helpers (git-fixes). * net: nfc: nci: Fix zero-length proprietary notifications (git-fixes). * net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes). * net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes). * net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes). * net: usb: lan78xx: fix silent drop of packets with checksum errors (git- fixes). * net: usb: pegasus: validate USB endpoints (stable-fixes). * nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git- fixes). * nfc: nci: fix circular locking dependency in nci_close_device (git-fixes). * nfc: nci: free skb on nci_transceive early error paths (git-fixes). * nfc: rawsock: cancel tx_work before socket teardown (git-fixes). * nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes). * phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes). * pinctrl: equilibrium: fix warning trace on load (git-fixes). * pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes). * pinctrl: mediatek: common: Fix probe failure for devices without EINT (git- fixes). * pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes). * platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes). * platform/x86: ISST: Correct locked bit width (git-fixes). * platform/x86: dell-wmi-sysman: Do not hex dump plaintext password data (git- fixes). * platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes). * platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes). * platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes). * platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes). * qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes). * regmap: Synchronize cache for the page selector (git-fixes). * regulator: pca9450: Correct interrupt type (git-fixes). * regulator: pca9450: Make IRQ optional (stable-fixes). * remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes). * rename Hyper-v patch files to simplify further SP6-SP7 merges * s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). * scsi: mpi3mr: Event processing debug improvement (bsc#1251186, bsc#1258832). * scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). * scsi: storvsc: Remove redundant ternary operators (git-fixes). * selftests/powerpc: Re-order *FLAGS to follow lib.mk (bsc#1261669). * selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669). * selftests/powerpc: make sub-folders buildable on their own (bsc#1261669). * serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes). * serial: 8250: Fix TX deadlock when using DMA (git-fixes). * serial: 8250_pci: add support for the AX99100 (stable-fixes). * serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes). * soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git- fixes). * soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes). * spi: fix statistics allocation (git-fixes). * spi: fix use-after-free on controller registration failure (git-fixes). * spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes). * staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable- fixes). * tg3: Fix race for querying speed/duplex (bsc#1257183). * thunderbolt: Fix property read in nhi_wake_supported() (git-fixes). * tools/hv: add a .gitignore file (git-fixes). * tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes). * tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes). * tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). * tools: hv: lsvmbus: change shebang to use python3 (git-fixes). * usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes). * usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes). * usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable- fixes). * usb: cdns3: fix role switching during resume (git-fixes). * usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes). * usb: cdns3: gadget: fix state inconsistency on gadget init failure (git- fixes). * usb: cdns3: remove redundant if branch (stable-fixes). * usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes). * usb: core: do not power off roothub PHYs if phy_set_mode() fails (git- fixes). * usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes). * usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes). * usb: ehci-brcm: fix sleep during atomic (git-fixes). * usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes). * usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes). * usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes). * usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git- fixes). * usb: gadget: uvc: fix NULL pointer dereference during unbind race (git- fixes). * usb: image: mdc800: kill download URB on timeout (stable-fixes). * usb: mdc800: handle signal and read racing (stable-fixes). * usb: misc: uss720: properly clean up reference in uss720_probe() (stable- fixes). * usb: renesas_usbhs: fix use-after-free in ISR during device removal (git- fixes). * usb: roles: get usb role switch from parent only for usb-b-connector (git- fixes). * usb: ulpi: fix double free in ulpi_register_interface() error path (git- fixes). * usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes). * usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes). * usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable- fixes). * usb: yurex: fix race in probe (stable-fixes). * wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes). * wifi: cw1200: Fix locking in error paths (git-fixes). * wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes). * wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git- fixes). * wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes). * wifi: mac80211: set default WMM parameters on all links (stable-fixes). * wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes). * wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes). * wifi: rsi: Do not default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes). * wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git- fixes). * wifi: wlcore: Fix a locking bug (git-fixes). * wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). * xen/privcmd: unregister xenstore notifier on module exit (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-kernel-340=1 ## Package List: * SUSE Linux Micro 6.1 (noarch) * kernel-source-6.4.0-41.1 * kernel-macros-6.4.0-41.1 * kernel-devel-6.4.0-41.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.4.0-41.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-6.4.0-41.1 * kernel-default-debugsource-6.4.0-41.1 * kernel-default-devel-6.4.0-41.1 * SUSE Linux Micro 6.1 (aarch64 ppc64le x86_64) * kernel-default-base-6.4.0-41.1.21.18 * SUSE Linux Micro 6.1 (ppc64le x86_64) * kernel-default-devel-debuginfo-6.4.0-41.1 * SUSE Linux Micro 6.1 (s390x x86_64) * kernel-default-livepatch-6.4.0-41.1 * SUSE Linux Micro 6.1 (nosrc x86_64) * kernel-kvmsmall-6.4.0-41.1 * SUSE Linux Micro 6.1 (x86_64) * kernel-kvmsmall-debuginfo-6.4.0-41.1 * kernel-kvmsmall-debugsource-6.4.0-41.1 ## References: * https://www.suse.com/security/cve/CVE-2024-38542.html * https://www.suse.com/security/cve/CVE-2025-39817.html * https://www.suse.com/security/cve/CVE-2025-39998.html * https://www.suse.com/security/cve/CVE-2025-40201.html * https://www.suse.com/security/cve/CVE-2025-40253.html * https://www.suse.com/security/cve/CVE-2025-68794.html * https://www.suse.com/security/cve/CVE-2025-71066.html * https://www.suse.com/security/cve/CVE-2025-71125.html * https://www.suse.com/security/cve/CVE-2025-71231.html * https://www.suse.com/security/cve/CVE-2025-71268.html * https://www.suse.com/security/cve/CVE-2025-71269.html * https://www.suse.com/security/cve/CVE-2026-23030.html * https://www.suse.com/security/cve/CVE-2026-23047.html * https://www.suse.com/security/cve/CVE-2026-23054.html * https://www.suse.com/security/cve/CVE-2026-23069.html * https://www.suse.com/security/cve/CVE-2026-23088.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23120.html * https://www.suse.com/security/cve/CVE-2026-23125.html * https://www.suse.com/security/cve/CVE-2026-23136.html * https://www.suse.com/security/cve/CVE-2026-23140.html * https://www.suse.com/security/cve/CVE-2026-23154.html * https://www.suse.com/security/cve/CVE-2026-23157.html * https://www.suse.com/security/cve/CVE-2026-23169.html * https://www.suse.com/security/cve/CVE-2026-23187.html * https://www.suse.com/security/cve/CVE-2026-23193.html * https://www.suse.com/security/cve/CVE-2026-23201.html * https://www.suse.com/security/cve/CVE-2026-23202.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23207.html * https://www.suse.com/security/cve/CVE-2026-23216.html * https://www.suse.com/security/cve/CVE-2026-23231.html * https://www.suse.com/security/cve/CVE-2026-23242.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23255.html * https://www.suse.com/security/cve/CVE-2026-23262.html * https://www.suse.com/security/cve/CVE-2026-23270.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23277.html * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-23281.html * https://www.suse.com/security/cve/CVE-2026-23292.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23304.html * https://www.suse.com/security/cve/CVE-2026-23317.html * https://www.suse.com/security/cve/CVE-2026-23319.html * https://www.suse.com/security/cve/CVE-2026-23335.html * https://www.suse.com/security/cve/CVE-2026-23343.html * https://www.suse.com/security/cve/CVE-2026-23361.html * https://www.suse.com/security/cve/CVE-2026-23379.html * https://www.suse.com/security/cve/CVE-2026-23381.html * https://www.suse.com/security/cve/CVE-2026-23383.html * https://www.suse.com/security/cve/CVE-2026-23386.html * https://www.suse.com/security/cve/CVE-2026-23395.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://www.suse.com/security/cve/CVE-2026-23412.html * https://www.suse.com/security/cve/CVE-2026-23413.html * https://www.suse.com/security/cve/CVE-2026-23414.html * https://www.suse.com/security/cve/CVE-2026-23419.html * https://www.suse.com/security/cve/CVE-2026-31788.html * https://bugzilla.suse.com/show_bug.cgi?id=1226591 * https://bugzilla.suse.com/show_bug.cgi?id=1245728 * https://bugzilla.suse.com/show_bug.cgi?id=1249998 * https://bugzilla.suse.com/show_bug.cgi?id=1251135 * https://bugzilla.suse.com/show_bug.cgi?id=1251186 * https://bugzilla.suse.com/show_bug.cgi?id=1251971 * https://bugzilla.suse.com/show_bug.cgi?id=1252073 * https://bugzilla.suse.com/show_bug.cgi?id=1252266 * https://bugzilla.suse.com/show_bug.cgi?id=1253049 * https://bugzilla.suse.com/show_bug.cgi?id=1253455 * https://bugzilla.suse.com/show_bug.cgi?id=1254306 * https://bugzilla.suse.com/show_bug.cgi?id=1255084 * https://bugzilla.suse.com/show_bug.cgi?id=1256645 * https://bugzilla.suse.com/show_bug.cgi?id=1256647 * https://bugzilla.suse.com/show_bug.cgi?id=1256690 * https://bugzilla.suse.com/show_bug.cgi?id=1256784 * https://bugzilla.suse.com/show_bug.cgi?id=1257183 * https://bugzilla.suse.com/show_bug.cgi?id=1257466 * https://bugzilla.suse.com/show_bug.cgi?id=1257472 * https://bugzilla.suse.com/show_bug.cgi?id=1257473 * https://bugzilla.suse.com/show_bug.cgi?id=1257506 * https://bugzilla.suse.com/show_bug.cgi?id=1257561 * https://bugzilla.suse.com/show_bug.cgi?id=1257682 * https://bugzilla.suse.com/show_bug.cgi?id=1257732 * https://bugzilla.suse.com/show_bug.cgi?id=1257755 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1257777 * https://bugzilla.suse.com/show_bug.cgi?id=1257814 * https://bugzilla.suse.com/show_bug.cgi?id=1257952 * https://bugzilla.suse.com/show_bug.cgi?id=1258280 * https://bugzilla.suse.com/show_bug.cgi?id=1258286 * https://bugzilla.suse.com/show_bug.cgi?id=1258293 * https://bugzilla.suse.com/show_bug.cgi?id=1258303 * https://bugzilla.suse.com/show_bug.cgi?id=1258305 * https://bugzilla.suse.com/show_bug.cgi?id=1258330 * https://bugzilla.suse.com/show_bug.cgi?id=1258337 * https://bugzilla.suse.com/show_bug.cgi?id=1258338 * https://bugzilla.suse.com/show_bug.cgi?id=1258340 * https://bugzilla.suse.com/show_bug.cgi?id=1258376 * https://bugzilla.suse.com/show_bug.cgi?id=1258389 * https://bugzilla.suse.com/show_bug.cgi?id=1258414 * https://bugzilla.suse.com/show_bug.cgi?id=1258424 * https://bugzilla.suse.com/show_bug.cgi?id=1258447 * https://bugzilla.suse.com/show_bug.cgi?id=1258524 * https://bugzilla.suse.com/show_bug.cgi?id=1258832 * https://bugzilla.suse.com/show_bug.cgi?id=1258849 * https://bugzilla.suse.com/show_bug.cgi?id=1259188 * https://bugzilla.suse.com/show_bug.cgi?id=1259461 * https://bugzilla.suse.com/show_bug.cgi?id=1259580 * https://bugzilla.suse.com/show_bug.cgi?id=1259707 * https://bugzilla.suse.com/show_bug.cgi?id=1259795 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259865 * https://bugzilla.suse.com/show_bug.cgi?id=1259870 * https://bugzilla.suse.com/show_bug.cgi?id=1259886 * https://bugzilla.suse.com/show_bug.cgi?id=1259889 * https://bugzilla.suse.com/show_bug.cgi?id=1259891 * https://bugzilla.suse.com/show_bug.cgi?id=1259997 * https://bugzilla.suse.com/show_bug.cgi?id=1259998 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260464 * https://bugzilla.suse.com/show_bug.cgi?id=1260471 * https://bugzilla.suse.com/show_bug.cgi?id=1260481 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260497 * https://bugzilla.suse.com/show_bug.cgi?id=1260500 * https://bugzilla.suse.com/show_bug.cgi?id=1260527 * https://bugzilla.suse.com/show_bug.cgi?id=1260544 * https://bugzilla.suse.com/show_bug.cgi?id=1260550 * https://bugzilla.suse.com/show_bug.cgi?id=1260562 * https://bugzilla.suse.com/show_bug.cgi?id=1260580 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1260732 * https://bugzilla.suse.com/show_bug.cgi?id=1260735 * https://bugzilla.suse.com/show_bug.cgi?id=1260799 * https://bugzilla.suse.com/show_bug.cgi?id=1261412 * https://bugzilla.suse.com/show_bug.cgi?id=1261496 * https://bugzilla.suse.com/show_bug.cgi?id=1261498 * https://bugzilla.suse.com/show_bug.cgi?id=1261507 * https://bugzilla.suse.com/show_bug.cgi?id=1261669 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:40:14 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:40:14 -0000 Subject: SUSE-SU-2026:21113-1: moderate: Security update for NetworkManager Message-ID: <177644401400.6118.6958803389448641347@2ec35c3f4c39> # Security update for NetworkManager Announcement ID: SUSE-SU-2026:21113-1 Release Date: 2026-04-10T12:32:35Z Rating: moderate References: * bsc#1257359 Cross-References: * CVE-2025-9615 CVSS scores: * CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-9615 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for NetworkManager fixes the following issues: * CVE-2025-9615: Fixed non-admin user using others' certificates (bsc#1257359). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-480=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * NetworkManager-pppoe-debuginfo-1.42.6-slfo.1.1_4.1 * NetworkManager-cloud-setup-debuginfo-1.42.6-slfo.1.1_4.1 * NetworkManager-wwan-1.42.6-slfo.1.1_4.1 * NetworkManager-cloud-setup-1.42.6-slfo.1.1_4.1 * NetworkManager-debugsource-1.42.6-slfo.1.1_4.1 * NetworkManager-wwan-debuginfo-1.42.6-slfo.1.1_4.1 * NetworkManager-tui-1.42.6-slfo.1.1_4.1 * NetworkManager-pppoe-1.42.6-slfo.1.1_4.1 * NetworkManager-debuginfo-1.42.6-slfo.1.1_4.1 * libnm0-debuginfo-1.42.6-slfo.1.1_4.1 * libnm0-1.42.6-slfo.1.1_4.1 * NetworkManager-bluetooth-1.42.6-slfo.1.1_4.1 * NetworkManager-tui-debuginfo-1.42.6-slfo.1.1_4.1 * NetworkManager-bluetooth-debuginfo-1.42.6-slfo.1.1_4.1 * typelib-1_0-NM-1_0-1.42.6-slfo.1.1_4.1 * NetworkManager-1.42.6-slfo.1.1_4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9615.html * https://bugzilla.suse.com/show_bug.cgi?id=1257359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:40:33 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:40:33 -0000 Subject: SUSE-RU-2026:1434-1: moderate: Recommended update for apparmor Message-ID: <177644403301.6118.7076902857040088391@2ec35c3f4c39> # Recommended update for apparmor Announcement ID: SUSE-RU-2026:1434-1 Release Date: 2026-04-17T10:49:32Z Rating: moderate References: * bsc#1225811 * bsc#1259441 Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has two fixes can now be installed. ## Description: This update for apparmor fixes the following issues: * samba gives denied in audit with apparmor (bsc#1225811). * apparmor denies printing with profiles on sle15-sp7 (bsc#1259441). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1434=1 openSUSE-SLE-15.6-2026-1434=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1434=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1434=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1434=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1434=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1434=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libapparmor1-3.1.7-150600.5.12.2 * apparmor-parser-debuginfo-3.1.7-150600.5.12.2 * libapparmor-devel-3.1.7-150600.5.12.2 * apparmor-debugsource-3.1.7-150600.5.12.2 * apparmor-parser-3.1.7-150600.5.12.2 * python3-apparmor-3.1.7-150600.5.12.2 * ruby-apparmor-3.1.7-150600.5.12.2 * python3-apparmor-debuginfo-3.1.7-150600.5.12.2 * pam_apparmor-debuginfo-3.1.7-150600.5.12.2 * perl-apparmor-3.1.7-150600.5.12.2 * pam_apparmor-3.1.7-150600.5.12.2 * ruby-apparmor-debuginfo-3.1.7-150600.5.12.2 * libapparmor1-debuginfo-3.1.7-150600.5.12.2 * perl-apparmor-debuginfo-3.1.7-150600.5.12.2 * apache2-mod_apparmor-3.1.7-150600.5.12.2 * libapparmor-debugsource-3.1.7-150600.5.12.2 * apache2-mod_apparmor-debuginfo-3.1.7-150600.5.12.2 * openSUSE Leap 15.6 (noarch) * apparmor-abstractions-3.1.7-150600.5.12.2 * apparmor-utils-3.1.7-150600.5.12.2 * apparmor-docs-3.1.7-150600.5.12.2 * apparmor-utils-lang-3.1.7-150600.5.12.2 * apparmor-parser-lang-3.1.7-150600.5.12.2 * apparmor-profiles-3.1.7-150600.5.12.2 * openSUSE Leap 15.6 (x86_64) * pam_apparmor-32bit-debuginfo-3.1.7-150600.5.12.2 * libapparmor1-32bit-debuginfo-3.1.7-150600.5.12.2 * libapparmor1-32bit-3.1.7-150600.5.12.2 * pam_apparmor-32bit-3.1.7-150600.5.12.2 * openSUSE Leap 15.6 (aarch64_ilp32) * pam_apparmor-64bit-3.1.7-150600.5.12.2 * libapparmor1-64bit-3.1.7-150600.5.12.2 * pam_apparmor-64bit-debuginfo-3.1.7-150600.5.12.2 * libapparmor1-64bit-debuginfo-3.1.7-150600.5.12.2 * Basesystem Module 15-SP7 (noarch) * apparmor-abstractions-3.1.7-150600.5.12.2 * apparmor-utils-3.1.7-150600.5.12.2 * apparmor-docs-3.1.7-150600.5.12.2 * apparmor-utils-lang-3.1.7-150600.5.12.2 * apparmor-parser-lang-3.1.7-150600.5.12.2 * apparmor-profiles-3.1.7-150600.5.12.2 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libapparmor1-3.1.7-150600.5.12.2 * apparmor-parser-debuginfo-3.1.7-150600.5.12.2 * libapparmor-devel-3.1.7-150600.5.12.2 * apparmor-debugsource-3.1.7-150600.5.12.2 * apparmor-parser-3.1.7-150600.5.12.2 * python3-apparmor-debuginfo-3.1.7-150600.5.12.2 * pam_apparmor-debuginfo-3.1.7-150600.5.12.2 * pam_apparmor-3.1.7-150600.5.12.2 * libapparmor1-debuginfo-3.1.7-150600.5.12.2 * python3-apparmor-3.1.7-150600.5.12.2 * libapparmor-debugsource-3.1.7-150600.5.12.2 * Basesystem Module 15-SP7 (x86_64) * pam_apparmor-32bit-debuginfo-3.1.7-150600.5.12.2 * libapparmor1-32bit-debuginfo-3.1.7-150600.5.12.2 * libapparmor1-32bit-3.1.7-150600.5.12.2 * pam_apparmor-32bit-3.1.7-150600.5.12.2 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * perl-apparmor-3.1.7-150600.5.12.2 * apparmor-debugsource-3.1.7-150600.5.12.2 * perl-apparmor-debuginfo-3.1.7-150600.5.12.2 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * apache2-mod_apparmor-3.1.7-150600.5.12.2 * apparmor-debugsource-3.1.7-150600.5.12.2 * apache2-mod_apparmor-debuginfo-3.1.7-150600.5.12.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libapparmor1-3.1.7-150600.5.12.2 * apparmor-parser-debuginfo-3.1.7-150600.5.12.2 * libapparmor-devel-3.1.7-150600.5.12.2 * apparmor-debugsource-3.1.7-150600.5.12.2 * apparmor-parser-3.1.7-150600.5.12.2 * python3-apparmor-3.1.7-150600.5.12.2 * python3-apparmor-debuginfo-3.1.7-150600.5.12.2 * pam_apparmor-debuginfo-3.1.7-150600.5.12.2 * perl-apparmor-3.1.7-150600.5.12.2 * pam_apparmor-3.1.7-150600.5.12.2 * libapparmor1-debuginfo-3.1.7-150600.5.12.2 * perl-apparmor-debuginfo-3.1.7-150600.5.12.2 * apache2-mod_apparmor-3.1.7-150600.5.12.2 * libapparmor-debugsource-3.1.7-150600.5.12.2 * apache2-mod_apparmor-debuginfo-3.1.7-150600.5.12.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * apparmor-abstractions-3.1.7-150600.5.12.2 * apparmor-utils-3.1.7-150600.5.12.2 * apparmor-docs-3.1.7-150600.5.12.2 * apparmor-utils-lang-3.1.7-150600.5.12.2 * apparmor-parser-lang-3.1.7-150600.5.12.2 * apparmor-profiles-3.1.7-150600.5.12.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * pam_apparmor-32bit-debuginfo-3.1.7-150600.5.12.2 * libapparmor1-32bit-debuginfo-3.1.7-150600.5.12.2 * libapparmor1-32bit-3.1.7-150600.5.12.2 * pam_apparmor-32bit-3.1.7-150600.5.12.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libapparmor1-3.1.7-150600.5.12.2 * apparmor-parser-debuginfo-3.1.7-150600.5.12.2 * libapparmor-devel-3.1.7-150600.5.12.2 * apparmor-debugsource-3.1.7-150600.5.12.2 * apparmor-parser-3.1.7-150600.5.12.2 * python3-apparmor-3.1.7-150600.5.12.2 * python3-apparmor-debuginfo-3.1.7-150600.5.12.2 * pam_apparmor-debuginfo-3.1.7-150600.5.12.2 * perl-apparmor-3.1.7-150600.5.12.2 * pam_apparmor-3.1.7-150600.5.12.2 * libapparmor1-debuginfo-3.1.7-150600.5.12.2 * perl-apparmor-debuginfo-3.1.7-150600.5.12.2 * apache2-mod_apparmor-3.1.7-150600.5.12.2 * libapparmor-debugsource-3.1.7-150600.5.12.2 * apache2-mod_apparmor-debuginfo-3.1.7-150600.5.12.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * apparmor-abstractions-3.1.7-150600.5.12.2 * apparmor-utils-3.1.7-150600.5.12.2 * apparmor-docs-3.1.7-150600.5.12.2 * apparmor-utils-lang-3.1.7-150600.5.12.2 * apparmor-parser-lang-3.1.7-150600.5.12.2 * apparmor-profiles-3.1.7-150600.5.12.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * pam_apparmor-32bit-debuginfo-3.1.7-150600.5.12.2 * libapparmor1-32bit-debuginfo-3.1.7-150600.5.12.2 * libapparmor1-32bit-3.1.7-150600.5.12.2 * pam_apparmor-32bit-3.1.7-150600.5.12.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1225811 * https://bugzilla.suse.com/show_bug.cgi?id=1259441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:40:39 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:40:39 -0000 Subject: SUSE-SU-2026:1433-1: important: Security update for libcap Message-ID: <177644403992.6118.621922327308266956@2ec35c3f4c39> # Security update for libcap Announcement ID: SUSE-SU-2026:1433-1 Release Date: 2026-04-17T10:13:17Z Rating: important References: * bsc#1261809 Cross-References: * CVE-2026-4878 CVSS scores: * CVE-2026-4878 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4878 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4878 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libcap fixes the following issue: * CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1433=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1433=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libcap-debugsource-2.26-14.12.1 * libcap2-debuginfo-2.26-14.12.1 * libcap-progs-debuginfo-2.26-14.12.1 * libcap-devel-2.26-14.12.1 * libcap-progs-2.26-14.12.1 * libcap2-2.26-14.12.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64_ilp32) * libcap2-debuginfo-64bit-2.26-14.12.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libcap2-debuginfo-32bit-2.26-14.12.1 * libcap2-32bit-2.26-14.12.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libcap-debugsource-2.26-14.12.1 * libcap2-debuginfo-32bit-2.26-14.12.1 * libcap2-debuginfo-2.26-14.12.1 * libcap-progs-debuginfo-2.26-14.12.1 * libcap-devel-2.26-14.12.1 * libcap-progs-2.26-14.12.1 * libcap2-2.26-14.12.1 * libcap2-32bit-2.26-14.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4878.html * https://bugzilla.suse.com/show_bug.cgi?id=1261809 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:40:43 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:40:43 -0000 Subject: SUSE-SU-2026:1432-1: important: Security update for libcap Message-ID: <177644404327.6118.5641587737281701207@2ec35c3f4c39> # Security update for libcap Announcement ID: SUSE-SU-2026:1432-1 Release Date: 2026-04-17T10:13:04Z Rating: important References: * bsc#1261809 Cross-References: * CVE-2026-4878 CVSS scores: * CVE-2026-4878 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4878 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4878 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for libcap fixes the following issue: * CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1432=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1432=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1432=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1432=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1432=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1432=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1432=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1432=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1432=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1432=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1432=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1432=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1432=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1432=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1432=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1432=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1432=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * openSUSE Leap 15.4 (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libpsx2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * libpsx2-32bit-debuginfo-2.63-150400.3.6.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libcap2-64bit-2.63-150400.3.6.1 * libcap2-64bit-debuginfo-2.63-150400.3.6.1 * libpsx2-64bit-debuginfo-2.63-150400.3.6.1 * libpsx2-64bit-2.63-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libcap2-debuginfo-2.63-150400.3.6.1 * libcap-debugsource-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libcap2-debuginfo-2.63-150400.3.6.1 * libcap-debugsource-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libcap2-debuginfo-2.63-150400.3.6.1 * libcap-debugsource-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libcap2-debuginfo-2.63-150400.3.6.1 * libcap-debugsource-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libcap2-debuginfo-2.63-150400.3.6.1 * libcap-debugsource-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * Basesystem Module 15-SP7 (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libcap-debugsource-2.63-150400.3.6.1 * libcap-progs-2.63-150400.3.6.1 * libcap2-debuginfo-2.63-150400.3.6.1 * libpsx2-2.63-150400.3.6.1 * libpsx2-debuginfo-2.63-150400.3.6.1 * libcap2-2.63-150400.3.6.1 * libcap-devel-2.63-150400.3.6.1 * libcap-progs-debuginfo-2.63-150400.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * libcap2-32bit-2.63-150400.3.6.1 * libcap2-32bit-debuginfo-2.63-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4878.html * https://bugzilla.suse.com/show_bug.cgi?id=1261809 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:40:46 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:40:46 -0000 Subject: SUSE-SU-2026:1431-1: important: Security update for gdk-pixbuf Message-ID: <177644404648.6118.17651867868316258132@2ec35c3f4c39> # Security update for gdk-pixbuf Announcement ID: SUSE-SU-2026:1431-1 Release Date: 2026-04-17T10:07:57Z Rating: important References: * bsc#1261210 Cross-References: * CVE-2026-5201 CVSS scores: * CVE-2026-5201 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-5201 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5201 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for gdk-pixbuf fixes the following issue: * CVE-2026-5201: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (bsc#1261210). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1431=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1431=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.18.1 * libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.18.1 * gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.18.1 * gdk-pixbuf-query-loaders-2.40.0-150200.3.18.1 * gdk-pixbuf-debugsource-2.40.0-150200.3.18.1 * libgdk_pixbuf-2_0-0-2.40.0-150200.3.18.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.18.1 * libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.18.1 * gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.18.1 * gdk-pixbuf-query-loaders-2.40.0-150200.3.18.1 * gdk-pixbuf-debugsource-2.40.0-150200.3.18.1 * libgdk_pixbuf-2_0-0-2.40.0-150200.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5201.html * https://bugzilla.suse.com/show_bug.cgi?id=1261210 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:40:49 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:40:49 -0000 Subject: SUSE-SU-2026:1430-1: important: Security update for gdk-pixbuf Message-ID: <177644404916.6118.9438211317035548659@2ec35c3f4c39> # Security update for gdk-pixbuf Announcement ID: SUSE-SU-2026:1430-1 Release Date: 2026-04-17T10:06:50Z Rating: important References: * bsc#1261210 Cross-References: * CVE-2026-5201 CVSS scores: * CVE-2026-5201 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-5201 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5201 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gdk-pixbuf fixes the following issue: * CVE-2026-5201: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (bsc#1261210). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1430=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1430=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * gdk-pixbuf-query-loaders-2.34.0-19.26.1 * libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.26.1 * gdk-pixbuf-debugsource-2.34.0-19.26.1 * gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.26.1 * gdk-pixbuf-devel-debuginfo-2.34.0-19.26.1 * libgdk_pixbuf-2_0-0-2.34.0-19.26.1 * typelib-1_0-GdkPixbuf-2_0-2.34.0-19.26.1 * gdk-pixbuf-devel-2.34.0-19.26.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (noarch) * gdk-pixbuf-lang-2.34.0-19.26.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.26.1 * libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.26.1 * gdk-pixbuf-query-loaders-32bit-2.34.0-19.26.1 * libgdk_pixbuf-2_0-0-32bit-2.34.0-19.26.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * gdk-pixbuf-query-loaders-2.34.0-19.26.1 * libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.26.1 * libgdk_pixbuf-2_0-0-32bit-2.34.0-19.26.1 * gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.26.1 * gdk-pixbuf-debugsource-2.34.0-19.26.1 * gdk-pixbuf-devel-debuginfo-2.34.0-19.26.1 * gdk-pixbuf-query-loaders-32bit-2.34.0-19.26.1 * gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.26.1 * libgdk_pixbuf-2_0-0-2.34.0-19.26.1 * libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.26.1 * typelib-1_0-GdkPixbuf-2_0-2.34.0-19.26.1 * gdk-pixbuf-devel-2.34.0-19.26.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * gdk-pixbuf-lang-2.34.0-19.26.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5201.html * https://bugzilla.suse.com/show_bug.cgi?id=1261210 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:40:52 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:40:52 -0000 Subject: SUSE-SU-2026:1429-1: moderate: Security update for openssl-3 Message-ID: <177644405204.6118.16696733431348125317@2ec35c3f4c39> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:1429-1 Release Date: 2026-04-17T10:03:32Z Rating: moderate References: * bsc#1261678 Cross-References: * CVE-2026-28390 CVSS scores: * CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-3 fixes the following issue: * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1429=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1429=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1429=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1429=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1429=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1429=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1429=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1429=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1429=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libopenssl3-3.0.8-150400.4.84.1 * libopenssl3-debuginfo-3.0.8-150400.4.84.1 * openssl-3-3.0.8-150400.4.84.1 * openssl-3-debugsource-3.0.8-150400.4.84.1 * libopenssl-3-devel-3.0.8-150400.4.84.1 * openssl-3-debuginfo-3.0.8-150400.4.84.1 * openSUSE Leap 15.4 (x86_64) * libopenssl3-32bit-debuginfo-3.0.8-150400.4.84.1 * libopenssl-3-devel-32bit-3.0.8-150400.4.84.1 * libopenssl3-32bit-3.0.8-150400.4.84.1 * openSUSE Leap 15.4 (noarch) * openssl-3-doc-3.0.8-150400.4.84.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libopenssl3-64bit-debuginfo-3.0.8-150400.4.84.1 * libopenssl-3-devel-64bit-3.0.8-150400.4.84.1 * libopenssl3-64bit-3.0.8-150400.4.84.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libopenssl3-3.0.8-150400.4.84.1 * libopenssl3-debuginfo-3.0.8-150400.4.84.1 * openssl-3-debugsource-3.0.8-150400.4.84.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libopenssl3-3.0.8-150400.4.84.1 * libopenssl3-debuginfo-3.0.8-150400.4.84.1 * openssl-3-debugsource-3.0.8-150400.4.84.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libopenssl3-3.0.8-150400.4.84.1 * libopenssl3-debuginfo-3.0.8-150400.4.84.1 * openssl-3-debugsource-3.0.8-150400.4.84.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libopenssl3-3.0.8-150400.4.84.1 * libopenssl3-debuginfo-3.0.8-150400.4.84.1 * openssl-3-debugsource-3.0.8-150400.4.84.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libopenssl3-3.0.8-150400.4.84.1 * libopenssl3-debuginfo-3.0.8-150400.4.84.1 * openssl-3-3.0.8-150400.4.84.1 * openssl-3-debugsource-3.0.8-150400.4.84.1 * libopenssl-3-devel-3.0.8-150400.4.84.1 * openssl-3-debuginfo-3.0.8-150400.4.84.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libopenssl3-3.0.8-150400.4.84.1 * libopenssl3-debuginfo-3.0.8-150400.4.84.1 * openssl-3-3.0.8-150400.4.84.1 * openssl-3-debugsource-3.0.8-150400.4.84.1 * libopenssl-3-devel-3.0.8-150400.4.84.1 * openssl-3-debuginfo-3.0.8-150400.4.84.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl3-3.0.8-150400.4.84.1 * libopenssl3-debuginfo-3.0.8-150400.4.84.1 * openssl-3-3.0.8-150400.4.84.1 * openssl-3-debugsource-3.0.8-150400.4.84.1 * libopenssl-3-devel-3.0.8-150400.4.84.1 * openssl-3-debuginfo-3.0.8-150400.4.84.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libopenssl3-3.0.8-150400.4.84.1 * libopenssl3-debuginfo-3.0.8-150400.4.84.1 * openssl-3-3.0.8-150400.4.84.1 * openssl-3-debugsource-3.0.8-150400.4.84.1 * libopenssl-3-devel-3.0.8-150400.4.84.1 * openssl-3-debuginfo-3.0.8-150400.4.84.1 ## References: * https://www.suse.com/security/cve/CVE-2026-28390.html * https://bugzilla.suse.com/show_bug.cgi?id=1261678 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:40:54 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:40:54 -0000 Subject: SUSE-SU-2026:1428-1: important: Security update for bind Message-ID: <177644405494.6118.11330366378177126886@2ec35c3f4c39> # Security update for bind Announcement ID: SUSE-SU-2026:1428-1 Release Date: 2026-04-17T10:00:58Z Rating: important References: * bsc#1260805 Cross-References: * CVE-2026-1519 CVSS scores: * CVE-2026-1519 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-1519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for bind fixes the following issues: * CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1428=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1428=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1428=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1428=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1428=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * bind-9.16.50-150400.5.59.1 * bind-utils-9.16.50-150400.5.59.1 * bind-debuginfo-9.16.50-150400.5.59.1 * bind-utils-debuginfo-9.16.50-150400.5.59.1 * bind-debugsource-9.16.50-150400.5.59.1 * openSUSE Leap 15.4 (noarch) * python3-bind-9.16.50-150400.5.59.1 * bind-doc-9.16.50-150400.5.59.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * bind-9.16.50-150400.5.59.1 * bind-utils-9.16.50-150400.5.59.1 * bind-debuginfo-9.16.50-150400.5.59.1 * bind-utils-debuginfo-9.16.50-150400.5.59.1 * bind-debugsource-9.16.50-150400.5.59.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python3-bind-9.16.50-150400.5.59.1 * bind-doc-9.16.50-150400.5.59.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * bind-9.16.50-150400.5.59.1 * bind-utils-9.16.50-150400.5.59.1 * bind-debuginfo-9.16.50-150400.5.59.1 * bind-utils-debuginfo-9.16.50-150400.5.59.1 * bind-debugsource-9.16.50-150400.5.59.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python3-bind-9.16.50-150400.5.59.1 * bind-doc-9.16.50-150400.5.59.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * bind-9.16.50-150400.5.59.1 * bind-utils-9.16.50-150400.5.59.1 * bind-debuginfo-9.16.50-150400.5.59.1 * bind-utils-debuginfo-9.16.50-150400.5.59.1 * bind-debugsource-9.16.50-150400.5.59.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * python3-bind-9.16.50-150400.5.59.1 * bind-doc-9.16.50-150400.5.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * bind-9.16.50-150400.5.59.1 * bind-utils-9.16.50-150400.5.59.1 * bind-debuginfo-9.16.50-150400.5.59.1 * bind-utils-debuginfo-9.16.50-150400.5.59.1 * bind-debugsource-9.16.50-150400.5.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python3-bind-9.16.50-150400.5.59.1 * bind-doc-9.16.50-150400.5.59.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1519.html * https://bugzilla.suse.com/show_bug.cgi?id=1260805 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:40:58 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:40:58 -0000 Subject: SUSE-SU-2026:1427-1: moderate: Security update for NetworkManager Message-ID: <177644405825.6118.17094813223579872751@2ec35c3f4c39> # Security update for NetworkManager Announcement ID: SUSE-SU-2026:1427-1 Release Date: 2026-04-17T09:58:43Z Rating: moderate References: * bsc#1257359 Cross-References: * CVE-2025-9615 CVSS scores: * CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-9615 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Micro 5.5 An update that solves one vulnerability can now be installed. ## Description: This update for NetworkManager fixes the following issue: * CVE-2025-9615: Fixed non-admin user using others' certificates (bsc#1257359). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1427=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1427=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * NetworkManager-debuginfo-1.38.6-150500.3.5.1 * libnm0-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-bluetooth-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-debugsource-1.38.6-150500.3.5.1 * NetworkManager-wwan-1.38.6-150500.3.5.1 * NetworkManager-bluetooth-1.38.6-150500.3.5.1 * NetworkManager-cloud-setup-1.38.6-150500.3.5.1 * NetworkManager-devel-1.38.6-150500.3.5.1 * NetworkManager-pppoe-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-pppoe-1.38.6-150500.3.5.1 * NetworkManager-tui-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-cloud-setup-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-1.38.6-150500.3.5.1 * NetworkManager-tui-1.38.6-150500.3.5.1 * NetworkManager-wwan-debuginfo-1.38.6-150500.3.5.1 * typelib-1_0-NM-1_0-1.38.6-150500.3.5.1 * NetworkManager-ovs-debuginfo-1.38.6-150500.3.5.1 * libnm0-1.38.6-150500.3.5.1 * NetworkManager-ovs-1.38.6-150500.3.5.1 * openSUSE Leap 15.5 (noarch) * NetworkManager-lang-1.38.6-150500.3.5.1 * NetworkManager-branding-upstream-1.38.6-150500.3.5.1 * openSUSE Leap 15.5 (x86_64) * NetworkManager-devel-32bit-1.38.6-150500.3.5.1 * libnm0-32bit-debuginfo-1.38.6-150500.3.5.1 * libnm0-32bit-1.38.6-150500.3.5.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libnm0-64bit-1.38.6-150500.3.5.1 * libnm0-64bit-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-devel-64bit-1.38.6-150500.3.5.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * NetworkManager-debuginfo-1.38.6-150500.3.5.1 * libnm0-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-bluetooth-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-debugsource-1.38.6-150500.3.5.1 * NetworkManager-wwan-1.38.6-150500.3.5.1 * NetworkManager-bluetooth-1.38.6-150500.3.5.1 * NetworkManager-cloud-setup-1.38.6-150500.3.5.1 * NetworkManager-pppoe-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-pppoe-1.38.6-150500.3.5.1 * NetworkManager-tui-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-cloud-setup-debuginfo-1.38.6-150500.3.5.1 * NetworkManager-1.38.6-150500.3.5.1 * NetworkManager-tui-1.38.6-150500.3.5.1 * NetworkManager-wwan-debuginfo-1.38.6-150500.3.5.1 * typelib-1_0-NM-1_0-1.38.6-150500.3.5.1 * libnm0-1.38.6-150500.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9615.html * https://bugzilla.suse.com/show_bug.cgi?id=1257359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:41:04 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:41:04 -0000 Subject: SUSE-RU-2026:1426-1: important: Recommended update for grub2 Message-ID: <177644406474.6118.10188969308860868861@2ec35c3f4c39> # Recommended update for grub2 Announcement ID: SUSE-RU-2026:1426-1 Release Date: 2026-04-17T08:56:49Z Rating: important References: * bsc#1221126 * bsc#1249385 * bsc#1259543 Affected Products: * Basesystem Module 15-SP7 * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has three fixes can now be installed. ## Description: This update for grub2 fixes the following issues: * Fix missing install device check in grub2-install on PowerPC which could lead to bootlist corruption (bsc#1221126) * add mandatoryminstallmdevicemcheckmformPowerPC * Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385) * use net config for boot location instead of * Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543) * btrfs: add ability to boot from subvolumes * btrfs: get default subvolume ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1426=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1426=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * grub2-2.12-150700.19.29.1 * grub2-debuginfo-2.12-150700.19.29.1 * Basesystem Module 15-SP7 (noarch) * grub2-systemd-sleep-plugin-2.12-150700.19.29.1 * grub2-x86_64-efi-2.12-150700.19.29.1 * grub2-snapper-plugin-2.12-150700.19.29.1 * grub2-arm64-efi-2.12-150700.19.29.1 * grub2-i386-pc-2.12-150700.19.29.1 * grub2-powerpc-ieee1275-2.12-150700.19.29.1 * Basesystem Module 15-SP7 (aarch64 s390x x86_64) * grub2-debugsource-2.12-150700.19.29.1 * Basesystem Module 15-SP7 (s390x) * grub2-s390x-emu-2.12-150700.19.29.1 * Server Applications Module 15-SP7 (noarch) * grub2-x86_64-xen-2.12-150700.19.29.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1221126 * https://bugzilla.suse.com/show_bug.cgi?id=1249385 * https://bugzilla.suse.com/show_bug.cgi?id=1259543 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:41:07 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:41:07 -0000 Subject: SUSE-SU-2026:1425-1: moderate: Security update for polkit Message-ID: <177644406748.6118.1585707552005222733@2ec35c3f4c39> # Security update for polkit Announcement ID: SUSE-SU-2026:1425-1 Release Date: 2026-04-17T08:03:20Z Rating: moderate References: * bsc#1260859 Cross-References: * CVE-2026-4897 CVSS scores: * CVE-2026-4897 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4897 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4897 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for polkit fixes the following issue: * CVE-2026-4897: Fixed possible OOM condition via specially crafted input to `polkit-agent-helper-1` (bsc#1260859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1425=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * polkit-debugsource-0.113-5.35.1 * typelib-1_0-Polkit-1_0-0.113-5.35.1 * polkit-devel-debuginfo-0.113-5.35.1 * polkit-debuginfo-0.113-5.35.1 * libpolkit0-0.113-5.35.1 * libpolkit0-debuginfo-0.113-5.35.1 * polkit-0.113-5.35.1 * polkit-devel-0.113-5.35.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4897.html * https://bugzilla.suse.com/show_bug.cgi?id=1260859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:41:18 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:41:18 -0000 Subject: SUSE-SU-2026:1424-1: moderate: Security update for polkit Message-ID: <177644407871.6118.5943846572399067557@2ec35c3f4c39> # Security update for polkit Announcement ID: SUSE-SU-2026:1424-1 Release Date: 2026-04-17T08:03:11Z Rating: moderate References: * bsc#1260859 Cross-References: * CVE-2026-4897 CVSS scores: * CVE-2026-4897 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4897 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4897 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for polkit fixes the following issue: * CVE-2026-4897: Fixed possible OOM condition via specially crafted input to `polkit-agent-helper-1` (bsc#1260859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1424=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1424=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1424=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1424=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libpolkit-agent-1-0-debuginfo-121-150500.3.11.1 * polkit-121-150500.3.11.1 * libpolkit-gobject-1-0-debuginfo-121-150500.3.11.1 * polkit-debuginfo-121-150500.3.11.1 * polkit-debugsource-121-150500.3.11.1 * libpolkit-agent-1-0-121-150500.3.11.1 * libpolkit-gobject-1-0-121-150500.3.11.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libpolkit-agent-1-0-debuginfo-121-150500.3.11.1 * libpolkit-gobject-1-0-debuginfo-121-150500.3.11.1 * polkit-121-150500.3.11.1 * polkit-devel-121-150500.3.11.1 * polkit-debuginfo-121-150500.3.11.1 * typelib-1_0-Polkit-1_0-121-150500.3.11.1 * pkexec-121-150500.3.11.1 * pkexec-debuginfo-121-150500.3.11.1 * polkit-debugsource-121-150500.3.11.1 * polkit-devel-debuginfo-121-150500.3.11.1 * libpolkit-agent-1-0-121-150500.3.11.1 * libpolkit-gobject-1-0-121-150500.3.11.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libpolkit-agent-1-0-debuginfo-121-150500.3.11.1 * libpolkit-gobject-1-0-debuginfo-121-150500.3.11.1 * polkit-121-150500.3.11.1 * polkit-devel-121-150500.3.11.1 * polkit-debuginfo-121-150500.3.11.1 * typelib-1_0-Polkit-1_0-121-150500.3.11.1 * pkexec-121-150500.3.11.1 * pkexec-debuginfo-121-150500.3.11.1 * polkit-debugsource-121-150500.3.11.1 * polkit-devel-debuginfo-121-150500.3.11.1 * libpolkit-agent-1-0-121-150500.3.11.1 * libpolkit-gobject-1-0-121-150500.3.11.1 * openSUSE Leap 15.5 (x86_64) * libpolkit-agent-1-0-32bit-121-150500.3.11.1 * libpolkit-agent-1-0-32bit-debuginfo-121-150500.3.11.1 * libpolkit-gobject-1-0-32bit-121-150500.3.11.1 * libpolkit-gobject-1-0-32bit-debuginfo-121-150500.3.11.1 * openSUSE Leap 15.5 (noarch) * polkit-doc-121-150500.3.11.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libpolkit-gobject-1-0-64bit-121-150500.3.11.1 * libpolkit-agent-1-0-64bit-121-150500.3.11.1 * libpolkit-gobject-1-0-64bit-debuginfo-121-150500.3.11.1 * libpolkit-agent-1-0-64bit-debuginfo-121-150500.3.11.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libpolkit-agent-1-0-debuginfo-121-150500.3.11.1 * libpolkit-gobject-1-0-debuginfo-121-150500.3.11.1 * polkit-121-150500.3.11.1 * polkit-devel-121-150500.3.11.1 * polkit-debuginfo-121-150500.3.11.1 * typelib-1_0-Polkit-1_0-121-150500.3.11.1 * pkexec-121-150500.3.11.1 * pkexec-debuginfo-121-150500.3.11.1 * polkit-debugsource-121-150500.3.11.1 * polkit-devel-debuginfo-121-150500.3.11.1 * libpolkit-agent-1-0-121-150500.3.11.1 * libpolkit-gobject-1-0-121-150500.3.11.1 * openSUSE Leap 15.6 (x86_64) * libpolkit-agent-1-0-32bit-121-150500.3.11.1 * libpolkit-agent-1-0-32bit-debuginfo-121-150500.3.11.1 * libpolkit-gobject-1-0-32bit-121-150500.3.11.1 * libpolkit-gobject-1-0-32bit-debuginfo-121-150500.3.11.1 * openSUSE Leap 15.6 (noarch) * polkit-doc-121-150500.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4897.html * https://bugzilla.suse.com/show_bug.cgi?id=1260859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 16:41:40 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 16:41:40 -0000 Subject: SUSE-SU-2026:1423-1: important: Security update for podman Message-ID: <177644410075.6118.6468070972517358195@2ec35c3f4c39> # Security update for podman Announcement ID: SUSE-SU-2026:1423-1 Release Date: 2026-04-17T07:58:24Z Rating: important References: Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 An update that can now be installed. ## Description: This update for podman rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-1423=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2026-1423=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1423=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1423=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * podman-remote-4.9.5-150300.9.71.1 * podman-remote-debuginfo-4.9.5-150300.9.71.1 * podman-4.9.5-150300.9.71.1 * podman-debuginfo-4.9.5-150300.9.71.1 * podmansh-4.9.5-150300.9.71.1 * openSUSE Leap 15.3 (noarch) * podman-docker-4.9.5-150300.9.71.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * podman-4.9.5-150300.9.71.1 * podman-debuginfo-4.9.5-150300.9.71.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * podman-remote-4.9.5-150300.9.71.1 * podman-4.9.5-150300.9.71.1 * podman-debuginfo-4.9.5-150300.9.71.1 * podman-remote-debuginfo-4.9.5-150300.9.71.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * podman-remote-4.9.5-150300.9.71.1 * podman-4.9.5-150300.9.71.1 * podman-debuginfo-4.9.5-150300.9.71.1 * podman-remote-debuginfo-4.9.5-150300.9.71.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 20:30:11 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 20:30:11 -0000 Subject: SUSE-SU-2026:1443-1: moderate: Security update for NetworkManager Message-ID: <177645781130.7345.15796262052163565451@5d6d53449fb2> # Security update for NetworkManager Announcement ID: SUSE-SU-2026:1443-1 Release Date: 2026-04-17T14:40:59Z Rating: moderate References: * bsc#1225498 * bsc#1257359 Cross-References: * CVE-2025-9615 CVSS scores: * CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-9615 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for NetworkManager fixes the following issue: Security fixes: * CVE-2025-9615: Fixed non-admin user using others' certificates (bsc#1257359). Other fixes: * Don't renew DHCP lease when software devices' MAC is empty (bsc#1225498). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1443=1 openSUSE-SLE-15.6-2026-1443=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1443=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1443=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1443=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * NetworkManager-wwan-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-debugsource-1.44.2-150600.3.7.1 * NetworkManager-ovs-1.44.2-150600.3.7.1 * NetworkManager-ovs-debuginfo-1.44.2-150600.3.7.1 * libnm0-1.44.2-150600.3.7.1 * libnm0-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-tui-debuginfo-1.44.2-150600.3.7.1 * typelib-1_0-NM-1_0-1.44.2-150600.3.7.1 * NetworkManager-cloud-setup-1.44.2-150600.3.7.1 * NetworkManager-wwan-1.44.2-150600.3.7.1 * NetworkManager-1.44.2-150600.3.7.1 * NetworkManager-bluetooth-1.44.2-150600.3.7.1 * NetworkManager-cloud-setup-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-pppoe-1.44.2-150600.3.7.1 * NetworkManager-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-tui-1.44.2-150600.3.7.1 * NetworkManager-bluetooth-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-devel-1.44.2-150600.3.7.1 * NetworkManager-pppoe-debuginfo-1.44.2-150600.3.7.1 * openSUSE Leap 15.6 (noarch) * NetworkManager-lang-1.44.2-150600.3.7.1 * NetworkManager-branding-upstream-1.44.2-150600.3.7.1 * openSUSE Leap 15.6 (x86_64) * NetworkManager-devel-32bit-1.44.2-150600.3.7.1 * libnm0-32bit-debuginfo-1.44.2-150600.3.7.1 * libnm0-32bit-1.44.2-150600.3.7.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libnm0-64bit-1.44.2-150600.3.7.1 * NetworkManager-devel-64bit-1.44.2-150600.3.7.1 * libnm0-64bit-debuginfo-1.44.2-150600.3.7.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * NetworkManager-debugsource-1.44.2-150600.3.7.1 * libnm0-1.44.2-150600.3.7.1 * libnm0-debuginfo-1.44.2-150600.3.7.1 * typelib-1_0-NM-1_0-1.44.2-150600.3.7.1 * NetworkManager-debuginfo-1.44.2-150600.3.7.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * NetworkManager-wwan-1.44.2-150600.3.7.1 * NetworkManager-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-debugsource-1.44.2-150600.3.7.1 * NetworkManager-1.44.2-150600.3.7.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * NetworkManager-wwan-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-debugsource-1.44.2-150600.3.7.1 * NetworkManager-tui-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-cloud-setup-1.44.2-150600.3.7.1 * NetworkManager-wwan-1.44.2-150600.3.7.1 * NetworkManager-pppoe-1.44.2-150600.3.7.1 * NetworkManager-bluetooth-1.44.2-150600.3.7.1 * NetworkManager-cloud-setup-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-tui-1.44.2-150600.3.7.1 * NetworkManager-bluetooth-debuginfo-1.44.2-150600.3.7.1 * NetworkManager-devel-1.44.2-150600.3.7.1 * NetworkManager-pppoe-debuginfo-1.44.2-150600.3.7.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * NetworkManager-lang-1.44.2-150600.3.7.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9615.html * https://bugzilla.suse.com/show_bug.cgi?id=1225498 * https://bugzilla.suse.com/show_bug.cgi?id=1257359 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 20:30:24 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 20:30:24 -0000 Subject: SUSE-SU-2026:1442-1: moderate: Security update for avahi Message-ID: <177645782448.7345.14430436069902809575@5d6d53449fb2> # Security update for avahi Announcement ID: SUSE-SU-2026:1442-1 Release Date: 2026-04-17T14:19:07Z Rating: moderate References: * bsc#1257235 Cross-References: * CVE-2026-24401 CVSS scores: * CVE-2026-24401 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for avahi fixes the following issue: * CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record (bsc#1257235). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1442=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libavahi-common3-32bit-0.6.32-32.39.1 * avahi-utils-0.6.32-32.39.1 * libavahi-client3-debuginfo-32bit-0.6.32-32.39.1 * avahi-0.6.32-32.39.1 * avahi-debugsource-0.6.32-32.39.1 * avahi-compat-mDNSResponder-devel-0.6.32-32.39.1 * libavahi-common3-debuginfo-32bit-0.6.32-32.39.1 * avahi-compat-howl-devel-0.6.32-32.39.1 * libavahi-client3-0.6.32-32.39.1 * libavahi-common3-0.6.32-32.39.1 * libdns_sd-debuginfo-0.6.32-32.39.1 * libavahi-common3-debuginfo-0.6.32-32.39.1 * libavahi-core7-0.6.32-32.39.1 * libdns_sd-debuginfo-32bit-0.6.32-32.39.1 * avahi-debuginfo-0.6.32-32.39.1 * avahi-debuginfo-32bit-0.6.32-32.39.1 * libavahi-devel-0.6.32-32.39.1 * libavahi-client3-debuginfo-0.6.32-32.39.1 * libavahi-core7-debuginfo-0.6.32-32.39.1 * libdns_sd-0.6.32-32.39.1 * libdns_sd-32bit-0.6.32-32.39.1 * avahi-utils-debuginfo-0.6.32-32.39.1 * libavahi-client3-32bit-0.6.32-32.39.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * avahi-lang-0.6.32-32.39.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24401.html * https://bugzilla.suse.com/show_bug.cgi?id=1257235 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 20:30:28 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 20:30:28 -0000 Subject: SUSE-SU-2026:1441-1: moderate: Security update for avahi Message-ID: <177645782829.7345.15081835246374246095@5d6d53449fb2> # Security update for avahi Announcement ID: SUSE-SU-2026:1441-1 Release Date: 2026-04-17T14:18:38Z Rating: moderate References: * bsc#1257235 Cross-References: * CVE-2026-24401 CVSS scores: * CVE-2026-24401 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24401 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for avahi fixes the following issue: * CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record (bsc#1257235). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1441=1 openSUSE-SLE-15.6-2026-1441=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1441=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1441=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1441=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libavahi-glib-devel-0.8-150600.15.15.1 * avahi-qt5-debugsource-0.8-150600.15.15.1 * libavahi-common3-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-debuginfo-0.8-150600.15.15.1 * python3-avahi-gtk-0.8-150600.15.15.1 * avahi-0.8-150600.15.15.1 * libdns_sd-0.8-150600.15.15.1 * avahi-utils-debuginfo-0.8-150600.15.15.1 * libavahi-qt5-1-0.8-150600.15.15.1 * libavahi-libevent1-debuginfo-0.8-150600.15.15.1 * avahi-utils-gtk-0.8-150600.15.15.1 * avahi-debugsource-0.8-150600.15.15.1 * libavahi-gobject0-0.8-150600.15.15.1 * avahi-compat-howl-devel-0.8-150600.15.15.1 * libhowl0-0.8-150600.15.15.1 * avahi-autoipd-0.8-150600.15.15.1 * python3-avahi-0.8-150600.15.15.1 * libavahi-libevent1-0.8-150600.15.15.1 * libavahi-qt5-1-debuginfo-0.8-150600.15.15.1 * libavahi-qt5-devel-0.8-150600.15.15.1 * libavahi-ui-gtk3-0-0.8-150600.15.15.1 * libavahi-common3-0.8-150600.15.15.1 * typelib-1_0-Avahi-0_6-0.8-150600.15.15.1 * libavahi-client3-0.8-150600.15.15.1 * avahi-utils-gtk-debuginfo-0.8-150600.15.15.1 * avahi-utils-0.8-150600.15.15.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150600.15.15.1 * avahi-autoipd-debuginfo-0.8-150600.15.15.1 * libdns_sd-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-0.8-150600.15.15.1 * libavahi-gobject0-debuginfo-0.8-150600.15.15.1 * avahi-compat-mDNSResponder-devel-0.8-150600.15.15.1 * libavahi-core7-0.8-150600.15.15.1 * avahi-glib2-debugsource-0.8-150600.15.15.1 * libavahi-core7-debuginfo-0.8-150600.15.15.1 * libavahi-client3-debuginfo-0.8-150600.15.15.1 * libavahi-devel-0.8-150600.15.15.1 * libavahi-gobject-devel-0.8-150600.15.15.1 * libhowl0-debuginfo-0.8-150600.15.15.1 * avahi-debuginfo-0.8-150600.15.15.1 * openSUSE Leap 15.6 (x86_64) * libavahi-glib1-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-32bit-0.8-150600.15.15.1 * avahi-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-32bit-0.8-150600.15.15.1 * libdns_sd-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-32bit-0.8-150600.15.15.1 * libdns_sd-32bit-0.8-150600.15.15.1 * openSUSE Leap 15.6 (noarch) * avahi-lang-0.8-150600.15.15.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libavahi-glib1-64bit-0.8-150600.15.15.1 * avahi-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-64bit-0.8-150600.15.15.1 * libdns_sd-64bit-0.8-150600.15.15.1 * libdns_sd-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-64bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-64bit-0.8-150600.15.15.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libavahi-glib-devel-0.8-150600.15.15.1 * libavahi-common3-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-debuginfo-0.8-150600.15.15.1 * avahi-0.8-150600.15.15.1 * libdns_sd-0.8-150600.15.15.1 * avahi-utils-debuginfo-0.8-150600.15.15.1 * libavahi-libevent1-debuginfo-0.8-150600.15.15.1 * libavahi-gobject0-0.8-150600.15.15.1 * avahi-debugsource-0.8-150600.15.15.1 * avahi-compat-howl-devel-0.8-150600.15.15.1 * libhowl0-0.8-150600.15.15.1 * libavahi-libevent1-0.8-150600.15.15.1 * libavahi-ui-gtk3-0-0.8-150600.15.15.1 * libavahi-common3-0.8-150600.15.15.1 * typelib-1_0-Avahi-0_6-0.8-150600.15.15.1 * libavahi-client3-0.8-150600.15.15.1 * avahi-utils-0.8-150600.15.15.1 * libavahi-ui-gtk3-0-debuginfo-0.8-150600.15.15.1 * libdns_sd-debuginfo-0.8-150600.15.15.1 * libavahi-glib1-0.8-150600.15.15.1 * libavahi-gobject0-debuginfo-0.8-150600.15.15.1 * avahi-compat-mDNSResponder-devel-0.8-150600.15.15.1 * libavahi-core7-0.8-150600.15.15.1 * avahi-glib2-debugsource-0.8-150600.15.15.1 * libavahi-core7-debuginfo-0.8-150600.15.15.1 * libavahi-client3-debuginfo-0.8-150600.15.15.1 * libavahi-devel-0.8-150600.15.15.1 * libhowl0-debuginfo-0.8-150600.15.15.1 * avahi-debuginfo-0.8-150600.15.15.1 * Basesystem Module 15-SP7 (noarch) * avahi-lang-0.8-150600.15.15.1 * Basesystem Module 15-SP7 (x86_64) * libavahi-common3-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-client3-32bit-0.8-150600.15.15.1 * avahi-32bit-debuginfo-0.8-150600.15.15.1 * libavahi-common3-32bit-0.8-150600.15.15.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * avahi-glib2-debugsource-0.8-150600.15.15.1 * avahi-autoipd-0.8-150600.15.15.1 * libavahi-gobject-devel-0.8-150600.15.15.1 * avahi-utils-gtk-debuginfo-0.8-150600.15.15.1 * avahi-debuginfo-0.8-150600.15.15.1 * avahi-autoipd-debuginfo-0.8-150600.15.15.1 * avahi-utils-gtk-0.8-150600.15.15.1 * avahi-debugsource-0.8-150600.15.15.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * avahi-debugsource-0.8-150600.15.15.1 * python3-avahi-0.8-150600.15.15.1 * avahi-debuginfo-0.8-150600.15.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24401.html * https://bugzilla.suse.com/show_bug.cgi?id=1257235 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 20:30:52 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 20:30:52 -0000 Subject: SUSE-SU-2026:1440-1: moderate: Security update for openvswitch3 Message-ID: <177645785261.7345.11887301279726021368@5d6d53449fb2> # Security update for openvswitch3 Announcement ID: SUSE-SU-2026:1440-1 Release Date: 2026-04-17T13:44:11Z Rating: moderate References: * bsc#1261273 Cross-References: * CVE-2026-34956 CVSS scores: * CVE-2026-34956 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34956 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Micro 5.5 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch3 fixes the following issues: * CVE-2026-34956: invalid memory access via crafted FTP payloads in userspace conntrack flows specifying the FTP alg handler (bsc#1261273). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1440=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1440=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * openvswitch3-pki-3.1.7-150500.3.28.1 * ovn3-host-debuginfo-23.03.3-150500.3.28.1 * openvswitch3-vtep-debuginfo-3.1.7-150500.3.28.1 * ovn3-devel-23.03.3-150500.3.28.1 * openvswitch3-test-debuginfo-3.1.7-150500.3.28.1 * openvswitch3-ipsec-3.1.7-150500.3.28.1 * ovn3-23.03.3-150500.3.28.1 * python3-ovs3-3.1.7-150500.3.28.1 * openvswitch3-debuginfo-3.1.7-150500.3.28.1 * ovn3-central-debuginfo-23.03.3-150500.3.28.1 * openvswitch3-test-3.1.7-150500.3.28.1 * ovn3-central-23.03.3-150500.3.28.1 * openvswitch3-3.1.7-150500.3.28.1 * openvswitch3-debugsource-3.1.7-150500.3.28.1 * libovn-23_03-0-debuginfo-23.03.3-150500.3.28.1 * ovn3-vtep-23.03.3-150500.3.28.1 * ovn3-vtep-debuginfo-23.03.3-150500.3.28.1 * libopenvswitch-3_1-0-3.1.7-150500.3.28.1 * openvswitch3-devel-3.1.7-150500.3.28.1 * openvswitch3-vtep-3.1.7-150500.3.28.1 * ovn3-docker-23.03.3-150500.3.28.1 * libovn-23_03-0-23.03.3-150500.3.28.1 * libopenvswitch-3_1-0-debuginfo-3.1.7-150500.3.28.1 * ovn3-host-23.03.3-150500.3.28.1 * ovn3-debuginfo-23.03.3-150500.3.28.1 * openSUSE Leap 15.5 (noarch) * ovn3-doc-23.03.3-150500.3.28.1 * openvswitch3-doc-3.1.7-150500.3.28.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * openvswitch3-debuginfo-3.1.7-150500.3.28.1 * ovn3-central-debuginfo-23.03.3-150500.3.28.1 * openvswitch3-pki-3.1.7-150500.3.28.1 * libopenvswitch-3_1-0-3.1.7-150500.3.28.1 * ovn3-debuginfo-23.03.3-150500.3.28.1 * ovn3-docker-23.03.3-150500.3.28.1 * libovn-23_03-0-23.03.3-150500.3.28.1 * ovn3-vtep-23.03.3-150500.3.28.1 * python3-ovs3-3.1.7-150500.3.28.1 * ovn3-host-debuginfo-23.03.3-150500.3.28.1 * libopenvswitch-3_1-0-debuginfo-3.1.7-150500.3.28.1 * ovn3-central-23.03.3-150500.3.28.1 * ovn3-host-23.03.3-150500.3.28.1 * openvswitch3-vtep-debuginfo-3.1.7-150500.3.28.1 * openvswitch3-3.1.7-150500.3.28.1 * openvswitch3-debugsource-3.1.7-150500.3.28.1 * libovn-23_03-0-debuginfo-23.03.3-150500.3.28.1 * openvswitch3-vtep-3.1.7-150500.3.28.1 * ovn3-vtep-debuginfo-23.03.3-150500.3.28.1 * ovn3-23.03.3-150500.3.28.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34956.html * https://bugzilla.suse.com/show_bug.cgi?id=1261273 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 20:31:00 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 20:31:00 -0000 Subject: SUSE-SU-2026:1439-1: moderate: Security update for openvswitch Message-ID: <177645786050.7345.14974413027755460969@5d6d53449fb2> # Security update for openvswitch Announcement ID: SUSE-SU-2026:1439-1 Release Date: 2026-04-17T13:43:32Z Rating: moderate References: * bsc#1261273 Cross-References: * CVE-2026-34956 CVSS scores: * CVE-2026-34956 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34956 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Server Applications Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issue: Security updates: * CVE-2026-34956: Invalid memory access in conntrack FTP alg (bsc#1261273). Other updates: * Update openvswitch to 3.5.4 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1439=1 * Server Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-1439=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * python3-openvswitch-3.5.4-150700.41.15.1 * openvswitch-debuginfo-3.5.4-150700.41.15.1 * openvswitch-debugsource-3.5.4-150700.41.15.1 * python3-openvswitch-debuginfo-3.5.4-150700.41.15.1 * Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libopenvswitch-3_5-0-debuginfo-3.5.4-150700.41.15.1 * openvswitch-vtep-debuginfo-3.5.4-150700.41.15.1 * openvswitch-vtep-3.5.4-150700.41.15.1 * libovn-25_03-0-25.03.2-150700.41.15.1 * ovn-central-25.03.2-150700.41.15.1 * openvswitch-ipsec-3.5.4-150700.41.15.1 * ovn-host-debuginfo-25.03.2-150700.41.15.1 * libovn-25_03-0-debuginfo-25.03.2-150700.41.15.1 * ovn-central-debuginfo-25.03.2-150700.41.15.1 * ovn-vtep-25.03.2-150700.41.15.1 * openvswitch-test-debuginfo-3.5.4-150700.41.15.1 * python3-openvswitch-3.5.4-150700.41.15.1 * ovn-25.03.2-150700.41.15.1 * openvswitch-devel-3.5.4-150700.41.15.1 * libopenvswitch-3_5-0-3.5.4-150700.41.15.1 * openvswitch-3.5.4-150700.41.15.1 * python3-openvswitch-debuginfo-3.5.4-150700.41.15.1 * ovn-debuginfo-25.03.2-150700.41.15.1 * openvswitch-debuginfo-3.5.4-150700.41.15.1 * openvswitch-debugsource-3.5.4-150700.41.15.1 * ovn-docker-25.03.2-150700.41.15.1 * openvswitch-pki-3.5.4-150700.41.15.1 * ovn-vtep-debuginfo-25.03.2-150700.41.15.1 * ovn-devel-25.03.2-150700.41.15.1 * openvswitch-test-3.5.4-150700.41.15.1 * ovn-host-25.03.2-150700.41.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34956.html * https://bugzilla.suse.com/show_bug.cgi?id=1261273 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 20:31:05 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 20:31:05 -0000 Subject: SUSE-SU-2026:1438-1: important: Security update for libraw Message-ID: <177645786584.7345.9881350982260228153@5d6d53449fb2> # Security update for libraw Announcement ID: SUSE-SU-2026:1438-1 Release Date: 2026-04-17T13:39:26Z Rating: important References: * bsc#1261673 * bsc#1261674 * bsc#1261676 Cross-References: * CVE-2026-20911 * CVE-2026-21413 * CVE-2026-24660 CVSS scores: * CVE-2026-20911 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-20911 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-20911 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-21413 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-21413 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-21413 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24660 ( SUSE ): 7.5 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-24660 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-24660 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24660 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for libraw fixes the following issues: * CVE-2026-20911: heap-based buffer overflow in `HuffTable::initval`(bsc#1261673). * CVE-2026-21413: heap-based buffer overflow in `lossless_jpeg_load_raw` (bsc#1261674). * CVE-2026-24660: heap-based buffer overflow in `x3f_load_huffman` (bsc#1261676). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1438=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * libraw16-debuginfo-0.18.9-150000.3.33.1 * libraw-debugsource-0.18.9-150000.3.33.1 * libraw-debuginfo-0.18.9-150000.3.33.1 * libraw16-0.18.9-150000.3.33.1 ## References: * https://www.suse.com/security/cve/CVE-2026-20911.html * https://www.suse.com/security/cve/CVE-2026-21413.html * https://www.suse.com/security/cve/CVE-2026-24660.html * https://bugzilla.suse.com/show_bug.cgi?id=1261673 * https://bugzilla.suse.com/show_bug.cgi?id=1261674 * https://bugzilla.suse.com/show_bug.cgi?id=1261676 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 20:31:08 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 20:31:08 -0000 Subject: SUSE-RU-2026:1437-1: moderate: Recommended update for ktls-utils Message-ID: <177645786868.7345.16394530389200122449@5d6d53449fb2> # Recommended update for ktls-utils Announcement ID: SUSE-RU-2026:1437-1 Release Date: 2026-04-17T13:10:29Z Rating: moderate References: * bsc#1258084 Affected Products: * Basesystem Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has one fix can now be installed. ## Description: This update for ktls-utils fixes the following issues: * tlshd: * fixup compile errors with HAVE_GNUTLS_PSK_ALLOCATE_CREDENTIALS2 * use gnutls_psk_allocate_{client,server}_credentials2 (bsc#1258084) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1437=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ktls-utils-debuginfo-0.10+35.gb3f7e30-150700.3.3.1 * ktls-utils-debugsource-0.10+35.gb3f7e30-150700.3.3.1 * ktls-utils-0.10+35.gb3f7e30-150700.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1258084 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Fri Apr 17 20:31:11 2026 From: null at suse.de (SLE-UPDATES) Date: Fri, 17 Apr 2026 20:31:11 -0000 Subject: SUSE-SU-2026:1436-1: moderate: Security update for python-ecdsa Message-ID: <177645787122.7345.307034710795398280@5d6d53449fb2> # Security update for python-ecdsa Announcement ID: SUSE-SU-2026:1436-1 Release Date: 2026-04-17T12:51:37Z Rating: moderate References: * bsc#1261009 Cross-References: * CVE-2026-33936 CVSS scores: * CVE-2026-33936 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-33936 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33936 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python-ecdsa fixes the following issues: * CVE-2026-33936: issue in the low-level DER parsing functions can cause unexpected exceptions to be raised from the public API functions (bsc#1261009). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1436=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1436=1 * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1436=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-ecdsa-0.18.0-150400.12.6.1 * openSUSE Leap 15.6 (noarch) * python311-ecdsa-0.18.0-150400.12.6.1 * Python 3 Module 15-SP7 (noarch) * python311-ecdsa-0.18.0-150400.12.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33936.html * https://bugzilla.suse.com/show_bug.cgi?id=1261009 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 08:30:07 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 08:30:07 -0000 Subject: SUSE-SU-2026:1458-1: important: Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7) Message-ID: <177667380746.8401.9524715511152329302@5d6d53449fb2> # Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1458-1 Release Date: 2026-04-19T19:34:11Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.19 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1458=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1457=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP7_Update_0-debugsource-14-150700.3.39.1 * kernel-livepatch-6_4_0-150700_51-default-debuginfo-14-150700.3.39.1 * kernel-livepatch-6_4_0-150700_51-default-14-150700.3.39.1 * kernel-livepatch-6_4_0-150700_53_19-default-6-150700.2.1 * kernel-livepatch-6_4_0-150700_53_19-default-debuginfo-6-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_5-debugsource-6-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 08:30:11 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 08:30:11 -0000 Subject: SUSE-SU-2026:1456-1: important: Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7) Message-ID: <177667381194.8401.12831841363515191618@5d6d53449fb2> # Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1456-1 Release Date: 2026-04-19T15:34:16Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.6 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1456=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_6-default-debuginfo-13-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_2-debugsource-13-150700.2.1 * kernel-livepatch-6_4_0-150700_53_6-default-13-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 08:30:18 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 08:30:18 -0000 Subject: SUSE-SU-2026:21136-1: important: Security update for vim Message-ID: <177667381872.8401.11924423388035273550@5d6d53449fb2> # Security update for vim Announcement ID: SUSE-SU-2026:21136-1 Release Date: 2026-04-15T08:17:29Z Rating: important References: * bsc#1259985 * bsc#1261191 * bsc#1261271 Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.2 * SUSE Linux Micro Extras 6.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * CVE-2026-33412: command injection via newline in glob() (bsc#1259985). * CVE-2026-34714: crafted file can allow code execution (bsc#1261191). * CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.2 zypper in -t patch SUSE-SLE-Micro-Extras-6.2-563=1 ## Package List: * SUSE Linux Micro Extras 6.2 (aarch64 ppc64le s390x x86_64) * vim-9.2.0280-160000.1.1 * vim-debugsource-9.2.0280-160000.1.1 * xxd-9.2.0280-160000.1.1 * vim-debuginfo-9.2.0280-160000.1.1 * xxd-debuginfo-9.2.0280-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://bugzilla.suse.com/show_bug.cgi?id=1259985 * https://bugzilla.suse.com/show_bug.cgi?id=1261191 * https://bugzilla.suse.com/show_bug.cgi?id=1261271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 08:30:21 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 08:30:21 -0000 Subject: SUSE-RU-2026:21135-1: moderate: Recommended update for update-bootloader Message-ID: <177667382183.8401.15312180782128721996@5d6d53449fb2> # Recommended update for update-bootloader Announcement ID: SUSE-RU-2026:21135-1 Release Date: 2026-04-16T11:09:20Z Rating: moderate References: * bsc#1246013 * jsc#PED-14833 Affected Products: * SUSE Linux Micro 6.2 An update that contains one feature and has one fix can now be installed. ## Description: This update for update-bootloader fixes the following issues: * Upgrade to version 1.27: * adjust spec file for immutable mode: switch to using * systemd-tmpfiles (jsc#PED-14833) * Upgrade to version 1.26: * adjust test cases * Implement config for BLS (bsc#1246013) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-574=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * update-bootloader-1.27-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1246013 * https://jira.suse.com/browse/PED-14833 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 08:30:29 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 08:30:29 -0000 Subject: SUSE-SU-2026:21134-1: important: Security update for vim Message-ID: <177667382972.8401.14485211741235784946@5d6d53449fb2> # Security update for vim Announcement ID: SUSE-SU-2026:21134-1 Release Date: 2026-04-15T08:15:55Z Rating: important References: * bsc#1259985 * bsc#1261191 * bsc#1261271 Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * CVE-2026-33412: command injection via newline in glob() (bsc#1259985). * CVE-2026-34714: crafted file can allow code execution (bsc#1261191). * CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-563=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * vim-data-common-9.2.0280-160000.1.1 * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.2.0280-160000.1.1 * vim-small-debuginfo-9.2.0280-160000.1.1 * vim-small-9.2.0280-160000.1.1 * vim-debuginfo-9.2.0280-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://bugzilla.suse.com/show_bug.cgi?id=1259985 * https://bugzilla.suse.com/show_bug.cgi?id=1261191 * https://bugzilla.suse.com/show_bug.cgi?id=1261271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 08:30:30 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 08:30:30 -0000 Subject: SUSE-RU-2026:21133-1: moderate: Recommended update for python-gcemetadata, regionServiceClientConfigGCE Message-ID: <177667383098.8401.3361088014451758654@5d6d53449fb2> # Recommended update for python-gcemetadata, regionServiceClientConfigGCE Announcement ID: SUSE-RU-2026:21133-1 Release Date: 2026-04-15T07:29:20Z Rating: moderate References: * jsc#PED-8944 Affected Products: * SUSE Linux Micro 6.2 An update that contains one feature can now be installed. ## Description: This update for python-gcemetadata, regionServiceClientConfigGCE fixes the following issues: Changes in python-gcemetadata: * Update to version 1.1.0 (jsc#PED-8944) * Add licenses option in identity command. * Switch the SLE 15 build setup to also use a macro instead of referencing in SLE 16 and later distributions and Python 3.11 for SLE 15 SP4 and Changes in regionServiceClientConfigGCE: * Update to version 5.2.0: * Drop the if condition for gcemetdata requirement * Update to version 5.1.0: * Add licenses info in the metdata * Accomodate build setup: * SLE 16 python-requests requires SSL v3 certificates. Update 2 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-562=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * regionServiceClientConfigGCE-5.2.0-160000.1.1 * python-gcemetadata-1.1.0-160000.1.1 ## References: * https://jira.suse.com/browse/PED-8944 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 08:30:33 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 08:30:33 -0000 Subject: SUSE-SU-2026:1454-1: important: Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise 15 SP7) Message-ID: <177667383380.8401.15147852105287717084@5d6d53449fb2> # Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1454-1 Release Date: 2026-04-18T05:35:00Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.28 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1454=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1455=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-6_4_0-150700_7_28-rt-debuginfo-4-150700.2.1 * kernel-livepatch-6_4_0-150700_7_28-rt-4-150700.2.1 * kernel-livepatch-6_4_0-150700_7_25-rt-debuginfo-4-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_7-debugsource-4-150700.2.1 * kernel-livepatch-6_4_0-150700_7_25-rt-4-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_8-debugsource-4-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 08:30:38 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 08:30:38 -0000 Subject: SUSE-SU-2026:1447-1: important: Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 15 SP7) Message-ID: <177667383823.8401.17520227073108733372@5d6d53449fb2> # Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1447-1 Release Date: 2026-04-18T05:34:54Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.22 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1453=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1447=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-1448=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1449=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1450=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-1451=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-1452=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-SLE15-SP7-RT_Update_5-debugsource-6-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_3-debugsource-9-150700.2.1 * kernel-livepatch-6_4_0-150700_7_8-rt-debuginfo-13-150700.2.1 * kernel-livepatch-6_4_0-150700_5-rt-debuginfo-14-150700.3.1 * kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource-9-150700.2.1 * kernel-livepatch-6_4_0-150700_7_3-rt-14-150700.2.1 * kernel-livepatch-6_4_0-150700_7_19-rt-debuginfo-6-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_1-debugsource-14-150700.2.1 * kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo-9-150700.2.1 * kernel-livepatch-6_4_0-150700_7_22-rt-debuginfo-5-150700.2.1 * kernel-livepatch-6_4_0-150700_7_8-rt-13-150700.2.1 * kernel-livepatch-6_4_0-150700_7_22-rt-5-150700.2.1 * kernel-livepatch-6_4_0-150700_5-rt-14-150700.3.1 * kernel-livepatch-SLE15-SP7-RT_Update_2-debugsource-13-150700.2.1 * kernel-livepatch-6_4_0-150700_7_3-rt-debuginfo-14-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_6-debugsource-5-150700.2.1 * kernel-livepatch-6_4_0-150700_7_16-rt-9-150700.2.1 * kernel-livepatch-SLE15-SP7-RT_Update_0-debugsource-14-150700.3.1 * kernel-livepatch-6_4_0-150700_7_13-rt-9-150700.2.1 * kernel-livepatch-6_4_0-150700_7_19-rt-6-150700.2.1 * kernel-livepatch-6_4_0-150700_7_13-rt-debuginfo-9-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 08:30:41 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 08:30:41 -0000 Subject: SUSE-SU-2026:1444-1: important: Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Message-ID: <177667384129.8401.17013946058722145047@5d6d53449fb2> # Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1444-1 Release Date: 2026-04-17T18:34:25Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.31 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1444=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-SLE15-SP7-RT_Update_9-debugsource-3-150700.2.1 * kernel-livepatch-6_4_0-150700_7_31-rt-debuginfo-3-150700.2.1 * kernel-livepatch-6_4_0-150700_7_31-rt-3-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 12:30:10 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 12:30:10 -0000 Subject: SUSE-SU-2026:1463-1: important: Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6) Message-ID: <177668821016.7097.15916607316263181262@4d3cf67d624c> # Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1463-1 Release Date: 2026-04-20T06:34:20Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.53 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1463=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1463=1 ## Package List: * openSUSE Leap 15.6 (x86_64) * kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-15-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_12-debugsource-15-150600.2.1 * kernel-livepatch-6_4_0-150600_23_53-default-15-150600.2.1 * openSUSE Leap 15.6 (ppc64le s390x) * kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-15-150600.2.2 * kernel-livepatch-6_4_0-150600_23_53-default-15-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_12-debugsource-15-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x) * kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-15-150600.2.2 * kernel-livepatch-6_4_0-150600_23_53-default-15-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_12-debugsource-15-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-15-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_12-debugsource-15-150600.2.1 * kernel-livepatch-6_4_0-150600_23_53-default-15-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 12:30:15 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 12:30:15 -0000 Subject: SUSE-SU-2026:1464-1: important: Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5) Message-ID: <177668821525.7097.16112193257713983672@4d3cf67d624c> # Security update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5) Announcement ID: SUSE-SU-2026:1464-1 Release Date: 2026-04-20T07:34:17Z Rating: important References: * bsc#1258396 * bsc#1259859 Cross-References: * CVE-2026-23191 * CVE-2026-23268 CVSS scores: * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.136 fixes various security issues The following security issues were fixed: * CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1459=1 SUSE-SLE- Module-Live-Patching-15-SP5-2026-1460=1 SUSE-SLE-Module-Live- Patching-15-SP5-2026-1462=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1460=1 SUSE-2026-1462=1 SUSE-2026-1459=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1464=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1464=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-15-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_33-debugsource-5-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_35-debugsource-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-15-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_28-debugsource-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_130-default-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_136-default-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-4-150500.2.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP5_Update_35-debugsource-4-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_33-debugsource-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_113-default-15-150500.2.1 * kernel-livepatch-SLE15-SP5_Update_28-debugsource-15-150500.2.1 * kernel-livepatch-5_14_21-150500_55_130-default-5-150500.2.1 * kernel-livepatch-5_14_21-150500_55_136-default-4-150500.2.1 * kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-4-150500.2.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-15-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_42-debugsource-15-150400.2.1 * kernel-livepatch-5_14_21-150400_24_170-default-15-150400.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-15-150400.2.1 * kernel-livepatch-SLE15-SP4_Update_42-debugsource-15-150400.2.1 * kernel-livepatch-5_14_21-150400_24_170-default-15-150400.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23191.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1258396 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 12:30:19 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 12:30:19 -0000 Subject: SUSE-SU-2026:1461-1: low: Security update for jetty-minimal Message-ID: <177668821901.7097.16014104113421363399@4d3cf67d624c> # Security update for jetty-minimal Announcement ID: SUSE-SU-2026:1461-1 Release Date: 2026-04-20T05:47:00Z Rating: low References: * bsc#1259242 Cross-References: * CVE-2025-11143 CVSS scores: * CVE-2025-11143 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-11143 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2025-11143 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2025-11143 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for jetty-minimal fixes the following issues: * CVE-2025-11143: Fixed different parsing of invalid URIs (bsc#1259242). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1461=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1461=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1461=1 ## Package List: * openSUSE Leap 15.6 (noarch) * jetty-jsp-9.4.58-150200.3.37.1 * jetty-javax-websocket-client-impl-9.4.58-150200.3.37.1 * jetty-minimal-javadoc-9.4.58-150200.3.37.1 * jetty-start-9.4.58-150200.3.37.1 * jetty-security-9.4.58-150200.3.37.1 * jetty-webapp-9.4.58-150200.3.37.1 * jetty-websocket-common-9.4.58-150200.3.37.1 * jetty-deploy-9.4.58-150200.3.37.1 * jetty-server-9.4.58-150200.3.37.1 * jetty-plus-9.4.58-150200.3.37.1 * jetty-jmx-9.4.58-150200.3.37.1 * jetty-util-9.4.58-150200.3.37.1 * jetty-cdi-9.4.58-150200.3.37.1 * jetty-http-spi-9.4.58-150200.3.37.1 * jetty-project-9.4.58-150200.3.37.1 * jetty-websocket-servlet-9.4.58-150200.3.37.1 * jetty-annotations-9.4.58-150200.3.37.1 * jetty-io-9.4.58-150200.3.37.1 * jetty-continuation-9.4.58-150200.3.37.1 * jetty-javax-websocket-server-impl-9.4.58-150200.3.37.1 * jetty-jaas-9.4.58-150200.3.37.1 * jetty-jndi-9.4.58-150200.3.37.1 * jetty-websocket-server-9.4.58-150200.3.37.1 * jetty-servlet-9.4.58-150200.3.37.1 * jetty-proxy-9.4.58-150200.3.37.1 * jetty-websocket-client-9.4.58-150200.3.37.1 * jetty-xml-9.4.58-150200.3.37.1 * jetty-ant-9.4.58-150200.3.37.1 * jetty-rewrite-9.4.58-150200.3.37.1 * jetty-servlets-9.4.58-150200.3.37.1 * jetty-util-ajax-9.4.58-150200.3.37.1 * jetty-openid-9.4.58-150200.3.37.1 * jetty-http-9.4.58-150200.3.37.1 * jetty-websocket-api-9.4.58-150200.3.37.1 * jetty-websocket-javadoc-9.4.58-150200.3.37.1 * jetty-fcgi-9.4.58-150200.3.37.1 * jetty-quickstart-9.4.58-150200.3.37.1 * jetty-client-9.4.58-150200.3.37.1 * Development Tools Module 15-SP7 (noarch) * jetty-util-9.4.58-150200.3.37.1 * jetty-util-ajax-9.4.58-150200.3.37.1 * jetty-http-9.4.58-150200.3.37.1 * jetty-servlet-9.4.58-150200.3.37.1 * jetty-security-9.4.58-150200.3.37.1 * jetty-server-9.4.58-150200.3.37.1 * jetty-io-9.4.58-150200.3.37.1 * SUSE Package Hub 15 15-SP7 (noarch) * jetty-continuation-9.4.58-150200.3.37.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11143.html * https://bugzilla.suse.com/show_bug.cgi?id=1259242 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:04 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 16:30:04 -0000 Subject: SUSE-SU-2026:1469-1: important: Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Message-ID: <177670260431.8795.10939972961030860106@5d6d53449fb2> # Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1469-1 Release Date: 2026-04-20T08:34:33Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.31 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1466=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1470=1 SUSE-SLE-Module-Live- Patching-15-SP7-2026-1469=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_25-default-debuginfo-4-150700.2.1 * kernel-livepatch-6_4_0-150700_53_25-default-4-150700.2.1 * kernel-livepatch-6_4_0-150700_53_28-default-debuginfo-4-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_9-debugsource-3-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_7-debugsource-4-150700.2.1 * kernel-livepatch-6_4_0-150700_53_31-default-3-150700.2.1 * kernel-livepatch-6_4_0-150700_53_28-default-4-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_8-debugsource-4-150700.2.1 * kernel-livepatch-6_4_0-150700_53_31-default-debuginfo-3-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:10 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 16:30:10 -0000 Subject: SUSE-SU-2026:1468-1: important: Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7) Message-ID: <177670261085.8795.11567548101959087583@5d6d53449fb2> # Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1468-1 Release Date: 2026-04-20T08:34:18Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.22 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1468=1 SUSE-SLE- Module-Live-Patching-15-SP7-2026-1465=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-livepatch-6_4_0-150700_53_16-default-9-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_6-debugsource-4-150700.2.1 * kernel-livepatch-6_4_0-150700_53_22-default-debuginfo-4-150700.2.1 * kernel-livepatch-6_4_0-150700_53_16-default-debuginfo-9-150700.2.1 * kernel-livepatch-6_4_0-150700_53_22-default-4-150700.2.1 * kernel-livepatch-SLE15-SP7_Update_4-debugsource-9-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:15 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 16:30:15 -0000 Subject: SUSE-SU-2026:1483-1: moderate: Security update for helm Message-ID: <177670261523.8795.6387475532147336760@5d6d53449fb2> # Security update for helm Announcement ID: SUSE-SU-2026:1483-1 Release Date: 2026-04-20T10:29:47Z Rating: moderate References: * bsc#1248093 * bsc#1261938 Cross-References: * CVE-2025-55199 * CVE-2026-35206 CVSS scores: * CVE-2025-55199 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-55199 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-55199 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-35206 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-35206 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2026-35206 ( NVD ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-35206 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: * Containers Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for helm fixes the following issues: * CVE-2025-55199: crafted JSON Schema can lead to out of memory (OOM) termination (bsc#1248093). * CVE-2026-35206: files written to unexpected directory via specially crafted Chart(bsc#1261938). Changes for helm: * Update to version 3.20.2 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1483=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1483=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1483=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * helm-debuginfo-3.20.2-150000.1.71.2 * helm-3.20.2-150000.1.71.2 * SUSE Linux Enterprise Micro 5.5 (noarch) * helm-bash-completion-3.20.2-150000.1.71.2 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * helm-debuginfo-3.20.2-150000.1.71.2 * helm-3.20.2-150000.1.71.2 * Containers Module 15-SP7 (noarch) * helm-bash-completion-3.20.2-150000.1.71.2 * helm-zsh-completion-3.20.2-150000.1.71.2 * SUSE Package Hub 15 15-SP7 (noarch) * helm-fish-completion-3.20.2-150000.1.71.2 ## References: * https://www.suse.com/security/cve/CVE-2025-55199.html * https://www.suse.com/security/cve/CVE-2026-35206.html * https://bugzilla.suse.com/show_bug.cgi?id=1248093 * https://bugzilla.suse.com/show_bug.cgi?id=1261938 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:18 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 16:30:18 -0000 Subject: SUSE-SU-2026:1482-1: moderate: Security update for openvswitch Message-ID: <177670261812.8795.17213485078329488544@5d6d53449fb2> # Security update for openvswitch Announcement ID: SUSE-SU-2026:1482-1 Release Date: 2026-04-20T10:10:04Z Rating: moderate References: * bsc#1261273 Cross-References: * CVE-2026-34956 CVSS scores: * CVE-2026-34956 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34956 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2026-34956: invalid memory access via crafted FTP payloads in userspace conntrack flows specifying the FTP alg handler (bsc#1261273). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1482=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libopenvswitch-2_11-0-2.11.5-3.30.1 * openvswitch-debuginfo-2.11.5-3.30.1 * openvswitch-debugsource-2.11.5-3.30.1 * openvswitch-2.11.5-3.30.1 * libopenvswitch-2_11-0-debuginfo-2.11.5-3.30.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34956.html * https://bugzilla.suse.com/show_bug.cgi?id=1261273 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:21 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 16:30:21 -0000 Subject: SUSE-SU-2026:1481-1: important: Security update for gegl Message-ID: <177670262159.8795.7949401348489137528@5d6d53449fb2> # Security update for gegl Announcement ID: SUSE-SU-2026:1481-1 Release Date: 2026-04-20T10:09:56Z Rating: important References: * bsc#1259749 Cross-References: * CVE-2026-2049 CVSS scores: * CVE-2026-2049 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-2049 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for gegl fixes the following issue: * CVE-2026-2049: improper validation of the length of user-supplied data when parsing HDR files can lead to a heap buffer overflow (bsc#1259749). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1481=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1481=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1481=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * gegl-debuginfo-0.4.46-150600.4.8.2 * gegl-0_4-0.4.46-150600.4.8.2 * gegl-debugsource-0.4.46-150600.4.8.2 * gegl-0_4-debuginfo-0.4.46-150600.4.8.2 * libgegl-0_4-0-0.4.46-150600.4.8.2 * libgegl-0_4-0-debuginfo-0.4.46-150600.4.8.2 * typelib-1_0-Gegl-0_4-0.4.46-150600.4.8.2 * gegl-devel-0.4.46-150600.4.8.2 * SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch) * gegl-0_4-lang-0.4.46-150600.4.8.2 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * gegl-debuginfo-0.4.46-150600.4.8.2 * gegl-0_4-0.4.46-150600.4.8.2 * gegl-debugsource-0.4.46-150600.4.8.2 * gegl-0_4-debuginfo-0.4.46-150600.4.8.2 * gegl-doc-0.4.46-150600.4.8.2 * libgegl-0_4-0-0.4.46-150600.4.8.2 * libgegl-0_4-0-debuginfo-0.4.46-150600.4.8.2 * typelib-1_0-Gegl-0_4-0.4.46-150600.4.8.2 * gegl-devel-0.4.46-150600.4.8.2 * gegl-0.4.46-150600.4.8.2 * openSUSE Leap 15.6 (noarch) * gegl-0_4-lang-0.4.46-150600.4.8.2 * openSUSE Leap 15.6 (x86_64) * libgegl-0_4-0-32bit-debuginfo-0.4.46-150600.4.8.2 * libgegl-0_4-0-32bit-0.4.46-150600.4.8.2 * openSUSE Leap 15.6 (aarch64_ilp32) * libgegl-0_4-0-64bit-debuginfo-0.4.46-150600.4.8.2 * libgegl-0_4-0-64bit-0.4.46-150600.4.8.2 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * gegl-debuginfo-0.4.46-150600.4.8.2 * gegl-0_4-0.4.46-150600.4.8.2 * gegl-debugsource-0.4.46-150600.4.8.2 * gegl-0_4-debuginfo-0.4.46-150600.4.8.2 * gegl-doc-0.4.46-150600.4.8.2 * libgegl-0_4-0-0.4.46-150600.4.8.2 * libgegl-0_4-0-debuginfo-0.4.46-150600.4.8.2 * typelib-1_0-Gegl-0_4-0.4.46-150600.4.8.2 * gegl-devel-0.4.46-150600.4.8.2 * gegl-0.4.46-150600.4.8.2 * SUSE Package Hub 15 15-SP7 (noarch) * gegl-0_4-lang-0.4.46-150600.4.8.2 ## References: * https://www.suse.com/security/cve/CVE-2026-2049.html * https://bugzilla.suse.com/show_bug.cgi?id=1259749 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:23 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 16:30:23 -0000 Subject: SUSE-SU-2026:1480-1: important: Security update for buildah Message-ID: <177670262305.8795.11183872261430292669@5d6d53449fb2> # Security update for buildah Announcement ID: SUSE-SU-2026:1480-1 Release Date: 2026-04-20T10:09:40Z Rating: important References: Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that can now be installed. ## Description: This update for buildah rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1480=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1480=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1480=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1480=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1480=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * buildah-1.35.5-150400.3.61.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * buildah-1.35.5-150400.3.61.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * buildah-1.35.5-150400.3.61.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * buildah-1.35.5-150400.3.61.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * buildah-1.35.5-150400.3.61.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:26 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 16:30:26 -0000 Subject: SUSE-SU-2026:1479-1: important: Security update for gegl Message-ID: <177670262620.8795.17655163424664713568@5d6d53449fb2> # Security update for gegl Announcement ID: SUSE-SU-2026:1479-1 Release Date: 2026-04-20T10:09:18Z Rating: important References: * bsc#1259749 Cross-References: * CVE-2026-2049 CVSS scores: * CVE-2026-2049 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-2049 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gegl fixes the following issue: * CVE-2026-2049: improper validation of the length of user-supplied data when parsing HDR files can lead to a heap buffer overflow (bsc#1259749). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1479=1 * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1479=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * gegl-devel-0.2.0-15.14.2 * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * gegl-devel-0.2.0-15.14.2 ## References: * https://www.suse.com/security/cve/CVE-2026-2049.html * https://bugzilla.suse.com/show_bug.cgi?id=1259749 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:39 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 16:30:39 -0000 Subject: SUSE-SU-2026:1478-1: important: Security update for nodejs22 Message-ID: <177670263903.8795.12317081150987650342@5d6d53449fb2> # Security update for nodejs22 Announcement ID: SUSE-SU-2026:1478-1 Release Date: 2026-04-20T10:09:08Z Rating: important References: * bsc#1256576 * bsc#1260455 * bsc#1260462 * bsc#1260463 * bsc#1260480 * bsc#1260482 * bsc#1260494 Cross-References: * CVE-2026-21637 * CVE-2026-21710 * CVE-2026-21713 * CVE-2026-21714 * CVE-2026-21715 * CVE-2026-21716 * CVE-2026-21717 CVSS scores: * CVE-2026-21637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21713 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21714 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21715 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21716 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21716 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21717 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7 An update that solves seven vulnerabilities can now be installed. ## Description: This update for nodejs22 fixes the following issues: Update to version 22.22.2. * CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request (bsc#1260494). * CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file permissions and ownership on already-open file descriptors (bsc#1260462). * CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482). * CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480). * CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and potential MAC forgery (bsc#1260463). * CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455). * CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-1478=1 ## Package List: * Web and Scripting Module 15-SP7 (aarch64 ppc64le s390x x86_64) * nodejs22-devel-22.22.2-150700.3.9.1 * nodejs22-debuginfo-22.22.2-150700.3.9.1 * nodejs22-debugsource-22.22.2-150700.3.9.1 * nodejs22-22.22.2-150700.3.9.1 * npm22-22.22.2-150700.3.9.1 * Web and Scripting Module 15-SP7 (noarch) * nodejs22-docs-22.22.2-150700.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21637.html * https://www.suse.com/security/cve/CVE-2026-21710.html * https://www.suse.com/security/cve/CVE-2026-21713.html * https://www.suse.com/security/cve/CVE-2026-21714.html * https://www.suse.com/security/cve/CVE-2026-21715.html * https://www.suse.com/security/cve/CVE-2026-21716.html * https://www.suse.com/security/cve/CVE-2026-21717.html * https://bugzilla.suse.com/show_bug.cgi?id=1256576 * https://bugzilla.suse.com/show_bug.cgi?id=1260455 * https://bugzilla.suse.com/show_bug.cgi?id=1260462 * https://bugzilla.suse.com/show_bug.cgi?id=1260463 * https://bugzilla.suse.com/show_bug.cgi?id=1260480 * https://bugzilla.suse.com/show_bug.cgi?id=1260482 * https://bugzilla.suse.com/show_bug.cgi?id=1260494 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:46 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 16:30:46 -0000 Subject: SUSE-SU-2026:1477-1: low: Security update for opensc Message-ID: <177670264672.8795.12730729390714963031@5d6d53449fb2> # Security update for opensc Announcement ID: SUSE-SU-2026:1477-1 Release Date: 2026-04-20T10:08:55Z Rating: low References: * bsc#1261214 * bsc#1261218 * bsc#1261219 * bsc#1261220 Cross-References: * CVE-2025-49010 * CVE-2025-66037 * CVE-2025-66038 * CVE-2025-66215 CVSS scores: * CVE-2025-49010 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-49010 ( SUSE ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-49010 ( NVD ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-49010 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-66037 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-66037 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66037 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-66037 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66038 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-66038 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66038 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66038 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-66215 ( SUSE ): 1.0 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-66215 ( SUSE ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-66215 ( NVD ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2025-66215 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves four vulnerabilities can now be installed. ## Description: This update for opensc fixes the following issues: * CVE-2025-49010: specially crafted smart card or USB device can lead to a stack buffer overflow write in `GET RESPONSE` (bsc#1261214). * CVE-2025-66037: specially crafted input processed by the `fuzz_pkcs15_reader` harness can lead to an out-of-bounds heap read in the X.509/SPKI handling path (bsc#1261218). * CVE-2025-66038: improper compact-TLV length validation can lead to the dereferecing of out-of-bounds pointers and memory corruption (bsc#1261219). * CVE-2025-66215: specially crafted smart card or USB device can lead to a stack buffer overflow write in `card-oberthur` (bsc#1261220). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1477=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1477=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * opensc-debugsource-0.19.0-150100.3.34.1 * opensc-debuginfo-0.19.0-150100.3.34.1 * opensc-0.19.0-150100.3.34.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * opensc-debugsource-0.19.0-150100.3.34.1 * opensc-debuginfo-0.19.0-150100.3.34.1 * opensc-0.19.0-150100.3.34.1 ## References: * https://www.suse.com/security/cve/CVE-2025-49010.html * https://www.suse.com/security/cve/CVE-2025-66037.html * https://www.suse.com/security/cve/CVE-2025-66038.html * https://www.suse.com/security/cve/CVE-2025-66215.html * https://bugzilla.suse.com/show_bug.cgi?id=1261214 * https://bugzilla.suse.com/show_bug.cgi?id=1261218 * https://bugzilla.suse.com/show_bug.cgi?id=1261219 * https://bugzilla.suse.com/show_bug.cgi?id=1261220 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:49 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 16:30:49 -0000 Subject: SUSE-RU-2026:1475-1: low: Recommended update for sles-release Message-ID: <177670264989.8795.12827506625887564789@5d6d53449fb2> # Recommended update for sles-release Announcement ID: SUSE-RU-2026:1475-1 Release Date: 2026-04-20T10:02:28Z Rating: low References: Affected Products: * SUSE Linux Enterprise Server 15 SP7 An update that can now be installed. ## Description: This update for sles-release fixes the following issue: * Adjust product and codestream EOL. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP7 zypper in -t patch SUSE-SLE-Product-SLES-15-SP7-2026-1475=1 ## Package List: * SUSE Linux Enterprise Server 15 SP7 (aarch64 ppc64le s390x x86_64) * sles-release-15.7-150700.67.6.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:48 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 16:30:48 -0000 Subject: SUSE-OU-2026:1476-1: low: Optional update for python-lib4sbom Message-ID: <177670264848.8795.16104936961100341494@5d6d53449fb2> # Optional update for python-lib4sbom Announcement ID: SUSE-OU-2026:1476-1 Release Date: 2026-04-20T10:03:08Z Rating: low References: * jsc#PED-15491 Affected Products: * Python 3 Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that contains one feature can now be installed. ## Description: This update for python-lib4sbom fixes the following issues: * Add python-lib4sbom to SLES (jsc#PED-15491) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Python 3 Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-1476=1 ## Package List: * Python 3 Module 15-SP7 (noarch) * python311-lib4sbom-0.9.4-150700.15.3.1 ## References: * https://jira.suse.com/browse/PED-15491 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:52 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 16:30:52 -0000 Subject: SUSE-OU-2026:1474-1: low: Optional update for luajit Message-ID: <177670265254.8795.9304671671112531780@5d6d53449fb2> # Optional update for luajit Announcement ID: SUSE-OU-2026:1474-1 Release Date: 2026-04-20T10:01:06Z Rating: low References: * bsc#1256935 Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that has one fix can now be installed. ## Description: This update for luajit fixes the following issue: * Add luajit-devel to 15-SP7 PackageHUB module, no source change. (bsc#1256935) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1474=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1474=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1474=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1474=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * luajit-devel-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * openSUSE Leap 15.6 (x86_64) * libluajit-5_1-2-32bit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * libluajit-5_1-2-32bit-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * luajit-devel-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * luajit-devel-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * openSUSE Leap 15.4 (x86_64) * libluajit-5_1-2-32bit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * libluajit-5_1-2-32bit-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libluajit-5_1-2-64bit-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 * libluajit-5_1-2-64bit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1256935 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:31:03 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 16:31:03 -0000 Subject: SUSE-RU-2026:1467-1: moderate: Recommended update for mozilla-nss Message-ID: <177670266341.8795.17662536331596718288@5d6d53449fb2> # Recommended update for mozilla-nss Announcement ID: SUSE-RU-2026:1467-1 Release Date: 2026-04-20T08:10:50Z Rating: moderate References: Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that can now be installed. ## Description: This update for mozilla-nss fixes the following issues: Update to NSS 3.112.4: * improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey. * Improving the allocation of S/MIME DecryptSymKey. * store email on subject cache_entry in NSS trust domain. * Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation. * Improve size calculations in CMS content buffering. * avoid integer overflow while escaping RFC822 Names. * Reject excessively large ASN.1 SEQUENCE OF in quickder. * Deep copy profile data in CERT_FindSMimeProfile. * Improve input validation in DSAU signature decoding. * avoid integer overflow in RSA_EMSAEncodePSS. * RSA_EMSAEncodePSS should validate the length of mHash. * Add a maximum cert uncompressed len and tests. * Clarify extension negotiation mechanism for TLS Handshakes. * ensure permittedSubtrees don't match wildcards that could be outside the permitted tree. * Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag. * Remove invalid PORT_Free(). * free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed. * make ss->ssl3.hs.cookie an owned-copy of the cookie. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1467=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1467=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * mozilla-nss-certs-3.112.4-150000.3.138.1 * libfreebl3-3.112.4-150000.3.138.1 * libfreebl3-debuginfo-3.112.4-150000.3.138.1 * mozilla-nss-certs-debuginfo-3.112.4-150000.3.138.1 * libsoftokn3-debuginfo-3.112.4-150000.3.138.1 * mozilla-nss-tools-debuginfo-3.112.4-150000.3.138.1 * mozilla-nss-3.112.4-150000.3.138.1 * mozilla-nss-debugsource-3.112.4-150000.3.138.1 * mozilla-nss-debuginfo-3.112.4-150000.3.138.1 * mozilla-nss-tools-3.112.4-150000.3.138.1 * libsoftokn3-3.112.4-150000.3.138.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * mozilla-nss-certs-3.112.4-150000.3.138.1 * libfreebl3-3.112.4-150000.3.138.1 * libfreebl3-debuginfo-3.112.4-150000.3.138.1 * mozilla-nss-certs-debuginfo-3.112.4-150000.3.138.1 * libsoftokn3-debuginfo-3.112.4-150000.3.138.1 * mozilla-nss-tools-debuginfo-3.112.4-150000.3.138.1 * mozilla-nss-3.112.4-150000.3.138.1 * mozilla-nss-debugsource-3.112.4-150000.3.138.1 * mozilla-nss-debuginfo-3.112.4-150000.3.138.1 * mozilla-nss-tools-3.112.4-150000.3.138.1 * libsoftokn3-3.112.4-150000.3.138.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:30:57 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 16:30:57 -0000 Subject: SUSE-RU-2026:1473-1: important: Recommended update for grub2 Message-ID: <177670265776.8795.2815934568565423271@5d6d53449fb2> # Recommended update for grub2 Announcement ID: SUSE-RU-2026:1473-1 Release Date: 2026-04-20T09:32:11Z Rating: important References: * bsc#1249385 * bsc#1259543 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that has two fixes can now be installed. ## Description: This update for grub2 fixes the following issues: * Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385) * use net config for boot location instead of * Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543) * btrfs: add ability to boot from subvolumes * btrfs: get default subvolume ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1473=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1473=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1473=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * grub2-2.12-150600.8.52.1 * grub2-branding-upstream-2.12-150600.8.52.1 * grub2-debuginfo-2.12-150600.8.52.1 * openSUSE Leap 15.6 (aarch64 s390x x86_64 i586) * grub2-debugsource-2.12-150600.8.52.1 * openSUSE Leap 15.6 (noarch) * grub2-i386-pc-2.12-150600.8.52.1 * grub2-snapper-plugin-2.12-150600.8.52.1 * grub2-i386-xen-debug-2.12-150600.8.52.1 * grub2-powerpc-ieee1275-extras-2.12-150600.8.52.1 * grub2-i386-efi-2.12-150600.8.52.1 * grub2-x86_64-efi-2.12-150600.8.52.1 * grub2-powerpc-ieee1275-2.12-150600.8.52.1 * grub2-arm64-efi-2.12-150600.8.52.1 * grub2-powerpc-ieee1275-debug-2.12-150600.8.52.1 * grub2-x86_64-efi-debug-2.12-150600.8.52.1 * grub2-i386-xen-2.12-150600.8.52.1 * grub2-s390x-emu-extras-2.12-150600.8.52.1 * grub2-x86_64-efi-extras-2.12-150600.8.52.1 * grub2-i386-efi-extras-2.12-150600.8.52.1 * grub2-x86_64-xen-debug-2.12-150600.8.52.1 * grub2-i386-xen-extras-2.12-150600.8.52.1 * grub2-arm64-efi-debug-2.12-150600.8.52.1 * grub2-i386-pc-extras-2.12-150600.8.52.1 * grub2-i386-efi-debug-2.12-150600.8.52.1 * grub2-arm64-efi-extras-2.12-150600.8.52.1 * grub2-i386-pc-debug-2.12-150600.8.52.1 * grub2-x86_64-xen-2.12-150600.8.52.1 * grub2-x86_64-xen-extras-2.12-150600.8.52.1 * grub2-systemd-sleep-plugin-2.12-150600.8.52.1 * openSUSE Leap 15.6 (s390x) * grub2-s390x-emu-2.12-150600.8.52.1 * grub2-s390x-emu-debug-2.12-150600.8.52.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * grub2-2.12-150600.8.52.1 * grub2-debuginfo-2.12-150600.8.52.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * grub2-arm64-efi-2.12-150600.8.52.1 * grub2-i386-pc-2.12-150600.8.52.1 * grub2-snapper-plugin-2.12-150600.8.52.1 * grub2-x86_64-efi-2.12-150600.8.52.1 * grub2-x86_64-xen-2.12-150600.8.52.1 * grub2-powerpc-ieee1275-2.12-150600.8.52.1 * grub2-systemd-sleep-plugin-2.12-150600.8.52.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 s390x x86_64) * grub2-debugsource-2.12-150600.8.52.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (s390x) * grub2-s390x-emu-2.12-150600.8.52.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * grub2-2.12-150600.8.52.1 * grub2-debuginfo-2.12-150600.8.52.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * grub2-i386-pc-2.12-150600.8.52.1 * grub2-snapper-plugin-2.12-150600.8.52.1 * grub2-x86_64-efi-2.12-150600.8.52.1 * grub2-x86_64-xen-2.12-150600.8.52.1 * grub2-powerpc-ieee1275-2.12-150600.8.52.1 * grub2-systemd-sleep-plugin-2.12-150600.8.52.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64) * grub2-debugsource-2.12-150600.8.52.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1249385 * https://bugzilla.suse.com/show_bug.cgi?id=1259543 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 16:31:01 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 16:31:01 -0000 Subject: SUSE-RU-2026:1472-1: important: Recommended update for grub2 Message-ID: <177670266117.8795.4938037803408185867@5d6d53449fb2> # Recommended update for grub2 Announcement ID: SUSE-RU-2026:1472-1 Release Date: 2026-04-20T09:31:59Z Rating: important References: * bsc#1259543 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Micro 5.5 An update that has one fix can now be installed. ## Description: This update for grub2 fixes the following issues: * Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543) * btrfs: add ability to boot from subvolumes * btrfs: get default subvolume ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1472=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1472=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * grub2-branding-upstream-2.06-150500.29.65.1 * grub2-2.06-150500.29.65.1 * grub2-debuginfo-2.06-150500.29.65.1 * openSUSE Leap 15.5 (aarch64 s390x x86_64 i586) * grub2-debugsource-2.06-150500.29.65.1 * openSUSE Leap 15.5 (noarch) * grub2-x86_64-efi-extras-2.06-150500.29.65.1 * grub2-x86_64-xen-debug-2.06-150500.29.65.1 * grub2-snapper-plugin-2.06-150500.29.65.1 * grub2-s390x-emu-extras-2.06-150500.29.65.1 * grub2-x86_64-efi-debug-2.06-150500.29.65.1 * grub2-x86_64-xen-extras-2.06-150500.29.65.1 * grub2-i386-xen-extras-2.06-150500.29.65.1 * grub2-i386-efi-2.06-150500.29.65.1 * grub2-powerpc-ieee1275-2.06-150500.29.65.1 * grub2-i386-pc-2.06-150500.29.65.1 * grub2-i386-efi-extras-2.06-150500.29.65.1 * grub2-i386-xen-debug-2.06-150500.29.65.1 * grub2-x86_64-xen-2.06-150500.29.65.1 * grub2-arm64-efi-extras-2.06-150500.29.65.1 * grub2-arm64-efi-debug-2.06-150500.29.65.1 * grub2-i386-efi-debug-2.06-150500.29.65.1 * grub2-arm64-efi-2.06-150500.29.65.1 * grub2-i386-xen-2.06-150500.29.65.1 * grub2-i386-pc-debug-2.06-150500.29.65.1 * grub2-x86_64-efi-2.06-150500.29.65.1 * grub2-i386-pc-extras-2.06-150500.29.65.1 * grub2-systemd-sleep-plugin-2.06-150500.29.65.1 * grub2-powerpc-ieee1275-debug-2.06-150500.29.65.1 * grub2-powerpc-ieee1275-extras-2.06-150500.29.65.1 * openSUSE Leap 15.5 (s390x) * grub2-s390x-emu-2.06-150500.29.65.1 * grub2-s390x-emu-debug-2.06-150500.29.65.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * grub2-2.06-150500.29.65.1 * grub2-debuginfo-2.06-150500.29.65.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * grub2-x86_64-xen-2.06-150500.29.65.1 * grub2-x86_64-efi-2.06-150500.29.65.1 * grub2-powerpc-ieee1275-2.06-150500.29.65.1 * grub2-snapper-plugin-2.06-150500.29.65.1 * grub2-i386-pc-2.06-150500.29.65.1 * grub2-arm64-efi-2.06-150500.29.65.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * grub2-debugsource-2.06-150500.29.65.1 * SUSE Linux Enterprise Micro 5.5 (s390x) * grub2-s390x-emu-2.06-150500.29.65.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1259543 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 20:30:01 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 20:30:01 -0000 Subject: SUSE-SU-2026:1492-1: important: Security update for docker Message-ID: <177671700146.7325.804513002356103@5a8be24cc32b> # Security update for docker Announcement ID: SUSE-SU-2026:1492-1 Release Date: 2026-04-20T15:57:20Z Rating: important References: Affected Products: * Basesystem Module 15-SP7 * Containers Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for docker rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1492=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1492=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1492=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1492=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1492=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1492=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1492=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1492=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1492=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1492=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1492=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1492=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1492=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1492=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1492=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1492=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1492=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1492=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1492=1 ## Package List: * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * docker-zsh-completion-28.5.1_ce-150000.245.2 * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * docker-zsh-completion-28.5.1_ce-150000.245.2 * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * Containers Module 15-SP7 (noarch) * docker-zsh-completion-28.5.1_ce-150000.245.2 * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * docker-debuginfo-28.5.1_ce-150000.245.2 * docker-buildx-debuginfo-0.29.0-150000.245.2 * docker-28.5.1_ce-150000.245.2 * docker-buildx-0.29.0-150000.245.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * docker-bash-completion-28.5.1_ce-150000.245.2 * docker-rootless-extras-28.5.1_ce-150000.245.2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 20:30:03 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 20:30:03 -0000 Subject: SUSE-SU-2026:1491-1: important: Security update for buildah Message-ID: <177671700301.7325.4611832804690344719@5a8be24cc32b> # Security update for buildah Announcement ID: SUSE-SU-2026:1491-1 Release Date: 2026-04-20T15:55:20Z Rating: important References: Affected Products: * Containers Module 15-SP7 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for buildah rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1491=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1491=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1491=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1491=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1491=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1491=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1491=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1491=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * buildah-1.35.5-150500.3.55.1 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * buildah-1.35.5-150500.3.55.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * buildah-1.35.5-150500.3.55.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * buildah-1.35.5-150500.3.55.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * buildah-1.35.5-150500.3.55.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * buildah-1.35.5-150500.3.55.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * buildah-1.35.5-150500.3.55.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * buildah-1.35.5-150500.3.55.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 20:30:04 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 20:30:04 -0000 Subject: SUSE-SU-2026:1490-1: important: Security update for kubernetes Message-ID: <177671700450.7325.14061816310424013176@5a8be24cc32b> # Security update for kubernetes Announcement ID: SUSE-SU-2026:1490-1 Release Date: 2026-04-20T15:54:48Z Rating: important References: Affected Products: * Containers Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for kubernetes rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1490=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1490=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * kubernetes1.35-client-common-1.35.0-150600.13.29.1 * kubernetes1.35-client-1.35.0-150600.13.29.1 * openSUSE Leap 15.6 (noarch) * kubernetes1.35-client-bash-completion-1.35.0-150600.13.29.1 * kubernetes1.35-client-fish-completion-1.35.0-150600.13.29.1 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * kubernetes1.35-client-common-1.35.0-150600.13.29.1 * kubernetes1.35-client-1.35.0-150600.13.29.1 * Containers Module 15-SP7 (noarch) * kubernetes1.35-client-bash-completion-1.35.0-150600.13.29.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 20:30:08 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 20:30:08 -0000 Subject: SUSE-SU-2026:1488-1: important: Security update for rekor Message-ID: <177671700827.7325.9035051887915910558@5a8be24cc32b> # Security update for rekor Announcement ID: SUSE-SU-2026:1488-1 Release Date: 2026-04-20T15:54:29Z Rating: important References: Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for rekor rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1488=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1488=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1488=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1488=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1488=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1488=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1488=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1488=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1488=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1488=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1488=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1488=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * rekor-1.4.3-150400.4.30.1 * rekor-debuginfo-1.4.3-150400.4.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * rekor-1.4.3-150400.4.30.1 * rekor-debuginfo-1.4.3-150400.4.30.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * rekor-1.4.3-150400.4.30.1 * rekor-debuginfo-1.4.3-150400.4.30.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * rekor-1.4.3-150400.4.30.1 * rekor-debuginfo-1.4.3-150400.4.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * rekor-1.4.3-150400.4.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * rekor-1.4.3-150400.4.30.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 20:30:06 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 20:30:06 -0000 Subject: SUSE-SU-2026:1489-1: important: Security update for kubernetes-old Message-ID: <177671700663.7325.4508906948647733056@5a8be24cc32b> # Security update for kubernetes-old Announcement ID: SUSE-SU-2026:1489-1 Release Date: 2026-04-20T15:54:39Z Rating: important References: Affected Products: * Containers Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for kubernetes-old rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1489=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1489=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * kubernetes1.33-client-1.33.7-150600.13.27.1 * kubernetes1.33-client-common-1.33.7-150600.13.27.1 * openSUSE Leap 15.6 (noarch) * kubernetes1.33-client-bash-completion-1.33.7-150600.13.27.1 * kubernetes1.33-client-fish-completion-1.33.7-150600.13.27.1 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * kubernetes1.33-client-1.33.7-150600.13.27.1 * kubernetes1.33-client-common-1.33.7-150600.13.27.1 * Containers Module 15-SP7 (noarch) * kubernetes1.33-client-bash-completion-1.33.7-150600.13.27.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 20:30:10 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 20:30:10 -0000 Subject: SUSE-SU-2026:1487-1: important: Security update for runc Message-ID: <177671701073.7325.2408635625042500771@5a8be24cc32b> # Security update for runc Announcement ID: SUSE-SU-2026:1487-1 Release Date: 2026-04-20T15:53:00Z Rating: important References: Affected Products: * Basesystem Module 15-SP7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for runc rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1487=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1487=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1487=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1487=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1487=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1487=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1487=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1487=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1487=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1487=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1487=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1487=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1487=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1487=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1487=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1487=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2026-1487=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1487=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1487=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * runc-1.3.4-150000.92.1 * runc-debuginfo-1.3.4-150000.92.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 20:30:12 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 20:30:12 -0000 Subject: SUSE-SU-2026:1486-1: important: Security update for cosign Message-ID: <177671701220.7325.5909790549444224137@5a8be24cc32b> # Security update for cosign Announcement ID: SUSE-SU-2026:1486-1 Release Date: 2026-04-20T15:51:24Z Rating: important References: Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for cosign rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1486=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1486=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1486=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1486=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1486=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1486=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1486=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1486=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1486=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1486=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1486=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1486=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * cosign-3.0.5-150400.3.39.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * cosign-3.0.5-150400.3.39.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * cosign-3.0.5-150400.3.39.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * cosign-3.0.5-150400.3.39.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * cosign-3.0.5-150400.3.39.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * cosign-debuginfo-3.0.5-150400.3.39.1 * cosign-3.0.5-150400.3.39.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * cosign-3.0.5-150400.3.39.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * cosign-3.0.5-150400.3.39.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * cosign-debuginfo-3.0.5-150400.3.39.1 * cosign-3.0.5-150400.3.39.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * cosign-debuginfo-3.0.5-150400.3.39.1 * cosign-3.0.5-150400.3.39.1 * openSUSE Leap 15.4 (noarch) * cosign-bash-completion-3.0.5-150400.3.39.1 * cosign-zsh-completion-3.0.5-150400.3.39.1 * cosign-fish-completion-3.0.5-150400.3.39.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * cosign-debuginfo-3.0.5-150400.3.39.1 * cosign-3.0.5-150400.3.39.1 * Basesystem Module 15-SP7 (noarch) * cosign-bash-completion-3.0.5-150400.3.39.1 * cosign-zsh-completion-3.0.5-150400.3.39.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * cosign-3.0.5-150400.3.39.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 20:30:16 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 20:30:16 -0000 Subject: SUSE-RU-2026:1485-1: low: Recommended update for dejavu-fonts, arphic-uming-fonts, arphic-ukai-fonts, arphic-fonts, liberation-fonts, efont-unicode-bitmap-fonts Message-ID: <177671701695.7325.3711650904563154627@5a8be24cc32b> # Recommended update for dejavu-fonts, arphic-uming-fonts, arphic-ukai-fonts, arphic-fonts, liberation-fonts, efont-unicode-bitmap-fonts Announcement ID: SUSE-RU-2026:1485-1 Release Date: 2026-04-20T14:54:34Z Rating: low References: * bsc#1252142 Affected Products: * Basesystem Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has one fix can now be installed. ## Description: This update for dejavu-fonts, arphic-uming-fonts, arphic-ukai-fonts, arphic- fonts, liberation-fonts, efont-unicode-bitmap-fonts fixes the following issues: * use %license tag [bsc#1252142] ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1485=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1485=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1485=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1485=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1485=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1485=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1485=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1485=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1485=1 ## Package List: * openSUSE Leap 15.6 (noarch) * arphic-bsmi00lp-fonts-20001125-150000.3.4.1 * arphic-bkai00mp-fonts-20001125-150000.3.4.1 * arphic-gkai00mp-fonts-20001125-150000.3.4.1 * arphic-fonts-20001125-150000.3.4.1 * arphic-ukai-fonts-0.2.20080216.1-150000.3.3.1 * dejavu-fonts-2.37-150000.3.3.1 * efont-unicode-bitmap-fonts-0.4.2-150000.3.3.1 * arphic-gbsn00lp-fonts-20001125-150000.3.4.1 * liberation-fonts-1.07.4-150000.4.5.1 * arphic-uming-fonts-0.2.20080216.1-150000.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * dejavu-fonts-2.37-150000.3.3.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * dejavu-fonts-2.37-150000.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * dejavu-fonts-2.37-150000.3.3.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * dejavu-fonts-2.37-150000.3.3.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * dejavu-fonts-2.37-150000.3.3.1 * Basesystem Module 15-SP7 (noarch) * arphic-bsmi00lp-fonts-20001125-150000.3.4.1 * arphic-bkai00mp-fonts-20001125-150000.3.4.1 * arphic-gkai00mp-fonts-20001125-150000.3.4.1 * arphic-fonts-20001125-150000.3.4.1 * arphic-ukai-fonts-0.2.20080216.1-150000.3.3.1 * dejavu-fonts-2.37-150000.3.3.1 * efont-unicode-bitmap-fonts-0.4.2-150000.3.3.1 * arphic-gbsn00lp-fonts-20001125-150000.3.4.1 * liberation-fonts-1.07.4-150000.4.5.1 * arphic-uming-fonts-0.2.20080216.1-150000.3.3.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * dejavu-fonts-2.37-150000.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * dejavu-fonts-2.37-150000.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1252142 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Apr 20 20:30:18 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 20 Apr 2026 20:30:18 -0000 Subject: SUSE-SU-2026:1484-1: important: Security update for container-suseconnect Message-ID: <177671701829.7325.7776245959499890498@5a8be24cc32b> # Security update for container-suseconnect Announcement ID: SUSE-SU-2026:1484-1 Release Date: 2026-04-20T13:35:38Z Rating: important References: Affected Products: * Containers Module 15-SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for container-suseconnect rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1484=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1484=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1484=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1484=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1484=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1484=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1484=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1484=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1484=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1484=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1484=1 ## Package List: * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * container-suseconnect-2.5.6-150000.4.84.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * container-suseconnect-2.5.6-150000.4.84.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:30:07 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 08:30:07 -0000 Subject: SUSE-SU-2026:1504-1: moderate: Security update for GraphicsMagick Message-ID: <177676020759.7466.15314776911540667784@4d3cf67d624c> # Security update for GraphicsMagick Announcement ID: SUSE-SU-2026:1504-1 Release Date: 2026-04-20T16:18:42Z Rating: moderate References: * bsc#1260874 Cross-References: * CVE-2026-33535 CVSS scores: * CVE-2026-33535 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for GraphicsMagick fixes the following issue: * CVE-2026-33535: Out-of-Bounds write of a zero byte in X11 display interaction (bsc#1260874). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1504=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1504=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * GraphicsMagick-1.3.42-150600.3.21.1 * libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.21.1 * libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.21.1 * perl-GraphicsMagick-1.3.42-150600.3.21.1 * libGraphicsMagick-Q16-3-1.3.42-150600.3.21.1 * libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.21.1 * libGraphicsMagick++-devel-1.3.42-150600.3.21.1 * libGraphicsMagick3-config-1.3.42-150600.3.21.1 * libGraphicsMagickWand-Q16-2-1.3.42-150600.3.21.1 * libGraphicsMagick++-Q16-12-1.3.42-150600.3.21.1 * GraphicsMagick-devel-1.3.42-150600.3.21.1 * GraphicsMagick-debuginfo-1.3.42-150600.3.21.1 * GraphicsMagick-debugsource-1.3.42-150600.3.21.1 * perl-GraphicsMagick-debuginfo-1.3.42-150600.3.21.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * GraphicsMagick-1.3.42-150600.3.21.1 * libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.21.1 * libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.21.1 * perl-GraphicsMagick-1.3.42-150600.3.21.1 * libGraphicsMagick-Q16-3-1.3.42-150600.3.21.1 * libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.21.1 * libGraphicsMagick++-devel-1.3.42-150600.3.21.1 * libGraphicsMagick3-config-1.3.42-150600.3.21.1 * libGraphicsMagickWand-Q16-2-1.3.42-150600.3.21.1 * libGraphicsMagick++-Q16-12-1.3.42-150600.3.21.1 * GraphicsMagick-devel-1.3.42-150600.3.21.1 * GraphicsMagick-debuginfo-1.3.42-150600.3.21.1 * GraphicsMagick-debugsource-1.3.42-150600.3.21.1 * perl-GraphicsMagick-debuginfo-1.3.42-150600.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33535.html * https://bugzilla.suse.com/show_bug.cgi?id=1260874 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:30:11 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 08:30:11 -0000 Subject: SUSE-SU-2026:1503-1: moderate: Security update for python Message-ID: <177676021127.7466.5972540853857708712@4d3cf67d624c> # Security update for python Announcement ID: SUSE-SU-2026:1503-1 Release Date: 2026-04-20T16:17:55Z Rating: moderate References: * bsc#1261970 Cross-References: * CVE-2026-3446 CVSS scores: * CVE-2026-3446 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-3446 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that solves one vulnerability can now be installed. ## Description: This update for python fixes the following issue: * CVE-2026-3446: Base64 decoding stops at first padded quad by default (bsc#1261970). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1503=1 ## Package List: * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * python-base-debuginfo-2.7.18-150000.117.1 * python-gdbm-2.7.18-150000.117.1 * python-debugsource-2.7.18-150000.117.1 * python-base-2.7.18-150000.117.1 * python-xml-debuginfo-2.7.18-150000.117.1 * libpython2_7-1_0-2.7.18-150000.117.1 * python-debuginfo-2.7.18-150000.117.1 * python-curses-debuginfo-2.7.18-150000.117.1 * python-curses-2.7.18-150000.117.1 * python-gdbm-debuginfo-2.7.18-150000.117.1 * python-2.7.18-150000.117.1 * libpython2_7-1_0-debuginfo-2.7.18-150000.117.1 * python-base-debugsource-2.7.18-150000.117.1 * python-xml-2.7.18-150000.117.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1261970 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:30:17 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 08:30:17 -0000 Subject: SUSE-SU-2026:1502-1: moderate: Security update for python312 Message-ID: <177676021732.7466.16622067844200695642@4d3cf67d624c> # Security update for python312 Announcement ID: SUSE-SU-2026:1502-1 Release Date: 2026-04-20T16:17:01Z Rating: moderate References: * bsc#1258364 * bsc#1261970 Cross-References: * CVE-2026-3446 CVSS scores: * CVE-2026-3446 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-3446 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for python312 fixes the following issues: * CVE-2026-3446: Base64 decoding stops at first padded quad by default (bsc#1261970). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1502=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python312-3.12.13-150600.3.56.1 * python312-debuginfo-3.12.13-150600.3.56.1 * python312-base-3.12.13-150600.3.56.1 * python312-core-debugsource-3.12.13-150600.3.56.1 * python312-doc-devhelp-3.12.13-150600.3.56.1 * python312-testsuite-3.12.13-150600.3.56.1 * python312-tk-3.12.13-150600.3.56.1 * python312-dbm-debuginfo-3.12.13-150600.3.56.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.56.1 * python312-tools-3.12.13-150600.3.56.1 * python312-devel-3.12.13-150600.3.56.1 * python312-base-debuginfo-3.12.13-150600.3.56.1 * python312-tk-debuginfo-3.12.13-150600.3.56.1 * libpython3_12-1_0-3.12.13-150600.3.56.1 * python312-debugsource-3.12.13-150600.3.56.1 * python312-dbm-3.12.13-150600.3.56.1 * python312-testsuite-debuginfo-3.12.13-150600.3.56.1 * python312-curses-3.12.13-150600.3.56.1 * python312-curses-debuginfo-3.12.13-150600.3.56.1 * python312-idle-3.12.13-150600.3.56.1 * python312-doc-3.12.13-150600.3.56.1 * openSUSE Leap 15.6 (x86_64) * libpython3_12-1_0-32bit-3.12.13-150600.3.56.1 * python312-32bit-debuginfo-3.12.13-150600.3.56.1 * python312-base-32bit-3.12.13-150600.3.56.1 * python312-32bit-3.12.13-150600.3.56.1 * python312-base-32bit-debuginfo-3.12.13-150600.3.56.1 * libpython3_12-1_0-32bit-debuginfo-3.12.13-150600.3.56.1 * openSUSE Leap 15.6 (aarch64_ilp32) * python312-base-64bit-debuginfo-3.12.13-150600.3.56.1 * libpython3_12-1_0-64bit-3.12.13-150600.3.56.1 * python312-64bit-3.12.13-150600.3.56.1 * python312-base-64bit-3.12.13-150600.3.56.1 * libpython3_12-1_0-64bit-debuginfo-3.12.13-150600.3.56.1 * python312-64bit-debuginfo-3.12.13-150600.3.56.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1258364 * https://bugzilla.suse.com/show_bug.cgi?id=1261970 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:30:26 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 08:30:26 -0000 Subject: SUSE-SU-2026:1501-1: important: Security update for glibc-livepatches Message-ID: <177676022697.7466.9296377020077793348@4d3cf67d624c> # Security update for glibc-livepatches Announcement ID: SUSE-SU-2026:1501-1 Release Date: 2026-04-20T16:16:50Z Rating: important References: * bsc#1261209 Cross-References: * CVE-2026-4046 CVSS scores: * CVE-2026-4046 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4046 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4046 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for glibc-livepatches fixes the following issue: * CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261209). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1501=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le x86_64) * glibc-livepatches-debugsource-0.4-150700.10.7.1 * glibc-livepatches-0.4-150700.10.7.1 * glibc-livepatches-debuginfo-0.4-150700.10.7.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4046.html * https://bugzilla.suse.com/show_bug.cgi?id=1261209 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:30:31 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 08:30:31 -0000 Subject: SUSE-SU-2026:1500-1: important: Security update for libpng15 Message-ID: <177676023152.7466.829929706629334328@4d3cf67d624c> # Security update for libpng15 Announcement ID: SUSE-SU-2026:1500-1 Release Date: 2026-04-20T16:16:44Z Rating: important References: * bsc#1260754 * bsc#1261957 Cross-References: * CVE-2026-33416 * CVE-2026-34757 CVSS scores: * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34757 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34757 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34757 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for libpng15 fixes the following issues: * CVE-2026-34757: use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST` can lead to information disclosure and data corruption (bsc#1261957). * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-1500=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1500=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libpng15-debugsource-1.5.22-10.10.1 * libpng15-15-debuginfo-1.5.22-10.10.1 * libpng15-15-1.5.22-10.10.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libpng15-debugsource-1.5.22-10.10.1 * libpng15-15-debuginfo-1.5.22-10.10.1 * libpng15-15-1.5.22-10.10.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://www.suse.com/security/cve/CVE-2026-34757.html * https://bugzilla.suse.com/show_bug.cgi?id=1260754 * https://bugzilla.suse.com/show_bug.cgi?id=1261957 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:30:34 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 08:30:34 -0000 Subject: SUSE-SU-2026:1499-1: moderate: Security update for ncurses Message-ID: <177676023459.7466.6579099717374143170@4d3cf67d624c> # Security update for ncurses Announcement ID: SUSE-SU-2026:1499-1 Release Date: 2026-04-20T16:16:27Z Rating: moderate References: * bsc#1259924 Cross-References: * CVE-2025-69720 CVSS scores: * CVE-2025-69720 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-69720 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2025-69720 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-69720 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2025-69720 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ncurses fixes the following issue: * CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-1499=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * ncurses-devel-5.9-91.1 * tack-debuginfo-5.9-91.1 * ncurses-devel-32bit-5.9-91.1 * ncurses-devel-debuginfo-32bit-5.9-91.1 * ncurses-utils-debuginfo-5.9-91.1 * ncurses-utils-5.9-91.1 * libncurses5-32bit-5.9-91.1 * libncurses5-5.9-91.1 * libncurses5-debuginfo-32bit-5.9-91.1 * terminfo-5.9-91.1 * tack-5.9-91.1 * terminfo-base-5.9-91.1 * libncurses6-debuginfo-32bit-5.9-91.1 * ncurses-debugsource-5.9-91.1 * libncurses6-debuginfo-5.9-91.1 * libncurses5-debuginfo-5.9-91.1 * ncurses-devel-debuginfo-5.9-91.1 * libncurses6-32bit-5.9-91.1 * libncurses6-5.9-91.1 ## References: * https://www.suse.com/security/cve/CVE-2025-69720.html * https://bugzilla.suse.com/show_bug.cgi?id=1259924 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:30:37 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 08:30:37 -0000 Subject: SUSE-SU-2026:1498-1: important: Security update for glibc-livepatches Message-ID: <177676023764.7466.2812298136544228740@4d3cf67d624c> # Security update for glibc-livepatches Announcement ID: SUSE-SU-2026:1498-1 Release Date: 2026-04-20T16:16:20Z Rating: important References: * bsc#1261209 Cross-References: * CVE-2026-4046 CVSS scores: * CVE-2026-4046 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4046 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4046 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for glibc-livepatches fixes the following issue: * CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261209). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1498=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1498=1 ## Package List: * openSUSE Leap 15.6 (x86_64) * glibc-livepatches-debugsource-0.4-150600.8.5.1 * glibc-livepatches-debuginfo-0.4-150600.8.5.1 * glibc-livepatches-0.4-150600.8.5.1 * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * glibc-livepatches-0.4-150600.8.5.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4046.html * https://bugzilla.suse.com/show_bug.cgi?id=1261209 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:31:10 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 08:31:10 -0000 Subject: SUSE-SU-2026:1497-1: important: Security update for ImageMagick Message-ID: <177676027021.7466.10367660413852843151@4d3cf67d624c> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:1497-1 Release Date: 2026-04-20T16:15:55Z Rating: important References: * bsc#1258790 * bsc#1259446 * bsc#1259447 * bsc#1259448 * bsc#1259450 * bsc#1259451 * bsc#1259452 * bsc#1259455 * bsc#1259456 * bsc#1259457 * bsc#1259463 * bsc#1259464 * bsc#1259466 * bsc#1259467 * bsc#1259468 * bsc#1259528 * bsc#1259612 * bsc#1259872 * bsc#1260874 * bsc#1260879 * bsc#1262097 Cross-References: * CVE-2026-24484 * CVE-2026-28493 * CVE-2026-28494 * CVE-2026-28686 * CVE-2026-28687 * CVE-2026-28688 * CVE-2026-28689 * CVE-2026-28690 * CVE-2026-28691 * CVE-2026-28692 * CVE-2026-28693 * CVE-2026-30883 * CVE-2026-30929 * CVE-2026-30936 * CVE-2026-30937 * CVE-2026-31853 * CVE-2026-32259 * CVE-2026-32636 * CVE-2026-33535 * CVE-2026-33536 * CVE-2026-33905 CVSS scores: * CVE-2026-24484 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-24484 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28493 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28493 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28493 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28494 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28494 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28494 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2026-28686 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28686 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28686 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-28687 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28687 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28687 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28688 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28688 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28688 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28689 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-28689 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28689 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-28690 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28690 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28690 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H * CVE-2026-28690 ( NVD ): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H * CVE-2026-28691 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28691 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28691 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28692 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28692 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-28692 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-28693 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-28693 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-28693 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30883 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30883 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30883 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30883 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30929 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30929 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-30929 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-30929 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-30936 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-30936 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-30936 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-30937 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-30937 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-30937 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31853 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-31853 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31853 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-32259 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-32259 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32259 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-32636 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-32636 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-32636 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32636 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-33535 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33536 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33536 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33536 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33905 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33905 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-33905 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-33905 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP7 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves 21 vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2026-24484: denial of service via multi-layer nested MVG to SVG conversion (bsc#1258790). * CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write (bsc#1259446). * CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow (bsc#1259447). * CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow (bsc#1259448). * CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450). * CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451). * CVE-2026-28689: `domain="path"` authorization is checked before final file open/use and allows for read/write bypass via symlink swaps (bsc#1259452). * CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456). * CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference (bsc#1259455). * CVE-2026-28692: 32-bit integer overflow in MAT decoder can lead to a heap buffer over-read (bsc#1259457). * CVE-2026-28693: integer overflow in the DIB coder can lead to an out-of- bounds read or write (bsc#1259466). * CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467). * CVE-2026-30929: improper use of fixed-size stack buffer in `MagnifyImage`can lead to a stack buffer overflow (bsc#1259468). * CVE-2026-30936: heap buffer overflow in `WaveletDenoiseImage` (bsc#1259464). * CVE-2026-30937: heap buffer overflow in XWD encoder due to CARD32 arithmetic overflow (bsc#1259463). * CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit systems when processing extremely large images (bsc#1259528). * CVE-2026-32259: memory allocation failure in the SIXEL encoder can lead to a stack out-of-bound write (bsc#1259612). * CVE-2026-32636: denial of service via out-of-bounds write in `NewXMLTree` method (bsc#1259872). * CVE-2026-33535: out-of-Bounds write of a zero byte in X11 display interaction (bsc#1260874). * CVE-2026-33536: denial of Service via a stack out-of-bounds write in `InterpretImageFilename` (bsc#1260879). * CVE-2026-33905: denial of service via out-of-bounds read in `-sample` operation (bsc#1262097). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1497=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-1497=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1497=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1497=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1497=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1497=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1497=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1497=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1497=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1497=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1497=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1497=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1 * ImageMagick-devel-7.1.0.9-150400.6.75.1 * ImageMagick-extra-7.1.0.9-150400.6.75.1 * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-7.1.0.9-150400.6.75.1 * libMagick++-devel-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * perl-PerlMagick-7.1.0.9-150400.6.75.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * ImageMagick-extra-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1 * openSUSE Leap 15.4 (x86_64) * libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-devel-32bit-7.1.0.9-150400.6.75.1 * ImageMagick-devel-32bit-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.75.1 * openSUSE Leap 15.4 (noarch) * ImageMagick-doc-7.1.0.9-150400.6.75.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libMagickCore-7_Q16HDRI10-64bit-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-64bit-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-64bit-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-64bit-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-devel-64bit-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-devel-64bit-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-64bit-debuginfo-7.1.0.9-150400.6.75.1 * Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1 * ImageMagick-devel-7.1.0.9-150400.6.75.1 * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-7.1.0.9-150400.6.75.1 * libMagick++-devel-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * perl-PerlMagick-7.1.0.9-150400.6.75.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1 * ImageMagick-devel-7.1.0.9-150400.6.75.1 * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-7.1.0.9-150400.6.75.1 * libMagick++-devel-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * perl-PerlMagick-7.1.0.9-150400.6.75.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1 * ImageMagick-devel-7.1.0.9-150400.6.75.1 * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-7.1.0.9-150400.6.75.1 * libMagick++-devel-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * perl-PerlMagick-7.1.0.9-150400.6.75.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1 * ImageMagick-devel-7.1.0.9-150400.6.75.1 * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-7.1.0.9-150400.6.75.1 * libMagick++-devel-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * perl-PerlMagick-7.1.0.9-150400.6.75.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1 * ImageMagick-devel-7.1.0.9-150400.6.75.1 * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-7.1.0.9-150400.6.75.1 * libMagick++-devel-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * perl-PerlMagick-7.1.0.9-150400.6.75.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1 * ImageMagick-devel-7.1.0.9-150400.6.75.1 * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-7.1.0.9-150400.6.75.1 * libMagick++-devel-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * perl-PerlMagick-7.1.0.9-150400.6.75.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1 * ImageMagick-devel-7.1.0.9-150400.6.75.1 * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-7.1.0.9-150400.6.75.1 * libMagick++-devel-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * perl-PerlMagick-7.1.0.9-150400.6.75.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.75.1 * ImageMagick-devel-7.1.0.9-150400.6.75.1 * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-7.1.0.9-150400.6.75.1 * libMagick++-devel-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.75.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.75.1 * perl-PerlMagick-7.1.0.9-150400.6.75.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.75.1 * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.75.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * ImageMagick-debugsource-7.1.0.9-150400.6.75.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.75.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.75.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24484.html * https://www.suse.com/security/cve/CVE-2026-28493.html * https://www.suse.com/security/cve/CVE-2026-28494.html * https://www.suse.com/security/cve/CVE-2026-28686.html * https://www.suse.com/security/cve/CVE-2026-28687.html * https://www.suse.com/security/cve/CVE-2026-28688.html * https://www.suse.com/security/cve/CVE-2026-28689.html * https://www.suse.com/security/cve/CVE-2026-28690.html * https://www.suse.com/security/cve/CVE-2026-28691.html * https://www.suse.com/security/cve/CVE-2026-28692.html * https://www.suse.com/security/cve/CVE-2026-28693.html * https://www.suse.com/security/cve/CVE-2026-30883.html * https://www.suse.com/security/cve/CVE-2026-30929.html * https://www.suse.com/security/cve/CVE-2026-30936.html * https://www.suse.com/security/cve/CVE-2026-30937.html * https://www.suse.com/security/cve/CVE-2026-31853.html * https://www.suse.com/security/cve/CVE-2026-32259.html * https://www.suse.com/security/cve/CVE-2026-32636.html * https://www.suse.com/security/cve/CVE-2026-33535.html * https://www.suse.com/security/cve/CVE-2026-33536.html * https://www.suse.com/security/cve/CVE-2026-33905.html * https://bugzilla.suse.com/show_bug.cgi?id=1258790 * https://bugzilla.suse.com/show_bug.cgi?id=1259446 * https://bugzilla.suse.com/show_bug.cgi?id=1259447 * https://bugzilla.suse.com/show_bug.cgi?id=1259448 * https://bugzilla.suse.com/show_bug.cgi?id=1259450 * https://bugzilla.suse.com/show_bug.cgi?id=1259451 * https://bugzilla.suse.com/show_bug.cgi?id=1259452 * https://bugzilla.suse.com/show_bug.cgi?id=1259455 * https://bugzilla.suse.com/show_bug.cgi?id=1259456 * https://bugzilla.suse.com/show_bug.cgi?id=1259457 * https://bugzilla.suse.com/show_bug.cgi?id=1259463 * https://bugzilla.suse.com/show_bug.cgi?id=1259464 * https://bugzilla.suse.com/show_bug.cgi?id=1259466 * https://bugzilla.suse.com/show_bug.cgi?id=1259467 * https://bugzilla.suse.com/show_bug.cgi?id=1259468 * https://bugzilla.suse.com/show_bug.cgi?id=1259528 * https://bugzilla.suse.com/show_bug.cgi?id=1259612 * https://bugzilla.suse.com/show_bug.cgi?id=1259872 * https://bugzilla.suse.com/show_bug.cgi?id=1260874 * https://bugzilla.suse.com/show_bug.cgi?id=1260879 * https://bugzilla.suse.com/show_bug.cgi?id=1262097 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:31:15 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 08:31:15 -0000 Subject: SUSE-SU-2026:1496-1: important: Security update for gegl Message-ID: <177676027549.7466.3659945259224151365@4d3cf67d624c> # Security update for gegl Announcement ID: SUSE-SU-2026:1496-1 Release Date: 2026-04-20T16:14:44Z Rating: important References: * bsc#1259749 Cross-References: * CVE-2026-2049 CVSS scores: * CVE-2026-2049 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-2049 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for gegl fixes the following issues: * CVE-2026-2049: improper validation of the length of user-supplied data when parsing HDR files can lead to a heap buffer overflow (bsc#1259749). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-1496=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * libgegl-0_3-0-0.3.34-150000.3.9.1 * gegl-debuginfo-0.3.34-150000.3.9.1 * gegl-0_3-debuginfo-0.3.34-150000.3.9.1 * gegl-debugsource-0.3.34-150000.3.9.1 * gegl-0_3-0.3.34-150000.3.9.1 * libgegl-0_3-0-debuginfo-0.3.34-150000.3.9.1 * typelib-1_0-Gegl-0_3-0.3.34-150000.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2049.html * https://bugzilla.suse.com/show_bug.cgi?id=1259749 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:31:20 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 08:31:20 -0000 Subject: SUSE-SU-2026:1493-1: important: Security update for rootlesskit Message-ID: <177676028008.7466.13686850805929385016@4d3cf67d624c> # Security update for rootlesskit Announcement ID: SUSE-SU-2026:1493-1 Release Date: 2026-04-20T15:58:01Z Rating: important References: Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that can now be installed. ## Description: This update for rootlesskit rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1493=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1493=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1493=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1493=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1493=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1493=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1493=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1493=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * rootlesskit-debuginfo-1.1.1-150000.1.7.1 * rootlesskit-1.1.1-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * rootlesskit-debuginfo-1.1.1-150000.1.7.1 * rootlesskit-1.1.1-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * rootlesskit-debuginfo-1.1.1-150000.1.7.1 * rootlesskit-1.1.1-150000.1.7.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * rootlesskit-debuginfo-1.1.1-150000.1.7.1 * rootlesskit-1.1.1-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * rootlesskit-debuginfo-1.1.1-150000.1.7.1 * rootlesskit-1.1.1-150000.1.7.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * rootlesskit-debuginfo-1.1.1-150000.1.7.1 * rootlesskit-1.1.1-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * rootlesskit-debuginfo-1.1.1-150000.1.7.1 * rootlesskit-1.1.1-150000.1.7.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * rootlesskit-debuginfo-1.1.1-150000.1.7.1 * rootlesskit-1.1.1-150000.1.7.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:31:17 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 08:31:17 -0000 Subject: SUSE-SU-2026:1495-1: important: Security update for containerd Message-ID: <177676027703.7466.6529832242562450480@4d3cf67d624c> # Security update for containerd Announcement ID: SUSE-SU-2026:1495-1 Release Date: 2026-04-20T16:00:19Z Rating: important References: Affected Products: * Basesystem Module 15-SP7 * Containers Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for containerd rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1495=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1495=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1495=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1495=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1495=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1495=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1495=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1495=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1495=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1495=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1495=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1495=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1495=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1495=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1495=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1495=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1495=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1495=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1495=1 ## Package List: * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * containerd-1.7.29-150000.132.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * containerd-1.7.29-150000.132.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * containerd-1.7.29-150000.132.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * containerd-1.7.29-150000.132.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * containerd-1.7.29-150000.132.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * containerd-1.7.29-150000.132.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * containerd-1.7.29-150000.132.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * containerd-1.7.29-150000.132.1 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * containerd-1.7.29-150000.132.1 * containerd-ctr-1.7.29-150000.132.1 * containerd-devel-1.7.29-150000.132.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 08:31:18 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 08:31:18 -0000 Subject: SUSE-SU-2026:1494-1: important: Security update for rootlesskit Message-ID: <177676027839.7466.9249122790165132272@4d3cf67d624c> # Security update for rootlesskit Announcement ID: SUSE-SU-2026:1494-1 Release Date: 2026-04-20T15:58:21Z Rating: important References: Affected Products: * Containers Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for rootlesskit rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1494=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1494=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1494=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1494=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * rootlesskit-1.1.1-150600.3.2.2 * rootlesskit-debuginfo-1.1.1-150600.3.2.2 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * rootlesskit-1.1.1-150600.3.2.2 * rootlesskit-debuginfo-1.1.1-150600.3.2.2 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * rootlesskit-1.1.1-150600.3.2.2 * rootlesskit-debuginfo-1.1.1-150600.3.2.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * rootlesskit-1.1.1-150600.3.2.2 * rootlesskit-debuginfo-1.1.1-150600.3.2.2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:30:08 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:30:08 -0000 Subject: SUSE-RU-2026:21227-1: moderate: Recommended update for haproxy Message-ID: <177677460887.7580.3740141743942360380@5a8be24cc32b> # Recommended update for haproxy Announcement ID: SUSE-RU-2026:21227-1 Release Date: 2026-04-17T15:13:18Z Rating: moderate References: * bsc#1261626 Affected Products: * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for haproxy fixes the following issues: * Update to version 3.2.15+git64.0fc44b458: * BUG/MINOR: hlua: fix use-after-free of HTTP reason string * BUG/MINOR: sample: fix info leak in regsub when exp_replace fails * BUG/MINOR: spoe: fix pointer arithmetic overflow in spoe_decode_buffer() * BUG/MINOR: resolvers: fix memory leak on AAAA additional records * BUG/MINOR: peers: fix OOB heap write in dictionary cache update * BUG/MINOR: hlua: fix format-string vulnerability in Patref error path * BUG/MINOR: hlua: fix stack overflow in httpclient headers conversion * BUG/MINOR: http-act: fix a typo in the "pause" action error message * BUG/MINOR: cfgcond: fail cleanly on missing argument for "feature" * BUG/MINOR: cfgcond: always set the error string on openssl_version checks * BUG/MINOR: cfgcond: properly set the error pointer on evaluation error * BUG/MINOR: quic: fix documentation for transport params decoding * BUG/MINOR: tcpcheck: Use tcpcheck context for expressions parsing * BUG/MINOR: tcpcheck: Don't enable http_needed when parsing HTTP samples * BUG/MINOR: tcpcheck: Remove unexpected flag on tcpcheck rules for httchck option * BUG/MINOR: stconn: Always declare the SC created from healthchecks as a back SC * BUG/MINOR: quic: close conn on packet reception with incompatible frame * BUG/MINOR: acme: fix task allocation leaked upon error * BUG/MINOR: http-ana: Only consider client abort for abortonclose * BUG/MINOR: config: Properly test warnif_misplaced_* return values * BUG/MINOR: acme: permission checks on the CLI * BUG/MINOR: acme/cli: fix argument check and error in 'acme challenge_ready' * BUG/MINOR: acme: replace atol with len-bounded __strl2uic() for retry-after * BUG/MINOR: acme: free() DER buffer on a2base64url error path * BUG/MINOR: acme: fix incorrect number of arguments allowed in config * BUG/MINOR: acme: wrong labels logic always memprintf errmsg * BUG/MINOR: acme: acme_ctx_destroy() leaks auth dns * BUG/MINOR: acme/cli: wrong argument check in 'acme renew' * BUG/MINOR: acme: wrong error when checking for duplicate section * BUG/MINOR: acme: leak of ext_san upon insertion error * BUG/MINOR: qpack: fix 62-bit overflow and 1-byte OOB reads in decoding * BUG/MINOR: sock: adjust accept() error messages for ENFILE and ENOMEM * BUG/MINOR: mworker: fix sort order of mworker_proc in 'show proc' * BUG/MINOR: mworker/cli: fix show proc pagination losing entries on resume * BUG/MINOR: mux-h2: properly ignore R bit in WINDOW_UPDATE increments * BUG/MINOR: mux-h2: properly ignore R bit in GOAWAY stream ID * BUG/MINOR: mworker: don't try to access an initializing process * BUG/MINOR: spoe: Fix condition to abort processing on client abort * BUG/MINOR: mjson: make mystrtod() length-aware to prevent out-of-bounds reads * BUG/MINOR: stream: Fix crash in stream dump if the current rule has no keyword * BUG/MINOR: proxy: do not forget to validate quic-initial rules * BUG/MINOR: http-ana: Swap L7 buffer with request buffer by hand * BUG/MINOR: h2/h3: Never insert partial headers/trailers in an HTX message * BUG/MINOR: h2/h3: Only test number of trailers inserted in HTX messag * BUG/MINOR: spoe: Properly switch SPOE filter to WAITING_ACK state * BUG/MINOR: sockpair: set FD_CLOEXEC on fd received via SCM_RIGHTS * BUG/MINOR: mworker: avoid passing NULL version in proc list serialization * BUG/MINOR: mworker: set a timeout on the worker socketpair read at startup * BUG/MINOR: mworker: fix typo in proc list serialization * BUG/MINOR: mworker: only match worker processes when looking for unspawned proc * BUG/MINOR: memprof: avoid a small memory leak in "show profiling" * BUG/MINOR: mworker: always stop the receiving listener * BUG/MINOR: jws: fix memory leak in jws_b64_signature * BUG/MINOR: tcpcheck: Fix typo in error error message for `http-check expect` * BUG/MINOR: mworker: don't set the PROC_O_LEAVING flag on master process * BUG/MEDIUM: mux-fcgi: prevent record-length truncation with large bufsize * BUG/MEDIUM: samples: Fix handling of SMP_T_METH samples * BUG/MEDIUM: jwt: fix heap overflow in ECDSA signature DER conversion * BUG/MEDIUM: payload: validate SNI name_len in req.ssl_sni * BUG/MEDIUM: mux-h1: Disable 0-copy forwarding when draining the request * BUG/MEDIUM: mux-h1: Don't set MSG_MORE on bodyless responses forwarded to client * BUG/MEDIUM: map/cli: map/acl commands warn when accessed without admin level * BUG/MEDIUM: ssl/ocsp: ocsp commands warn when accessed without admin level * BUG/MEDIUM: ssl/cli: tls-keys commands warn when accessed without admin level * BUG/MEDIUM: acme: skip doing challenge if it is already valid * BUG/MEDIUM: spoe: Acquire context buffer in applet before consuming a frame * BUG/MEDIUM: acme: fix multiple resource leaks in acme_x509_req() * BUG/MEDIUM: h3: reject unaligned frames except DATA * BUG/MEDIUM: peers: enforce check on incoming table key type * BUG/MEDIUM: spoe: Properly abort processing on client abort * BUG/MAJOR: slz: always make sure to limit fixed output to less than worst case literals (bsc#1261626) * BUG/MAJOR: h3: check body size with content-length on empty FIN * BUG: hlua: fix stack overflow in httpclient headers conversion * DOC: config: fix ambiguous info in log-steps directive description * DOC: config: Reorder params for 'tcp-check expect' directive * DOC: config: Add missing 'status-code' param for 'http-check expect' directive * DOC/CLEANUP: config: update mentions of the old "Global parameters" section * DOC: configuration: http-check expect example typo * SCRIPTS: git-show-backports: list new commits and how to review them with -L * MINOR: mux-h2: report glitches on early RST_STREAM * MINOR: stconn: flag the stream endpoint descriptor when the app has started * MINOR: ncbmbuf: improve itbmap_next() code * CI: github: fix tag listing by implementing proper API pagination * BUILD: tools: potential null pointer dereference in dl_collect_libs_cb * BUILD: spoe: Remove unsused variable * Revert "BUG/MEDIUM: mux-h2: make sure to always report pending errors to the stream" * BUILD: sched: fix leftover of debugging test in single-run changes * MINOR: mux-h2: assign a limited frames processing budget * MINOR: mworker/cli: extract worker "show proc" row printer * MINOR: debug: opportunistically load libthread_db.so.1 with set-dumpable=libs * MINOR: debug: copy debug symbols from /usr/lib/debug when present * MINOR: debug: read all libs in memory when set-dumpable=libs * MINOR: config: support explicit "on" and "off" for "set-dumpable" * MINOR: tools: add a function to load a file into a tar archive * MINOR: tools: add a function to create a tar file header * MINOR: sched: do not punish self-waking tasklets anymore * MINOR: sched: do not requeue a tasklet into the current queue * MINOR: htx: Add function to truncate all blocks after a specific block * MINOR: memprof: attempt different retry slots for different hashes on collision * MINOR: tools: extend the pointer hashing code to ease manipulations * MEDIUM: sched: change scheduler budgets to lower TL_BULK * MEDIUM: sched: do not punish self-waking tasklets if TASK_WOKEN_ANY * MEDIUM: sched: do not run a same task multiple times in series * [RELEASE] Released version 3.2.15 * CI: github: treat vX.Y.Z release tags as stable like haproxy-* branches * DEV: gdb: add a new utility to extract libs from a core dump: libs-from-core * DEV: gdb: add a utility to find the post-mortem address from a core * Update to version 3.2.14+git0.951507193: * [RELEASE] Released version 3.2.14 * SCRIPTS: git-show-backports: add a restart-from-last option * SCRIPTS: git-show-backports: hide the common ancestor warning in quiet mode * BUG/MINOR: backend: Don't get proto to use for webscoket if there is no server * BUG/MINOR: ssl-sample: Fix sample_conv_sha2() by checking EVP_Digest* failures * BUG/MINOR: ssl: error with ssl-f-use when no "crt" * BUG/MINOR: ssl: clarify ssl-f-use errors in post-section parsing * BUG/MINOR: ssl: fix leak in ssl-f-use parser upon error * BUG/MINOR: ssl: double-free on error path w/ ssl-f-use parser * BUG/MINOR: ssl: lack crtlist_dup_ssl_conf() declaration * BUG/MINOR: deviceatlas: set cache_size on hot-reloaded atlas instance * BUG/MINOR: deviceatlas: fix deinit to only finalize when initialized * BUG/MINOR: deviceatlas: fix resource leak on hot-reload compile failure * BUG/MINOR: deviceatlas: fix double-checked locking race in checkinst * BUG/MINOR: deviceatlas: fix cookie vlen using wrong length after extraction * BUG/MINOR: deviceatlas: fix off-by-one in da_haproxy_conv() * BUG/MINOR: h1-htx: Be sure that H1 response version starts by "HTTP/" * BUG/MINOR: qpack: fix 1-byte OOB read in qpack_decode_fs_pfx() * BUG/MINOR: promex: fix server iteration when last server is deleted * BUG/MINOR: http-ana: Stop to wait for body on client error/abort * BUG/MINOR: flt-trace: Properly compute length of the first DATA block * BUG/MINOR: deviceatlas: add NULL checks on strdup() results in config parsers * BUG/MINOR: deviceatlas: add missing return on error in config parsers * BUG/MEDIUM: mux-fcgi: Use a safe loop to resume each stream eligible for sending * BUG/MEDIUM: hpack: correctly deal with too large decoded numbers * BUG/MEDIUM: stream: Handle TASK_WOKEN_RES as a stream event * BUG/MEDIUM: qpack: correctly deal with too large decoded numbers * BUG/MEDIUM: mux-h2: make sure to always report pending errors to the stream * BUG/MEDIUM: applet: Fix test on shut flags for legacy applets (v2) * BUG/MEDIUM: mux-h1: Stop sending vi fast-forward for unexpected states * BUG/MEDIUM: mux-h2/quic: Stop sending via fast-forward if stream is closed * BUG/MEDIUM: h3: reject frontend CONNECT as currently not implemented * BUG/MEDIUM: deviceatlas: fix resource leaks on init error paths * BUG/MAJOR: Revert "MEDIUM: mux-quic: add BUG_ON if sending on locally closed QCS" * BUG/MAJOR: resolvers: Properly lowered the names found in DNS response * BUG/MAJOR: fcgi: Fix param decoding by properly checking its size * BUG/MAJOR: qpack: unchecked length passed to huffman decoder * MINOR: filters: Set last_entity when a filter fails on stream_start callback * MINOR: mux-h2: add a new setting, "tune.h2.log-errors" to tweak error logging * MINOR: mux-h2: also count glitches on invalid trailers * MINOR: stconn: Add missing SC_FL_NO_FASTFWD flag in sc_show_flags * DEBUG: stream: Display the currently running rule in stream dump * [RELEASE] Released version 3.2.13 * CLEANUP: mux-h1: Remove unneeded null check * CLEANUP: compression: Remove unused static buffers * CI: github: disable windows.yml by default on unofficials repo * CI: vtest: move the vtest2 URL to vinyl-cache.org * DEV: term-events: Fix hanshake events decoding * DOC: proxy-proto: underline the packed attribute for struct pp2_tlv_ssl * DOC: internals: addd mworker V3 internals ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-588=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * haproxy-debuginfo-3.2.15+git64.0fc44b458-160000.1.1 * haproxy-debugsource-3.2.15+git64.0fc44b458-160000.1.1 * haproxy-3.2.15+git64.0fc44b458-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1261626 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:30:11 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:30:11 -0000 Subject: SUSE-RU-2026:21226-1: important: Recommended update for resource-agents Message-ID: <177677461198.7580.14083317353031712965@5a8be24cc32b> # Recommended update for resource-agents Announcement ID: SUSE-RU-2026:21226-1 Release Date: 2026-04-17T07:54:21Z Rating: important References: * bsc#1260984 Affected Products: * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for resource-agents fixes the following issues: * aws-vpc-move-ip: add awscli_timeout option (bsc#1260984) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-580=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * resource-agents-debuginfo-4.16.0+git90.968ad701-160000.3.1 * resource-agents-4.16.0+git90.968ad701-160000.3.1 * resource-agents-debugsource-4.16.0+git90.968ad701-160000.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1260984 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:30:24 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:30:24 -0000 Subject: SUSE-SU-2026:21224-1: important: Security update for corosync Message-ID: <177677462474.7580.17924884739770119568@5a8be24cc32b> # Security update for corosync Announcement ID: SUSE-SU-2026:21224-1 Release Date: 2026-04-10T11:19:07Z Rating: important References: * bsc#1261299 * bsc#1261300 Cross-References: * CVE-2026-35091 * CVE-2026-35092 CVSS scores: * CVE-2026-35091 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35091 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-35091 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-35092 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-35092 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-35092 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for corosync fixes the following issues: * CVE-2026-35091: Denial of Service and information disclosure via crafted UDP packet (bsc#1261299). * CVE-2026-35092: Denial of Service via integer overflow in join message validation (bsc#1261300). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-521=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * corosync-devel-3.1.9-160000.3.1 * corosync-debugsource-3.1.9-160000.3.1 * corosync-libs-3.1.9-160000.3.1 * corosync-libs-debuginfo-3.1.9-160000.3.1 * corosync-3.1.9-160000.3.1 * corosync-debuginfo-3.1.9-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-35091.html * https://www.suse.com/security/cve/CVE-2026-35092.html * https://bugzilla.suse.com/show_bug.cgi?id=1261299 * https://bugzilla.suse.com/show_bug.cgi?id=1261300 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:30:35 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:30:35 -0000 Subject: SUSE-RU-2026:21222-1: important: Recommended update for saptune Message-ID: <177677463571.7580.7826868045496237141@5a8be24cc32b> # Recommended update for saptune Announcement ID: SUSE-RU-2026:21222-1 Release Date: 2026-04-17T07:53:04Z Rating: important References: * bsc#1235824 * bsc#1259748 * bsc#1260498 * bsc#1261866 * jsc#PED-15405 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that contains one feature and has four fixes can now be installed. ## Description: This update for saptune fixes the following issues: * update package version of saptune to 3.2.3: * On Azure cloud systems fix a systemd ordering cycle conflict which prevents saptune to run on boot: * The reason for this conflict is an upcoming cloud-init update which will change the order by adding 'After=multi-user.target' to the cloud-final.service. * Since version 3.1.5 saptune has a dependency to cloud-final.service on Azure systems to fix (bsc#1235824). * We will now remove this dependency. (bsc#1260498, jsc#SAPSOL-1050) * Fix systemd service state revert problem. (bsc#1259748) * Fix output of 'saptune verify applied' in case of enabled notes, but nothing is applied. (jsc#SAPSOL-1051) * Add new tag 'kernel' to match the running kernel release. Valid values are extended regular expressions (RE2) that match the output of 'uname -r' (jsc#SAPSOL-810) * Support C-State names for parameter 'force_latency' additional to the already available latency value. (jsc#SAPSOL-806) * Support optional packages in the rpm section. (jsc#SAPSOL-791) * Warn about duplicate Notes/Solutions. (jsc#SAPSOL-948) * Fix kernel regex for HotFix000022286 (bsc#1261866) * Add condition (kernel tag) to HotFix000022286. As the final kernel patch is available for the problem the HotFix will only be active on systems currently not patched to the latest kernel patch. * SLE12/15/16 - deprecate Note 941735 (jsc#SAPSOL-1048) * SAP Note 2684254 updated to Version 27 check that TSX is set to auto on systems running dedicated kernel releases. (jsc#SAPSOL-793) * SAP Note 1656250 updated to Version 71 disable C-states higher than C1 * SAP Note 2578899 updated to Version 55 check for optional sssd package version * SAP Note 1275776 updated to Version 47 * SLE 16 SAP Note 3577842 and 3565382 updated * use versioned Provides/Obsoletes for sapconf * use full path for commands used in pre/post scripts * requires systemd-presets-branding-SLE-SAP (jsc#PED-15405) * update package version of saptune to 3.2.2 - HOTFIX: * ship Note HotFix000022286 and add it to the Solutions 'HANA', 'NETWEAVER+HANA', 'S4HANA-APP+DB' and 'S4HANA-DBSERVER'. * This HotFix addresses a problem described in the TID 22286 * This HotFix is only available for SLES15SP5 to SLES15SP7 on x86_64 architecture. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-582=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-582=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * saptune-debuginfo-3.2.3-160000.1.1 * saptune-3.2.3-160000.1.1 * SUSE Linux Enterprise Server 16.0 (ppc64le x86_64) * saptune-debuginfo-3.2.3-160000.1.1 * saptune-3.2.3-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1235824 * https://bugzilla.suse.com/show_bug.cgi?id=1259748 * https://bugzilla.suse.com/show_bug.cgi?id=1260498 * https://bugzilla.suse.com/show_bug.cgi?id=1261866 * https://jira.suse.com/browse/PED-15405 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:31:12 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:31:12 -0000 Subject: SUSE-SU-2026:21219-1: important: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Message-ID: <177677467205.7580.6189509804928259021@5a8be24cc32b> # Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21219-1 Release Date: 2026-04-13T02:44:51Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-533=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-533=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_1-debugsource-7-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-debuginfo-7-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-7-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-SLE16_Update_1-debugsource-7-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-debuginfo-7-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-7-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:35:16 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:35:16 -0000 Subject: SUSE-SU-2026:21180-1: important: Security update for webkit2gtk3 Message-ID: <177677491670.7580.10862269690144927006@5a8be24cc32b> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2026:21180-1 Release Date: 2026-04-13T11:47:50Z Rating: important References: * bsc#1259934 * bsc#1259935 * bsc#1259936 * bsc#1259937 * bsc#1259938 * bsc#1259939 * bsc#1259940 * bsc#1259941 * bsc#1259942 * bsc#1259943 * bsc#1259944 * bsc#1259945 * bsc#1259946 * bsc#1259947 * bsc#1259948 * bsc#1259949 * bsc#1259950 * bsc#1261172 * bsc#1261173 * bsc#1261174 * bsc#1261175 * bsc#1261176 * bsc#1261177 * bsc#1261178 * bsc#1261179 Cross-References: * CVE-2023-43010 * CVE-2025-31223 * CVE-2025-31277 * CVE-2025-43213 * CVE-2025-43214 * CVE-2025-43433 * CVE-2025-43438 * CVE-2025-43441 * CVE-2025-43457 * CVE-2025-43511 * CVE-2025-46299 * CVE-2026-20608 * CVE-2026-20635 * CVE-2026-20636 * CVE-2026-20643 * CVE-2026-20644 * CVE-2026-20652 * CVE-2026-20664 * CVE-2026-20665 * CVE-2026-20676 * CVE-2026-20691 * CVE-2026-28857 * CVE-2026-28859 * CVE-2026-28861 * CVE-2026-28871 CVSS scores: * CVE-2023-43010 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2023-43010 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-43010 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31223 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-31223 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31223 ( NVD ): 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31277 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-31277 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-31277 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43213 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43213 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43214 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43214 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43214 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43433 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43433 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43433 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43438 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43438 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43438 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43441 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-43441 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43441 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-43457 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43457 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43457 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-43511 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-43511 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-43511 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-46299 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-46299 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-46299 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-20608 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20608 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20608 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20635 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20635 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20635 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-20636 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20636 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20636 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20643 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-20643 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-20644 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20644 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20652 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-20652 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20652 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20652 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-20664 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-20664 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-20665 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-20665 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-20676 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-20676 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-20676 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-20676 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-20691 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-20691 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28857 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28857 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-28859 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-28859 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28861 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N * CVE-2026-28861 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28871 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2026-28871 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves 25 vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.52.1. Security issues fixed: * CVE-2025-43213: processing maliciously crafted web content may lead to an unexpected crash due to improper memory handling (bsc#1259947). * CVE-2025-43214: processing maliciously crafted web content may lead to an unexpected crash due to improper memory handling (bsc#1259946). * CVE-2025-43457: processing maliciously crafted web content may lead to an unexpected crash due to use-after-free (bsc#1259942). * CVE-2025-43511: processing maliciously crafted web content may lead to an unexpected process crash due to use-after-free (bsc#1259941). * CVE-2025-46299: processing maliciously crafted web content may disclose internal states of an app due to improper memory initialization (bsc#1259940). * CVE-2026-20608: processing maliciously crafted web content may lead to an unexpected process crash due to improper state management (bsc#1259939). * CVE-2026-20635: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1259938). * CVE-2026-20636: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1259937). * CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy due to improper input validation (bsc#1261172). * CVE-2026-20644: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1259936). * CVE-2026-20652: a remote attacker may be able to cause a denial-of-service due to improper memory handling (bsc#1259935). * CVE-2026-20664: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1261173). * CVE-2026-20665: processing maliciously crafted web content may prevent Content Security Policy from being enforced due to improper state management (bsc#1261174). * CVE-2026-20676: a website may be able to track users through web extensions due to improper state management (bsc#1259934). * CVE-2026-20691: a maliciously crafted webpage may be able to fingerprint users due to improper state management (bsc#1261175). * CVE-2026-28857: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1261176). * CVE-2026-28859: a malicious website may be able to process restricted web content outside the sandbox due to improper memory management (bsc#1261177). * CVE-2026-28861: a malicious website may be able to access script message handlers intended for other origins due to improper state management (bsc#1261178). * CVE-2026-28871: visiting a maliciously crafted website may lead to a cross- site scripting attack due to missing checks (bsc#1261179). Other updates and bugfixes: * Version 2.52.1: * Reduce the amount of useless MPRIS notifications produced by MediaSession when the information about media being played is incomplete. * Support turning off USE_GSTREAMER to configure the build with all multimedia features disabled. * Add Sysprof marks for mouse events. * Fix MediaSession icon for iheart.com not being displayed. * Fix the build with USE_GSTREAMER_GL disabled. * Fix the build with librice version 0.3.0 or newer. * Fix several crashes and rendering issues. * Translation updates: Georgian. * Version 2.52.0: * Make scrolling with touch input smoother for small movements. * Fix estimated load progress of downloads when Content-Length value is wrong. * Ensure that "scrollend" events are correctly emitted after scroll animations. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-540=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-540=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * WebKitGTK-6.0-lang-2.52.1-160000.1.1 * WebKitGTK-4.1-lang-2.52.1-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_1-injected-bundles-2.52.1-160000.1.1 * typelib-1_0-WebKit2-4_1-2.52.1-160000.1.1 * libwebkitgtk-6_0-4-debuginfo-2.52.1-160000.1.1 * webkit2gtk4-minibrowser-debuginfo-2.52.1-160000.1.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-160000.1.1 * webkit-jsc-6.0-debuginfo-2.52.1-160000.1.1 * webkit-jsc-4.1-debuginfo-2.52.1-160000.1.1 * webkit-jsc-6.0-2.52.1-160000.1.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.1-160000.1.1 * webkit2gtk3-minibrowser-debuginfo-2.52.1-160000.1.1 * webkit2gtk3-minibrowser-2.52.1-160000.1.1 * libwebkitgtk-6_0-4-2.52.1-160000.1.1 * libjavascriptcoregtk-4_1-0-2.52.1-160000.1.1 * webkit2gtk4-minibrowser-2.52.1-160000.1.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-160000.1.1 * webkit-jsc-4.1-2.52.1-160000.1.1 * typelib-1_0-JavaScriptCore-6_0-2.52.1-160000.1.1 * libwebkit2gtk-4_1-0-2.52.1-160000.1.1 * typelib-1_0-JavaScriptCore-4_1-2.52.1-160000.1.1 * webkitgtk-6_0-injected-bundles-2.52.1-160000.1.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-160000.1.1 * libjavascriptcoregtk-6_0-1-2.52.1-160000.1.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-160000.1.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-160000.1.1 * typelib-1_0-WebKit-6_0-2.52.1-160000.1.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * WebKitGTK-6.0-lang-2.52.1-160000.1.1 * WebKitGTK-4.1-lang-2.52.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * webkit2gtk-4_1-injected-bundles-2.52.1-160000.1.1 * typelib-1_0-WebKit2-4_1-2.52.1-160000.1.1 * libwebkitgtk-6_0-4-debuginfo-2.52.1-160000.1.1 * webkit2gtk4-minibrowser-debuginfo-2.52.1-160000.1.1 * libjavascriptcoregtk-4_1-0-debuginfo-2.52.1-160000.1.1 * webkit-jsc-6.0-debuginfo-2.52.1-160000.1.1 * webkit-jsc-4.1-debuginfo-2.52.1-160000.1.1 * webkit-jsc-6.0-2.52.1-160000.1.1 * typelib-1_0-WebKit2WebExtension-4_1-2.52.1-160000.1.1 * webkit2gtk3-minibrowser-debuginfo-2.52.1-160000.1.1 * webkit2gtk3-minibrowser-2.52.1-160000.1.1 * libwebkitgtk-6_0-4-2.52.1-160000.1.1 * libjavascriptcoregtk-4_1-0-2.52.1-160000.1.1 * webkit2gtk4-minibrowser-2.52.1-160000.1.1 * webkit2gtk-4_1-injected-bundles-debuginfo-2.52.1-160000.1.1 * webkit-jsc-4.1-2.52.1-160000.1.1 * typelib-1_0-JavaScriptCore-6_0-2.52.1-160000.1.1 * libwebkit2gtk-4_1-0-2.52.1-160000.1.1 * typelib-1_0-JavaScriptCore-4_1-2.52.1-160000.1.1 * webkitgtk-6_0-injected-bundles-2.52.1-160000.1.1 * typelib-1_0-WebKitWebProcessExtension-6_0-2.52.1-160000.1.1 * libjavascriptcoregtk-6_0-1-2.52.1-160000.1.1 * webkitgtk-6_0-injected-bundles-debuginfo-2.52.1-160000.1.1 * libjavascriptcoregtk-6_0-1-debuginfo-2.52.1-160000.1.1 * typelib-1_0-WebKit-6_0-2.52.1-160000.1.1 * libwebkit2gtk-4_1-0-debuginfo-2.52.1-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43010.html * https://www.suse.com/security/cve/CVE-2025-31223.html * https://www.suse.com/security/cve/CVE-2025-31277.html * https://www.suse.com/security/cve/CVE-2025-43213.html * https://www.suse.com/security/cve/CVE-2025-43214.html * https://www.suse.com/security/cve/CVE-2025-43433.html * https://www.suse.com/security/cve/CVE-2025-43438.html * https://www.suse.com/security/cve/CVE-2025-43441.html * https://www.suse.com/security/cve/CVE-2025-43457.html * https://www.suse.com/security/cve/CVE-2025-43511.html * https://www.suse.com/security/cve/CVE-2025-46299.html * https://www.suse.com/security/cve/CVE-2026-20608.html * https://www.suse.com/security/cve/CVE-2026-20635.html * https://www.suse.com/security/cve/CVE-2026-20636.html * https://www.suse.com/security/cve/CVE-2026-20643.html * https://www.suse.com/security/cve/CVE-2026-20644.html * https://www.suse.com/security/cve/CVE-2026-20652.html * https://www.suse.com/security/cve/CVE-2026-20664.html * https://www.suse.com/security/cve/CVE-2026-20665.html * https://www.suse.com/security/cve/CVE-2026-20676.html * https://www.suse.com/security/cve/CVE-2026-20691.html * https://www.suse.com/security/cve/CVE-2026-28857.html * https://www.suse.com/security/cve/CVE-2026-28859.html * https://www.suse.com/security/cve/CVE-2026-28861.html * https://www.suse.com/security/cve/CVE-2026-28871.html * https://bugzilla.suse.com/show_bug.cgi?id=1259934 * https://bugzilla.suse.com/show_bug.cgi?id=1259935 * https://bugzilla.suse.com/show_bug.cgi?id=1259936 * https://bugzilla.suse.com/show_bug.cgi?id=1259937 * https://bugzilla.suse.com/show_bug.cgi?id=1259938 * https://bugzilla.suse.com/show_bug.cgi?id=1259939 * https://bugzilla.suse.com/show_bug.cgi?id=1259940 * https://bugzilla.suse.com/show_bug.cgi?id=1259941 * https://bugzilla.suse.com/show_bug.cgi?id=1259942 * https://bugzilla.suse.com/show_bug.cgi?id=1259943 * https://bugzilla.suse.com/show_bug.cgi?id=1259944 * https://bugzilla.suse.com/show_bug.cgi?id=1259945 * https://bugzilla.suse.com/show_bug.cgi?id=1259946 * https://bugzilla.suse.com/show_bug.cgi?id=1259947 * https://bugzilla.suse.com/show_bug.cgi?id=1259948 * https://bugzilla.suse.com/show_bug.cgi?id=1259949 * https://bugzilla.suse.com/show_bug.cgi?id=1259950 * https://bugzilla.suse.com/show_bug.cgi?id=1261172 * https://bugzilla.suse.com/show_bug.cgi?id=1261173 * https://bugzilla.suse.com/show_bug.cgi?id=1261174 * https://bugzilla.suse.com/show_bug.cgi?id=1261175 * https://bugzilla.suse.com/show_bug.cgi?id=1261176 * https://bugzilla.suse.com/show_bug.cgi?id=1261177 * https://bugzilla.suse.com/show_bug.cgi?id=1261178 * https://bugzilla.suse.com/show_bug.cgi?id=1261179 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:49 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:36:49 -0000 Subject: SUSE-SU-2026:21159-1: moderate: Security update for python-gi-docgen Message-ID: <177677500929.7580.10023330827782932422@5a8be24cc32b> # Security update for python-gi-docgen Announcement ID: SUSE-SU-2026:21159-1 Release Date: 2026-04-09T14:40:05Z Rating: moderate References: * bsc#1251961 Cross-References: * CVE-2025-11687 CVSS scores: * CVE-2025-11687 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L * CVE-2025-11687 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L * CVE-2025-11687 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-gi-docgen fixes the following issues: * CVE-2025-11687: Fixed reflected DOM XSS (bsc#1251961) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-512=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-512=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * python3-gi-docgen-2025.5-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * python3-gi-docgen-2025.5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11687.html * https://bugzilla.suse.com/show_bug.cgi?id=1251961 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:40 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:36:40 -0000 Subject: SUSE-RU-2026:21162-1: moderate: Recommended update for llvm17 Message-ID: <177677500057.7580.12049434052264416462@5a8be24cc32b> # Recommended update for llvm17 Announcement ID: SUSE-RU-2026:21162-1 Release Date: 2026-04-09T18:20:56Z Rating: moderate References: * bsc#1199076 * bsc#1237231 * bsc#1247576 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has three fixes can now be installed. ## Description: This update for llvm17 fixes the following issues: * Fix build with glibc 2.42 (bsc#1247576) * Disable ASLR during build to make libomp.so reproducible (bsc#1199076) * Replace usage of %jobs for reproducible builds (bsc#1237231) * Fix build with GCC 15 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-505=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-505=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * llvm17-debuginfo-17.0.6-160000.3.1 * libLLVM17-17.0.6-160000.3.1 * libLLVM17-debuginfo-17.0.6-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le x86_64) * llvm17-debugsource-17.0.6-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * llvm17-debuginfo-17.0.6-160000.3.1 * libLLVM17-17.0.6-160000.3.1 * llvm17-debugsource-17.0.6-160000.3.1 * libLLVM17-debuginfo-17.0.6-160000.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1199076 * https://bugzilla.suse.com/show_bug.cgi?id=1237231 * https://bugzilla.suse.com/show_bug.cgi?id=1247576 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:35:41 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:35:41 -0000 Subject: SUSE-RU-2026:21177-1: important: Recommended update for libzypp, zypper, libsolv Message-ID: <177677494125.7580.7691289145964519183@5a8be24cc32b> # Recommended update for libzypp, zypper, libsolv Announcement ID: SUSE-RU-2026:21177-1 Release Date: 2026-04-13T09:24:35Z Rating: important References: * bsc#1158038 * bsc#1247948 * bsc#1252744 * bsc#1253740 * bsc#1257882 * bsc#1258193 * bsc#1259311 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has seven fixes can now be installed. ## Description: This update for libzypp, zypper, libsolv fixes the following issues: Changes in libzypp: * Update to version 17.38.5: * Fix preloader not caching packages from arch specific subrepos (bsc#1253740) * Deprioritize invalid mirrors * Update to version 17.38.4: * Fix Product::referencePackage lookup (bsc#1259311) Use a provided autoproduct() as hint to the package name of the release package. It might be that not just multiple versions of the same release package provide the same product version, but also different release packages. * Update to version 17.38.3: * specfile: on fedora use %{_prefix}/share as zyppconfdir if %{_distconfdir} is undefined This will set '-DZYPPCONFDIR=%{zyppconfdir}' for cmake. * Fall back to a writable location when precaching packages without root (bsc#1247948) Changes in zypper: * Update to version 1.14.95: * Report download progress for command line rpms * Hint to '-vv ref' to see the mirrors used to download the metadata (bsc#1257882) * Service: Allow "zypper ls SERVICE ..." to test whether a service with this alias is defined (bsc#1252744) The command prints an abstract of all services passed on the command line. It returns 3-ZYPPER_EXIT_ERR_INVALID_ARGS if some argument does not name an existing service. * Keep repo data when updating the service settings (bsc#1252744) * info: Enhance pattern content table (bsc#1158038) Alternatives are now listed as a single entry in the content table. The entry shows either the installed package which satisfies the requirement or the requirement itself as type 'Provides'. Changes in libsolv: * bump version to 0.7.36: * respect the "default" attribute in environment optionlist in the comps parser * support suse namespace deps in boolean dependencies (bsc#1258193) * support for the Elbrus2000 (e2k) architecture * support language() suse namespace rewriting ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-536=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-536=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * perl-solv-0.7.36-160000.1.1 * zypper-1.14.95-160000.1.1 * libsolv-devel-static-0.7.36-160000.1.1 * ruby-solv-debuginfo-0.7.36-160000.1.1 * libsolv1-0.7.36-160000.1.1 * libzypp-17.38.5-160000.1.1 * zypper-debugsource-1.14.95-160000.1.1 * libsolv-tools-debuginfo-0.7.36-160000.1.1 * python313-solv-0.7.36-160000.1.1 * libsolv-demo-0.7.36-160000.1.1 * libzypp-debuginfo-17.38.5-160000.1.1 * libsolv1-debuginfo-0.7.36-160000.1.1 * libsolv-debuginfo-0.7.36-160000.1.1 * libzypp-devel-doc-17.38.5-160000.1.1 * libsolv-devel-debuginfo-0.7.36-160000.1.1 * ruby-solv-0.7.36-160000.1.1 * python313-solv-debuginfo-0.7.36-160000.1.1 * zypper-debuginfo-1.14.95-160000.1.1 * libsolv-debugsource-0.7.36-160000.1.1 * libzypp-devel-17.38.5-160000.1.1 * perl-solv-debuginfo-0.7.36-160000.1.1 * libsolv-tools-base-0.7.36-160000.1.1 * libsolv-tools-0.7.36-160000.1.1 * libsolv-demo-debuginfo-0.7.36-160000.1.1 * libsolv-devel-0.7.36-160000.1.1 * libzypp-debugsource-17.38.5-160000.1.1 * libsolv-tools-base-debuginfo-0.7.36-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * zypper-aptitude-1.14.95-160000.1.1 * zypper-needs-restarting-1.14.95-160000.1.1 * zypper-log-1.14.95-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * perl-solv-0.7.36-160000.1.1 * zypper-1.14.95-160000.1.1 * libsolv-devel-static-0.7.36-160000.1.1 * ruby-solv-debuginfo-0.7.36-160000.1.1 * libsolv1-0.7.36-160000.1.1 * libzypp-17.38.5-160000.1.1 * zypper-debugsource-1.14.95-160000.1.1 * libsolv-tools-debuginfo-0.7.36-160000.1.1 * python313-solv-0.7.36-160000.1.1 * libsolv-demo-0.7.36-160000.1.1 * libzypp-debuginfo-17.38.5-160000.1.1 * libsolv1-debuginfo-0.7.36-160000.1.1 * libsolv-debuginfo-0.7.36-160000.1.1 * libzypp-devel-doc-17.38.5-160000.1.1 * libsolv-devel-debuginfo-0.7.36-160000.1.1 * ruby-solv-0.7.36-160000.1.1 * python313-solv-debuginfo-0.7.36-160000.1.1 * zypper-debuginfo-1.14.95-160000.1.1 * libsolv-debugsource-0.7.36-160000.1.1 * libzypp-devel-17.38.5-160000.1.1 * perl-solv-debuginfo-0.7.36-160000.1.1 * libsolv-tools-base-0.7.36-160000.1.1 * libsolv-tools-0.7.36-160000.1.1 * libsolv-demo-debuginfo-0.7.36-160000.1.1 * libsolv-devel-0.7.36-160000.1.1 * libzypp-debugsource-17.38.5-160000.1.1 * libsolv-tools-base-debuginfo-0.7.36-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * zypper-aptitude-1.14.95-160000.1.1 * zypper-needs-restarting-1.14.95-160000.1.1 * zypper-log-1.14.95-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1158038 * https://bugzilla.suse.com/show_bug.cgi?id=1247948 * https://bugzilla.suse.com/show_bug.cgi?id=1252744 * https://bugzilla.suse.com/show_bug.cgi?id=1253740 * https://bugzilla.suse.com/show_bug.cgi?id=1257882 * https://bugzilla.suse.com/show_bug.cgi?id=1258193 * https://bugzilla.suse.com/show_bug.cgi?id=1259311 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:35:18 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:35:18 -0000 Subject: SUSE-RU-2026:21179-1: moderate: Recommended update for openal-soft Message-ID: <177677491850.7580.15268174936063225328@5a8be24cc32b> # Recommended update for openal-soft Announcement ID: SUSE-RU-2026:21179-1 Release Date: 2026-04-13T09:51:38Z Rating: moderate References: Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that can now be installed. ## Description: This update for openal-soft fixes the following issues: Changes in openal-soft: * Update to git version 1.24.3+git7f56dcdf. This includes the port to Qt6 added as a patch previously. * Update to version 1.24.3: * Fixed handling WASAPI enumerated device changes * Fixed a crash with UWP builds when __wargv is null * Fixed using AL_FORMAT_BFORMAT3D_I32 * Improved the bsinc resamplers' cutoff frequencies * Slightly reduced the aliasing noise in the cubic spline resampler * Added new bsinc48 and fast_bsinc48 resampler options. * Added support for using NFC filters with UHJ output. * Update to version 1.24.2 * Implemented the AL_SOFT_bformat_hoa extension. * Implemented default device change events for the PulseAudio backend. * Implemented an option for WASAPI exclusive mode playback. * Fixed reverb being too quiet for sounds from different directions. * Fixed building alffplay on systems without pkg-config. * Improved output format detection for CoreAudio. * Changed the default resampler back to Cubic Spline. * Added an SDL3 playback backend. Disabled by default to avoid a runtime dependency and for compatibility; a single process can't safely use SDL2 and SDL3 together on some OSs, so enable with care. * Converted examples from SDL2 to SDL3. * Integrated fmtlib into the main library and router for logging and string formatting. * Update to version 1.24.1 * Fixed compilation on PowerPC. * Fixed compilation on some targets that lack lock-free 64-bit atomics. * Fixed a crash when parsing certain option values. * Improved compatibility when compiling as C++20 or later. * Integrated fmtlib for some examples and utilities. * Update to version 1.24.0 * Updated library codebase to C++17. * Implemented the ALC_SOFT_system_events extension. * Implemented the AL_EXT_debug extension. * Implemented the AL_EXT_direct_context extension. * Implemented speaker configuration and headphones detection on CoreAudio. * Fixed a crash that can occur when stopping playback with the Oboe backend. * Fixed calculating the reverb room rolloff. * Fixed EAX occlusion, obstruction, and exclusion low-pass filter strength. * Fixed EAX distance factor calculations. * Fixed querying AL_EFFECTSLOT_EFFECT on auxiliary effect slots. * Fixed compilation on some macOS systems that lack libdispatch. * Changed the context error state to be thread-local. This is technically out of spec, but necessary to avoid race conditions with multi-threaded use. * Split the cubic resampler into 4-point spline and gaussian variants. The latter prioritizing the suppression of aliasing distortion and harmonics, the former not reducing high frequencies as much. * Improved timing precision of starting delayed sources. * Improved ring modulator quality. * Improved performance of convolution reverb. * Added 'noexcept' to functions and function types when compiled as C++. As a C API, OpenAL can't be expected to throw C++ exceptions, nor can it handle them if they leave a callback. * Added an experimental config option for using WASAPI spatial audio output. * Added enumeration support to the PortAudio backend. * Added compatibility options to override the AL_VENDOR, AL_VERSION, and AL_RENDERER strings. * Added an example to play LAF files. * Disabled real-time mixing by default for PipeWire playback. * Use ldconfig_scriptlets macro * Fixed SLES build ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-542=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-542=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * openal-soft-debugsource-1.24.3~179-160000.1.1 * libopenal0-1.24.3~179-160000.1.1 * libopenal1-debuginfo-1.24.3~179-160000.1.1 * libopenal0-debuginfo-1.24.3~179-160000.1.1 * libopenal1-1.24.3~179-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * openal-soft-debugsource-1.24.3~179-160000.1.1 * libopenal0-1.24.3~179-160000.1.1 * libopenal1-debuginfo-1.24.3~179-160000.1.1 * libopenal0-debuginfo-1.24.3~179-160000.1.1 * libopenal1-1.24.3~179-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:58 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:36:58 -0000 Subject: SUSE-SU-2026:21157-1: important: Security update for MozillaFirefox Message-ID: <177677501874.7580.5214166489907697234@5a8be24cc32b> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2026:21157-1 Release Date: 2026-04-09T12:58:07Z Rating: important References: * bsc#1261663 * jsc#PED-15778 Cross-References: * CVE-2026-5731 * CVE-2026-5732 * CVE-2026-5734 CVSS scores: * CVE-2026-5731 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5731 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5732 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5732 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5734 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5734 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5734 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves three vulnerabilities and contains one feature can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.9.1 ESR (bsc#1261663). * MFSA 2026-27: * CVE-2026-5731: memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. * CVE-2026-5732: incorrect boundary conditions, integer overflow in the Graphics: Text component. * CVE-2026-5734: memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-501=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-501=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-140.9.1-160000.1.1 * MozillaFirefox-translations-other-140.9.1-160000.1.1 * MozillaFirefox-debuginfo-140.9.1-160000.1.1 * MozillaFirefox-140.9.1-160000.1.1 * MozillaFirefox-debugsource-140.9.1-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * MozillaFirefox-devel-140.9.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * MozillaFirefox-translations-common-140.9.1-160000.1.1 * MozillaFirefox-translations-other-140.9.1-160000.1.1 * MozillaFirefox-debuginfo-140.9.1-160000.1.1 * MozillaFirefox-140.9.1-160000.1.1 * MozillaFirefox-debugsource-140.9.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * MozillaFirefox-devel-140.9.1-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5731.html * https://www.suse.com/security/cve/CVE-2026-5732.html * https://www.suse.com/security/cve/CVE-2026-5734.html * https://bugzilla.suse.com/show_bug.cgi?id=1261663 * https://jira.suse.com/browse/PED-15778 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:35:44 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:35:44 -0000 Subject: SUSE-RU-2026:21176-1: important: Recommended update for systemd-presets-branding-SLE Message-ID: <177677494427.7580.6683538030410943662@5a8be24cc32b> # Recommended update for systemd-presets-branding-SLE Announcement ID: SUSE-RU-2026:21176-1 Release Date: 2026-04-13T08:18:45Z Rating: important References: * bsc#1258423 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for systemd-presets-branding-SLE fixes the following issues: Changes in systemd-presets-branding-SLE: * Disable firewalld during migration if it was disabled before (bsc#1258423). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-537=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-537=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * systemd-presets-branding-SLE-15.1-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * systemd-presets-branding-SLE-15.1-160000.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1258423 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:35:45 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:35:45 -0000 Subject: SUSE-RU-2026:21175-1: moderate: Recommended update for suse-build-key Message-ID: <177677494551.7580.7368792459757102053@5a8be24cc32b> # Recommended update for suse-build-key Announcement ID: SUSE-RU-2026:21175-1 Release Date: 2026-04-13T07:31:28Z Rating: moderate References: * jsc#PED-11925 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that contains one feature can now be installed. ## Description: This update for suse-build-key fixes the following issues: Changes in suse-build-key: * Add the auto import framework, that imports updated gpg keys into the RPM database. * Added post quantum cryptographic keys for SLES 15 and SLES 16 to be used for repository verification. (jsc#PED-11925) * build-pqc-15.pem * build-pqc-16.pem ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-535=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-535=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * suse-build-key-12.0-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * suse-build-key-12.0-160000.3.1 ## References: * https://jira.suse.com/browse/PED-11925 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:03 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:37:03 -0000 Subject: SUSE-RU-2026:21155-1: moderate: Recommended update for PackageKit Message-ID: <177677502341.7580.2719785005202148263@5a8be24cc32b> # Recommended update for PackageKit Announcement ID: SUSE-RU-2026:21155-1 Release Date: 2026-04-09T12:33:12Z Rating: moderate References: * bsc#1244920 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for PackageKit fixes the following issues: Changes in PackageKit: * Add PackageKit zypp parallel package downloads. zypp: Implement parallel downloading (bsc#1244920). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-507=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-507=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * PackageKit-devel-1.2.8-160000.3.1 * typelib-1_0-PackageKitGlib-1_0-1.2.8-160000.3.1 * libpackagekit-glib2-18-1.2.8-160000.3.1 * libpackagekit-glib2-18-debuginfo-1.2.8-160000.3.1 * PackageKit-backend-zypp-debuginfo-1.2.8-160000.3.1 * PackageKit-1.2.8-160000.3.1 * PackageKit-backend-zypp-1.2.8-160000.3.1 * PackageKit-devel-debuginfo-1.2.8-160000.3.1 * PackageKit-debugsource-1.2.8-160000.3.1 * PackageKit-debuginfo-1.2.8-160000.3.1 * libpackagekit-glib2-devel-1.2.8-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * PackageKit-branding-upstream-1.2.8-160000.3.1 * PackageKit-lang-1.2.8-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * PackageKit-devel-1.2.8-160000.3.1 * typelib-1_0-PackageKitGlib-1_0-1.2.8-160000.3.1 * libpackagekit-glib2-18-1.2.8-160000.3.1 * libpackagekit-glib2-18-debuginfo-1.2.8-160000.3.1 * PackageKit-backend-zypp-debuginfo-1.2.8-160000.3.1 * PackageKit-1.2.8-160000.3.1 * PackageKit-backend-zypp-1.2.8-160000.3.1 * PackageKit-devel-debuginfo-1.2.8-160000.3.1 * PackageKit-debugsource-1.2.8-160000.3.1 * PackageKit-debuginfo-1.2.8-160000.3.1 * libpackagekit-glib2-devel-1.2.8-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * PackageKit-branding-upstream-1.2.8-160000.3.1 * PackageKit-lang-1.2.8-160000.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1244920 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:06 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:37:06 -0000 Subject: SUSE-RU-2026:21154-1: moderate: Recommended update for quota Message-ID: <177677502640.7580.16487927493119136919@5a8be24cc32b> # Recommended update for quota Announcement ID: SUSE-RU-2026:21154-1 Release Date: 2026-04-09T12:29:14Z Rating: moderate References: * bsc#1254310 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for quota fixes the following issues: * Remove `PrivateDevices` systemd hardening from quotad.service because it needs access to block devices in /dev (bsc#1254310). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-509=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-509=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * quota-nfs-debuginfo-4.09-160000.3.1 * quota-debuginfo-4.09-160000.3.1 * quota-nfs-4.09-160000.3.1 * quota-4.09-160000.3.1 * quota-debugsource-4.09-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * quota-nfs-debuginfo-4.09-160000.3.1 * quota-debuginfo-4.09-160000.3.1 * quota-nfs-4.09-160000.3.1 * quota-4.09-160000.3.1 * quota-debugsource-4.09-160000.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1254310 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:23 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:37:23 -0000 Subject: SUSE-RU-2026:21149-1: important: Recommended update for sg3_utils Message-ID: <177677504382.7580.2879928383277717534@5a8be24cc32b> # Recommended update for sg3_utils Announcement ID: SUSE-RU-2026:21149-1 Release Date: 2026-04-09T11:14:21Z Rating: important References: * bsc#1215720 * bsc#1216355 * bsc#1258664 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has three fixes can now be installed. ## Description: This update for sg3_utils fixes the following issues: * Update to version 1.48~20221101+5.c6a1f6b8: * rescan-scsi-bus.sh: * Fix invocation of udevadm (bsc#1258664) * Fix multipath issue when called with -s and without -u (bsc#1215720, bsc#1216355) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-499=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-499=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * sg3_utils-1.48~20221101+5.c6a1f6b8-160000.1.1 * libsgutils2-1_48-2-1.48~20221101+5.c6a1f6b8-160000.1.1 * sg3_utils-debuginfo-1.48~20221101+5.c6a1f6b8-160000.1.1 * libsgutils2-1_48-2-debuginfo-1.48~20221101+5.c6a1f6b8-160000.1.1 * sg3_utils-debugsource-1.48~20221101+5.c6a1f6b8-160000.1.1 * libsgutils-devel-1.48~20221101+5.c6a1f6b8-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * sg3_utils-1.48~20221101+5.c6a1f6b8-160000.1.1 * libsgutils2-1_48-2-1.48~20221101+5.c6a1f6b8-160000.1.1 * sg3_utils-debuginfo-1.48~20221101+5.c6a1f6b8-160000.1.1 * libsgutils2-1_48-2-debuginfo-1.48~20221101+5.c6a1f6b8-160000.1.1 * sg3_utils-debugsource-1.48~20221101+5.c6a1f6b8-160000.1.1 * libsgutils-devel-1.48~20221101+5.c6a1f6b8-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215720 * https://bugzilla.suse.com/show_bug.cgi?id=1216355 * https://bugzilla.suse.com/show_bug.cgi?id=1258664 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:35:56 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:35:56 -0000 Subject: SUSE-SU-2026:21173-1: moderate: Security update for sqlite3 Message-ID: <177677495635.7580.4278239198478747436@5a8be24cc32b> # Security update for sqlite3 Announcement ID: SUSE-SU-2026:21173-1 Release Date: 2026-04-10T18:56:55Z Rating: moderate References: * bsc#1248586 * bsc#1252217 * bsc#1254670 * bsc#1259619 Cross-References: * CVE-2025-70873 * CVE-2025-7709 CVSS scores: * CVE-2025-70873 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-70873 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-70873 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-7709 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-7709 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2025-7709 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities and has two fixes can now be installed. ## Description: This update for sqlite3 fixes the following issues: Update sqlite3 to version 3.51.3: Security issues: * CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670). * CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619). Non security issue: * sqlite3 won't build when using --with icu (bsc#1248586). Changelog: Update to version 3.51.3: * Fix the WAL-reset database corruption bug: https://sqlite.org/wal.html#walresetbug * Other minor bug fixes. Update to version 3.51.2: * Fix an obscure deadlock in the new broken-posix-lock detection logic. * Fix multiple problems in the EXISTS-to-JOIN optimization. Update to version 3.51.1: * Fix incorrect results from nested EXISTS queries caused by the optimization in item 6b in the 3.51.0 release. * Fix a latent bug in fts5vocab virtual table, exposed by new optimizations in the 3.51.0 release Update to version 3.51.0: * New macros in sqlite3.h: \- SQLITE_SCM_BRANCH -> the name of the branch from which the source code is taken. \- SQLITE_SCM_TAGS -> space-separated list of tags on the source code check-in. \- SQLITE_SCM_DATETIME -> ISO-8601 date and time of the source * Two new JSON functions, jsonb_each() and jsonb_tree() work the same as the existing json_each() and json_tree() functions except that they return JSONB for the "value" column when the "type" is 'array' or 'object'. * The carray and percentile extensions are now built into the amalgamation, though they are disabled by default and must be activated at compile-time using the -DSQLITE_ENABLE_CARRAY and/or -DSQLITE_ENABLE_PERCENTILE options, respectively. * Enhancements to TCL Interface: \- Add the -asdict flag to the eval command to have it set the row data as a dict instead of an array. \- User-defined functions may now break to return an SQL NULL. * CLI enhancements: \- Increase the precision of ".timer" to microseconds. \- Enhance the "box" and "column" formatting modes to deal with double-wide characters. \- The ".imposter" command provides read-only imposter tables that work with VACUUM and do not require the --unsafe-testing option. \- Add the --ifexists option to the CLI command-line option and to the .open command. \- Limit columns widths set by the ".width" command to 30,000 or less, as there is not good reason to have wider columns, but supporting wider columns provides opportunity to malefactors. * Performance enhancements: \- Use fewer CPU cycles to commit a read transaction. \- Early detection of joins that return no rows due to one or more of the tables containing no rows. \- Avoid evaluation of scalar subqueries if the result of the subquery does not change the result of the overall expression. \- Faster window function queries when using "BETWEEN :x FOLLOWING AND :y FOLLOWING" with a large :y. * Add the PRAGMA wal_checkpoint=NOOP; command and the SQLITE_CHECKPOINT_NOOP argument for sqlite3_wal_checkpoint_v2(). * Add the sqlite3_set_errmsg() API for use by extensions. * Add the sqlite3_db_status64() API, which works just like the existing sqlite3_db_status() API except that it returns 64-bit results. * Add the SQLITE_DBSTATUS_TEMPBUF_SPILL option to the sqlite3_db_status() and sqlite3_db_status64() interfaces. * In the session extension add the sqlite3changeset_apply_v3() interface. * For the built-in printf() and the format() SQL function, omit the leading '-' from negative floating point numbers if the '+' flag is omitted and the "#" flag is present and all displayed digits are '0'. Use '%#f' or similar to avoid outputs like '-0.00' and instead show just '0.00'. * Improved error messages generated by FTS5. * Enforce STRICT typing on computed columns. * Improved support for VxWorks * JavaScript/WASM now supports 64-bit WASM. The canonical builds continue to be 32-bit but creating one's own 64-bit build is now as simple as running "make". * Improved resistance to database corruption caused by an application breaking Posix advisory locks using close(). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-529=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-529=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * sqlite3-debugsource-3.51.3-160000.1.1 * sqlite3-devel-3.51.3-160000.1.1 * libsqlite3-0-debuginfo-3.51.3-160000.1.1 * sqlite3-tcl-debuginfo-3.51.3-160000.1.1 * sqlite3-debuginfo-3.51.3-160000.1.1 * libsqlite3-0-3.51.3-160000.1.1 * sqlite3-3.51.3-160000.1.1 * sqlite3-tcl-3.51.3-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * sqlite3-doc-3.51.3-160000.1.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * libsqlite3-0-x86-64-v3-3.51.3-160000.1.1 * libsqlite3-0-x86-64-v3-debuginfo-3.51.3-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * sqlite3-debugsource-3.51.3-160000.1.1 * sqlite3-devel-3.51.3-160000.1.1 * libsqlite3-0-debuginfo-3.51.3-160000.1.1 * sqlite3-tcl-debuginfo-3.51.3-160000.1.1 * sqlite3-debuginfo-3.51.3-160000.1.1 * libsqlite3-0-3.51.3-160000.1.1 * sqlite3-3.51.3-160000.1.1 * sqlite3-tcl-3.51.3-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * libsqlite3-0-x86-64-v3-3.51.3-160000.1.1 * libsqlite3-0-x86-64-v3-debuginfo-3.51.3-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * sqlite3-doc-3.51.3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-70873.html * https://www.suse.com/security/cve/CVE-2025-7709.html * https://bugzilla.suse.com/show_bug.cgi?id=1248586 * https://bugzilla.suse.com/show_bug.cgi?id=1252217 * https://bugzilla.suse.com/show_bug.cgi?id=1254670 * https://bugzilla.suse.com/show_bug.cgi?id=1259619 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:29 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:37:29 -0000 Subject: SUSE-RU-2026:21147-1: moderate: Recommended update for kernel-firmware-ath12k Message-ID: <177677504999.7580.17919224822735277780@5a8be24cc32b> # Recommended update for kernel-firmware-ath12k Announcement ID: SUSE-RU-2026:21147-1 Release Date: 2026-04-09T11:07:42Z Rating: moderate References: * bsc#1250952 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for kernel-firmware-ath12k fixes the following issues: * amdgpu and ath12k firmware files drivers where missing (bsc#1250952). * Version update 20250919 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-497=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-497=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * kernel-firmware-ath12k-20250919-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * kernel-firmware-ath12k-20250919-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1250952 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:00 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:36:00 -0000 Subject: SUSE-RU-2026:21171-1: moderate: Recommended update for kernel-firmware-mediatek Message-ID: <177677496088.7580.10821396451736964644@5a8be24cc32b> # Recommended update for kernel-firmware-mediatek Announcement ID: SUSE-RU-2026:21171-1 Release Date: 2026-04-10T13:05:36Z Rating: moderate References: Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that can now be installed. ## Description: This update for kernel-firmware-mediatek fixes the following issues: Changes in kernel-firmware-mediatek: * Update to version 20251129 (git commit 01006f5dea2d): * linux-firmware: update firmware for MT7925 WiFi device * mediatek MT7925: update bluetooth firmware to 20251124093155 * Update to version 20251119 (git commit fe13aa9b9830): * mediatek MT7922: update bluetooth firmware to 20251118163447 * linux-firmware: update firmware for MT7922 WiFi device * Update to version 20251118 (git commit 53dce114cc5d): * mt76: add firmware for MT7990 * mt76: update firmware for MT7992 * mt76: update firmware for MT7996 * Update to version 20251110 (git commit 15b5dddd9b2a): * linux-firmware: add firmware for mt7987 internal 2.5G ethernet phy * Update aliases * Update to version 20251029 (git commit bfc84303530a): * linux-firmware: update firmware for MT7925 WiFi device * mediatek MT7925: update bluetooth firmware to 20251015213201 * Update to version 20251024 (git commit 9b899c779b8a): * mediatek MT7920: update bluetooth firmware to 20251020151255 * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7920 WiFi device * mediatek MT7922: update bluetooth firmware to 20251020143443 * Revert "linux-firmware: update firmware for MT7922 WiFi device" * Update aliases from 6.18-rc1 * Update to version 20250926 (git commit fad361e997ee): * mediatek: mtk_wed: drop links for mt7988 * Update to version 20250909 (git commit 4573c02ca0ca): * mediatek MT7922: update bluetooth firmware to 20250903123504 * linux-firmware: update firmware for MT7922 WiFi device * Update to version 20250903 (git commit 577ee67ffca2): * linux-firmware: update firmware for MT7925 WiFi device * mediatek MT7925:update bluetooth firmware to 20250825220109 Update binary firmware for MT7925 BT devices. * Update to version 20250813 (git commit acb26167a103): * mediatek: Add MT8189 SCP firmware * Update to version 20250804 (git commit 37b63dc35d98): * linux-firmware: update firmware for MT7925 WiFi device * mediatek MT7925: update bluetooth firmware to 20250721233113 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-526=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-526=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * kernel-firmware-mediatek-20251129-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * kernel-firmware-mediatek-20251129-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:36 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:37:36 -0000 Subject: SUSE-SU-2026:21145-1: moderate: Security update for perl-Authen-SASL Message-ID: <177677505685.7580.18032557524174523708@5a8be24cc32b> # Security update for perl-Authen-SASL Announcement ID: SUSE-SU-2026:21145-1 Release Date: 2026-04-09T10:58:55Z Rating: moderate References: * bsc#1246623 Cross-References: * CVE-2025-40918 CVSS scores: * CVE-2025-40918 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-40918 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-40918 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for perl-Authen-SASL fixes the following issues: Changes in perl-Authen-SASL: * CVE-2025-40918: use Crypt:URandom for generating nonces (bsc#1246623) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-495=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-495=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * perl-Authen-SASL-2.170.0-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * perl-Crypt-URandom-0.550.0-160000.1.1 * perl-Crypt-URandom-debugsource-0.550.0-160000.1.1 * perl-Crypt-URandom-debuginfo-0.550.0-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * perl-Authen-SASL-2.170.0-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * perl-Crypt-URandom-0.550.0-160000.1.1 * perl-Crypt-URandom-debugsource-0.550.0-160000.1.1 * perl-Crypt-URandom-debuginfo-0.550.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40918.html * https://bugzilla.suse.com/show_bug.cgi?id=1246623 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:45 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:37:45 -0000 Subject: SUSE-SU-2026:21144-1: important: Security update for systemd Message-ID: <177677506552.7580.8724798440798442828@5a8be24cc32b> # Security update for systemd Announcement ID: SUSE-SU-2026:21144-1 Release Date: 2026-04-07T15:17:05Z Rating: important References: * bsc#1255326 * bsc#1258344 * bsc#1259418 * bsc#1259650 * bsc#1259697 * jsc#PED-14853 Cross-References: * CVE-2026-29111 * CVE-2026-4105 CVSS scores: * CVE-2026-29111 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-29111 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-29111 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4105 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4105 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4105 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities, contains one feature and has three fixes can now be installed. ## Description: This update for systemd fixes the following issues: Update to systemd v257.13: Security issues: * CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). * CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). * udev: local root execution via malicious hardware devices and unsanitized kernel output (bsc#1259697). Non security issues: * Avoid shipping (empty) directories and ghost files in /var (jsc#PED-14853). * Sign systemd-boot EFI binary on aarch64 (bsc#1258344) * terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) Changelog: * 6941d92dc2 machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105) * 03bb697b8d udev: check for invalid chars in various fields received from the kernel (bsc#1259697) * 54588d2ded core: validate input cgroup path more prudently (bsc#1259418 CVE-2026-29111) * fb9d92682b terminal-util: stop doing 0/upper bound check in tty_is_vc() (bsc#1255326) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/3c53ef3ea20bd43ef587cbdfa7107aeb1ef55654...d349fc5cd4f9ee2b7884c2610647e92806d14b28 ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-485=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-485=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * udev-257.13-160000.1.1 * systemd-portable-257.13-160000.1.1 * libsystemd0-debuginfo-257.13-160000.1.1 * systemd-resolved-debuginfo-257.13-160000.1.1 * systemd-experimental-257.13-160000.1.1 * libsystemd0-257.13-160000.1.1 * libudev1-257.13-160000.1.1 * systemd-experimental-debuginfo-257.13-160000.1.1 * udev-debuginfo-257.13-160000.1.1 * systemd-container-257.13-160000.1.1 * systemd-devel-257.13-160000.1.1 * systemd-homed-debuginfo-257.13-160000.1.1 * systemd-container-debuginfo-257.13-160000.1.1 * systemd-debugsource-257.13-160000.1.1 * systemd-journal-remote-debuginfo-257.13-160000.1.1 * systemd-resolved-257.13-160000.1.1 * libudev1-debuginfo-257.13-160000.1.1 * systemd-debuginfo-257.13-160000.1.1 * systemd-257.13-160000.1.1 * systemd-portable-debuginfo-257.13-160000.1.1 * systemd-homed-257.13-160000.1.1 * systemd-journal-remote-257.13-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * systemd-doc-257.13-160000.1.1 * systemd-lang-257.13-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * udev-257.13-160000.1.1 * systemd-portable-257.13-160000.1.1 * libsystemd0-debuginfo-257.13-160000.1.1 * systemd-resolved-debuginfo-257.13-160000.1.1 * systemd-experimental-257.13-160000.1.1 * libsystemd0-257.13-160000.1.1 * libudev1-257.13-160000.1.1 * systemd-experimental-debuginfo-257.13-160000.1.1 * udev-debuginfo-257.13-160000.1.1 * systemd-container-257.13-160000.1.1 * systemd-devel-257.13-160000.1.1 * systemd-homed-debuginfo-257.13-160000.1.1 * systemd-container-debuginfo-257.13-160000.1.1 * systemd-debugsource-257.13-160000.1.1 * systemd-journal-remote-debuginfo-257.13-160000.1.1 * systemd-resolved-257.13-160000.1.1 * libudev1-debuginfo-257.13-160000.1.1 * systemd-debuginfo-257.13-160000.1.1 * systemd-257.13-160000.1.1 * systemd-portable-debuginfo-257.13-160000.1.1 * systemd-homed-257.13-160000.1.1 * systemd-journal-remote-257.13-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * systemd-doc-257.13-160000.1.1 * systemd-lang-257.13-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-29111.html * https://www.suse.com/security/cve/CVE-2026-4105.html * https://bugzilla.suse.com/show_bug.cgi?id=1255326 * https://bugzilla.suse.com/show_bug.cgi?id=1258344 * https://bugzilla.suse.com/show_bug.cgi?id=1259418 * https://bugzilla.suse.com/show_bug.cgi?id=1259650 * https://bugzilla.suse.com/show_bug.cgi?id=1259697 * https://jira.suse.com/browse/PED-14853 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:02 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:36:02 -0000 Subject: SUSE-RU-2026:21170-1: moderate: Recommended update for kernel-firmware-bluetooth Message-ID: <177677496204.7580.12030599847743784148@5a8be24cc32b> # Recommended update for kernel-firmware-bluetooth Announcement ID: SUSE-RU-2026:21170-1 Release Date: 2026-04-10T13:02:04Z Rating: moderate References: Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that can now be installed. ## Description: This update for kernel-firmware-bluetooth fixes the following issues: Changes in kernel-firmware-bluetooth: * Update to version 20251202 (git commit 685171356137): * linux-firmware: Update firmware file for Intel Scorpius core * linux-firmware: Update firmware file for Intel BlazarIGfP core * linux-firmware: Update firmware file for Intel BlazarI core * linux-firmware: Update firmware file for Intel BlazarU-HrPGfP core * linux-firmware: Update firmware file for Intel BlazarU core * Update to version 20251125 (git commit 23568a4b9420): * QCA: Add Bluetooth firmware for WCN685x uart interface * Update to version 20251121 (git commit ff6418d18552): * rtl_bt: Update RTL8852B BT USB FW to 0x42D3_4E04 * Update to version 20251111 (git commit 6fc940781a01): * rtl_bt: Update RTL8922A BT USB firmware to 0x41C0_C905 * Update to version 20251106 (git commit b055b3e24542): * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel BlazarI core * Update to version 20251029 (git commit bfc84303530a): * rtl_bt: Add firmware and config files for RTL8761CUV * Update to version 20251024 (git commit 9b899c779b8a): * QCA: Update Bluetooth WCN6856 firmware 2.1.0-00653 to 2.1.0-00659 * Update to version 20251010 (git commit fef0b3bbf494): * linux-firmware: Update firmware file for Intel Magnetar core * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel BlazarI core * Update to version 20251010 (git commit 49fafa182b23): * qca: Update Bluetooth WCN6750 1.1.3-00091 firmware to 1.1.3-00100 * Update to version 20251004 (git commit 757854f42d83): * rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x3BAC_ADBA * Update to version 20250903 (git commit c784990ba3d2): * rtl_bt: Update RTL8822C BT USB firmware to 0x2B66_D962 * Update to version 20250820 (git commit 70dda28e5098): * Link rtl8723b_config.bin to rtl8723bs * Update to version 20250808 (git commit 8f1ce114de6c): * qca: Update Bluetooth WCN6750 1.1.3-00069 firmware to 1.1.3-00091 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-525=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-525=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * kernel-firmware-bluetooth-20251202-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * kernel-firmware-bluetooth-20251202-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:24 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:36:24 -0000 Subject: SUSE-SU-2026:21165-1: important: Security update for python-cryptography Message-ID: <177677498491.7580.15779180020086295819@5a8be24cc32b> # Security update for python-cryptography Announcement ID: SUSE-SU-2026:21165-1 Release Date: 2026-04-10T11:27:11Z Rating: important References: * bsc#1258074 * bsc#1260876 Cross-References: * CVE-2026-26007 * CVE-2026-34073 CVSS scores: * CVE-2026-26007 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-26007 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-26007 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26007 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2026-34073 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34073 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-34073 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34073 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-cryptography fixes the following issues: * CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. (bsc#1260876) * CVE-2026-26007: missing validation can lead to security issues for signature verification (ECDSA) and shared key negotiation (ECDH) (bsc#1258074). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-522=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-522=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * python-cryptography-debugsource-44.0.3-160000.3.1 * python313-cryptography-debuginfo-44.0.3-160000.3.1 * python313-cryptography-44.0.3-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * python-cryptography-debugsource-44.0.3-160000.3.1 * python313-cryptography-debuginfo-44.0.3-160000.3.1 * python313-cryptography-44.0.3-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26007.html * https://www.suse.com/security/cve/CVE-2026-34073.html * https://bugzilla.suse.com/show_bug.cgi?id=1258074 * https://bugzilla.suse.com/show_bug.cgi?id=1260876 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:56 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:37:56 -0000 Subject: SUSE-SU-2026:21141-1: important: Security update for cockpit-packages Message-ID: <177677507675.7580.7602053012428318838@5a8be24cc32b> # Security update for cockpit-packages Announcement ID: SUSE-SU-2026:21141-1 Release Date: 2026-04-07T12:21:55Z Rating: important References: * bsc#1258641 Cross-References: * CVE-2026-26996 CVSS scores: * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for cockpit-packages fixes the following issue: Update cockpit-packages to version 4: * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). Changes for cockpit-packages: * Translation updates * Dependency updates ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-483=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-483=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * cockpit-packages-4-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * cockpit-packages-4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:38:03 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:38:03 -0000 Subject: SUSE-SU-2026:21139-1: important: Security update for python-cbor2 Message-ID: <177677508398.7580.5024267078392086155@5a8be24cc32b> # Security update for python-cbor2 Announcement ID: SUSE-SU-2026:21139-1 Release Date: 2026-04-07T11:57:38Z Rating: important References: * bsc#1255783 * bsc#1260367 Cross-References: * CVE-2025-68131 * CVE-2026-26209 CVSS scores: * CVE-2025-68131 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-68131 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-68131 ( NVD ): 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-68131 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-26209 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-26209 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26209 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-cbor2 fixes the following issues: * CVE-2025-68131: CBORDecoder reuse across trust boundaries can lead to leak of shareable values from previous decode calls via attacker-controlled messages (bsc#1255783). * CVE-2026-26209: uncontrolled recursion via crafted CBOR payloads can cause a denial of service (bsc#1260367). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-482=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-482=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * python313-cbor2-debuginfo-5.6.5-160000.4.1 * python-cbor2-debugsource-5.6.5-160000.4.1 * python313-cbor2-5.6.5-160000.4.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * python313-cbor2-debuginfo-5.6.5-160000.4.1 * python-cbor2-debugsource-5.6.5-160000.4.1 * python313-cbor2-5.6.5-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68131.html * https://www.suse.com/security/cve/CVE-2026-26209.html * https://bugzilla.suse.com/show_bug.cgi?id=1255783 * https://bugzilla.suse.com/show_bug.cgi?id=1260367 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:38:08 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:38:08 -0000 Subject: SUSE-SU-2026:21138-1: important: Security update for libpng16 Message-ID: <177677508837.7580.14973887986124048017@5a8be24cc32b> # Security update for libpng16 Announcement ID: SUSE-SU-2026:21138-1 Release Date: 2026-04-07T11:57:38Z Rating: important References: * bsc#1260754 * bsc#1260755 Cross-References: * CVE-2026-33416 * CVE-2026-33636 CVSS scores: * CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-33416 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-33636 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-33636 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H * CVE-2026-33636 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for libpng16 fixes the following issues: * CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754). * CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-480=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-480=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libpng16-devel-1.6.44-160000.6.1 * libpng16-compat-devel-1.6.44-160000.6.1 * libpng16-16-1.6.44-160000.6.1 * libpng16-tools-debuginfo-1.6.44-160000.6.1 * libpng16-tools-1.6.44-160000.6.1 * libpng16-debugsource-1.6.44-160000.6.1 * libpng16-16-debuginfo-1.6.44-160000.6.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * libpng16-devel-x86-64-v3-1.6.44-160000.6.1 * libpng16-compat-devel-x86-64-v3-1.6.44-160000.6.1 * libpng16-16-x86-64-v3-debuginfo-1.6.44-160000.6.1 * libpng16-16-x86-64-v3-1.6.44-160000.6.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libpng16-devel-1.6.44-160000.6.1 * libpng16-compat-devel-1.6.44-160000.6.1 * libpng16-16-1.6.44-160000.6.1 * libpng16-tools-debuginfo-1.6.44-160000.6.1 * libpng16-tools-1.6.44-160000.6.1 * libpng16-debugsource-1.6.44-160000.6.1 * libpng16-16-debuginfo-1.6.44-160000.6.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * libpng16-devel-x86-64-v3-1.6.44-160000.6.1 * libpng16-compat-devel-x86-64-v3-1.6.44-160000.6.1 * libpng16-16-x86-64-v3-debuginfo-1.6.44-160000.6.1 * libpng16-16-x86-64-v3-1.6.44-160000.6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33416.html * https://www.suse.com/security/cve/CVE-2026-33636.html * https://bugzilla.suse.com/show_bug.cgi?id=1260754 * https://bugzilla.suse.com/show_bug.cgi?id=1260755 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:35 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:36:35 -0000 Subject: SUSE-RU-2026:21163-1: moderate: Recommended update for agama Message-ID: <177677499523.7580.1864929858140845766@5a8be24cc32b> # Recommended update for agama Announcement ID: SUSE-RU-2026:21163-1 Release Date: 2026-04-09T18:49:53Z Rating: moderate References: * bsc#1259434 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for agama fixes the following issue: Change in agama: * Add error reporting when working with AutoYaST profiles (bsc#1259434). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-515=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-515=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * agama-debugsource-17+502.a135c718e-160000.8.1 * agama-scripts-17+502.a135c718e-160000.8.1 * agama-debuginfo-17+502.a135c718e-160000.8.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * agama-debugsource-17+502.a135c718e-160000.8.1 * agama-scripts-17+502.a135c718e-160000.8.1 * agama-debuginfo-17+502.a135c718e-160000.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1259434 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:43 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:36:43 -0000 Subject: SUSE-SU-2026:21161-1: moderate: Security update for ovmf Message-ID: <177677500375.7580.16720643706286586001@5a8be24cc32b> # Security update for ovmf Announcement ID: SUSE-SU-2026:21161-1 Release Date: 2026-04-09T15:10:40Z Rating: moderate References: * bsc#1252441 Cross-References: * CVE-2025-59438 CVSS scores: * CVE-2025-59438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-59438 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-59438 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for ovmf fixes the following issue: * CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting (bsc#1252441). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-514=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-514=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * ovmf-tools-202502-160000.4.1 * ovmf-202502-160000.4.1 * SUSE Linux Enterprise Server 16.0 (noarch) * qemu-ovmf-x86_64-202502-160000.4.1 * qemu-uefi-aarch64-202502-160000.4.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * ovmf-debugsource-202502-160000.4.1 * ovmf-debuginfo-202502-160000.4.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * ovmf-tools-202502-160000.4.1 * ovmf-202502-160000.4.1 * ovmf-debugsource-202502-160000.4.1 * ovmf-debuginfo-202502-160000.4.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * qemu-ovmf-x86_64-202502-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59438.html * https://bugzilla.suse.com/show_bug.cgi?id=1252441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:38:09 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:38:09 -0000 Subject: SUSE-RU-2026:21137-1: moderate: Recommended update for amazon-ecs-init Message-ID: <177677508969.7580.5468704090268503568@5a8be24cc32b> # Recommended update for amazon-ecs-init Announcement ID: SUSE-RU-2026:21137-1 Release Date: 2026-04-07T11:56:01Z Rating: moderate References: * jsc#PED-14842 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that contains one feature can now be installed. ## Description: This update for amazon-ecs-init fixes the following issues: * Update to version 1.102.1: * Enhancement - Improve ENI watcher udev logging * Enhancement - Update go version to 1.25.7, Update unit test coverage logic * Enhancement - Upgrade prometheus deps * Enhancement - Use static IP for daemon tasks for Managed Instances, also updates amazon-ecs-cni-plugins * Bugfix - Fix IMDS client rate limiting to prevent token refresh failures after 401 responses * For the changes between 1.64.0 and 1.102.0, see CHANGELOG.md * Fix permissions of systemd service file * Include CHANGELOG.md in %doc section * Switch upstream source to amazon-ecs-agent * Switch to systemd-tmpfiles to store runtime data (jsc#PED-14842) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-481=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-481=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * amazon-ecs-init-1.102.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * amazon-ecs-init-1.102.1-160000.1.1 ## References: * https://jira.suse.com/browse/PED-14842 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:38:13 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:38:13 -0000 Subject: SUSE-SU-2026:1505-1: important: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6) Message-ID: <177677509393.7580.10890968330216981881@5a8be24cc32b> # Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1505-1 Release Date: 2026-04-21T07:34:22Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.65 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1505=1 SUSE-SLE- Module-Live-Patching-15-SP6-2026-1512=1 SUSE-SLE-Module-Live- Patching-15-SP6-2026-1507=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1512=1 SUSE-2026-1507=1 SUSE-2026-1505=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x) * kernel-livepatch-SLE15-SP6_Update_14-debugsource-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_70-default-9-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_15-debugsource-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-13-150600.2.2 * kernel-livepatch-6_4_0-150600_23_60-default-13-150600.2.2 * kernel-livepatch-6_4_0-150600_23_65-default-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-9-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_13-debugsource-13-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-SLE15-SP6_Update_15-debugsource-9-150600.2.1 * kernel-livepatch-6_4_0-150600_23_65-default-9-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-9-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-13-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-9-150600.2.1 * kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-9-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_13-debugsource-13-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-13-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_14-debugsource-9-150600.2.1 * openSUSE Leap 15.6 (x86_64) * kernel-livepatch-SLE15-SP6_Update_15-debugsource-9-150600.2.1 * kernel-livepatch-6_4_0-150600_23_65-default-9-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-9-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-13-150600.2.1 * kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-9-150600.2.1 * kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-9-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_13-debugsource-13-150600.2.1 * kernel-livepatch-6_4_0-150600_23_60-default-13-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_14-debugsource-9-150600.2.1 * openSUSE Leap 15.6 (ppc64le s390x) * kernel-livepatch-SLE15-SP6_Update_14-debugsource-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_70-default-9-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_15-debugsource-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-13-150600.2.2 * kernel-livepatch-6_4_0-150600_23_60-default-13-150600.2.2 * kernel-livepatch-6_4_0-150600_23_65-default-9-150600.2.2 * kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-9-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_13-debugsource-13-150600.2.2 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:46 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:36:46 -0000 Subject: SUSE-RU-2026:21160-1: moderate: Recommended update for linux-glibc-devel Message-ID: <177677500658.7580.9173787378443408864@5a8be24cc32b> # Recommended update for linux-glibc-devel Announcement ID: SUSE-RU-2026:21160-1 Release Date: 2026-04-09T14:40:05Z Rating: moderate References: * bsc#1253334 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for linux-glibc-devel fixes the following issues: Changes in linux-glibc-devel: * Sync with SLES 16.0 update kernel (6.12.0-160000.6) (bsc#1253334) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-513=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-513=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * linux-glibc-devel-6.12-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * linux-glibc-devel-6.12-160000.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1253334 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:38:20 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:38:20 -0000 Subject: SUSE-SU-2026:1511-1: important: Security update for flatpak Message-ID: <177677510000.7580.13701313604014938147@5a8be24cc32b> # Security update for flatpak Announcement ID: SUSE-SU-2026:1511-1 Release Date: 2026-04-21T06:28:50Z Rating: important References: * bsc#1261769 * bsc#1261770 Cross-References: * CVE-2026-34078 * CVE-2026-34079 CVSS scores: * CVE-2026-34078 ( SUSE ): 6.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2026-34078 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34078 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N * CVE-2026-34079 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L * CVE-2026-34079 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for flatpak fixes the following issues: * CVE-2026-34078: Arbitrary code execution via crafted symlinks in sandbox- expose options (bsc#1261769). * CVE-2026-34079: Arbitrary file deletion on host via improper cache file path validation (bsc#1261770). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1511=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1511=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1511=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1511=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1511=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * flatpak-debuginfo-1.12.8-150400.3.12.1 * flatpak-1.12.8-150400.3.12.1 * typelib-1_0-Flatpak-1_0-1.12.8-150400.3.12.1 * flatpak-zsh-completion-1.12.8-150400.3.12.1 * libflatpak0-1.12.8-150400.3.12.1 * libflatpak0-debuginfo-1.12.8-150400.3.12.1 * system-user-flatpak-1.12.8-150400.3.12.1 * flatpak-debugsource-1.12.8-150400.3.12.1 * flatpak-devel-1.12.8-150400.3.12.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * flatpak-debuginfo-1.12.8-150400.3.12.1 * flatpak-1.12.8-150400.3.12.1 * typelib-1_0-Flatpak-1_0-1.12.8-150400.3.12.1 * flatpak-zsh-completion-1.12.8-150400.3.12.1 * libflatpak0-1.12.8-150400.3.12.1 * libflatpak0-debuginfo-1.12.8-150400.3.12.1 * system-user-flatpak-1.12.8-150400.3.12.1 * flatpak-debugsource-1.12.8-150400.3.12.1 * flatpak-devel-1.12.8-150400.3.12.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * flatpak-debuginfo-1.12.8-150400.3.12.1 * flatpak-1.12.8-150400.3.12.1 * typelib-1_0-Flatpak-1_0-1.12.8-150400.3.12.1 * flatpak-zsh-completion-1.12.8-150400.3.12.1 * libflatpak0-1.12.8-150400.3.12.1 * libflatpak0-debuginfo-1.12.8-150400.3.12.1 * system-user-flatpak-1.12.8-150400.3.12.1 * flatpak-debugsource-1.12.8-150400.3.12.1 * flatpak-devel-1.12.8-150400.3.12.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * flatpak-debuginfo-1.12.8-150400.3.12.1 * flatpak-1.12.8-150400.3.12.1 * typelib-1_0-Flatpak-1_0-1.12.8-150400.3.12.1 * flatpak-zsh-completion-1.12.8-150400.3.12.1 * libflatpak0-1.12.8-150400.3.12.1 * libflatpak0-debuginfo-1.12.8-150400.3.12.1 * system-user-flatpak-1.12.8-150400.3.12.1 * flatpak-debugsource-1.12.8-150400.3.12.1 * flatpak-devel-1.12.8-150400.3.12.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * flatpak-debuginfo-1.12.8-150400.3.12.1 * flatpak-1.12.8-150400.3.12.1 * typelib-1_0-Flatpak-1_0-1.12.8-150400.3.12.1 * flatpak-zsh-completion-1.12.8-150400.3.12.1 * libflatpak0-1.12.8-150400.3.12.1 * libflatpak0-debuginfo-1.12.8-150400.3.12.1 * system-user-flatpak-1.12.8-150400.3.12.1 * flatpak-debugsource-1.12.8-150400.3.12.1 * flatpak-devel-1.12.8-150400.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34078.html * https://www.suse.com/security/cve/CVE-2026-34079.html * https://bugzilla.suse.com/show_bug.cgi?id=1261769 * https://bugzilla.suse.com/show_bug.cgi?id=1261770 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:38:23 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:38:23 -0000 Subject: SUSE-SU-2026:1510-1: moderate: Security update for ncurses Message-ID: <177677510372.7580.12692925758487398927@5a8be24cc32b> # Security update for ncurses Announcement ID: SUSE-SU-2026:1510-1 Release Date: 2026-04-21T06:28:34Z Rating: moderate References: * bsc#1259924 Cross-References: * CVE-2025-69720 CVSS scores: * CVE-2025-69720 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-69720 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2025-69720 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-69720 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2025-69720 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * Legacy Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves one vulnerability can now be installed. ## Description: This update for ncurses fixes the following issue: * CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1510=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1510=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1510=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1510=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1510=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1510=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-1510=1 * Legacy Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2026-1510=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1510=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1510=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * terminfo-base-6.1-150000.5.33.1 * ncurses-utils-debuginfo-6.1-150000.5.33.1 * libncurses6-6.1-150000.5.33.1 * ncurses-utils-6.1-150000.5.33.1 * libncurses6-debuginfo-6.1-150000.5.33.1 * terminfo-6.1-150000.5.33.1 * ncurses-debugsource-6.1-150000.5.33.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * terminfo-base-6.1-150000.5.33.1 * ncurses-utils-debuginfo-6.1-150000.5.33.1 * libncurses6-6.1-150000.5.33.1 * ncurses-utils-6.1-150000.5.33.1 * libncurses6-debuginfo-6.1-150000.5.33.1 * terminfo-6.1-150000.5.33.1 * ncurses-debugsource-6.1-150000.5.33.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * terminfo-base-6.1-150000.5.33.1 * ncurses-utils-debuginfo-6.1-150000.5.33.1 * libncurses6-6.1-150000.5.33.1 * ncurses-utils-6.1-150000.5.33.1 * libncurses6-debuginfo-6.1-150000.5.33.1 * terminfo-6.1-150000.5.33.1 * ncurses-debugsource-6.1-150000.5.33.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * terminfo-base-6.1-150000.5.33.1 * ncurses-utils-debuginfo-6.1-150000.5.33.1 * libncurses6-6.1-150000.5.33.1 * ncurses-utils-6.1-150000.5.33.1 * libncurses6-debuginfo-6.1-150000.5.33.1 * terminfo-6.1-150000.5.33.1 * ncurses-debugsource-6.1-150000.5.33.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * terminfo-base-6.1-150000.5.33.1 * ncurses-utils-debuginfo-6.1-150000.5.33.1 * libncurses6-6.1-150000.5.33.1 * ncurses-utils-6.1-150000.5.33.1 * libncurses6-debuginfo-6.1-150000.5.33.1 * terminfo-6.1-150000.5.33.1 * ncurses-debugsource-6.1-150000.5.33.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ncurses-devel-6.1-150000.5.33.1 * tack-6.1-150000.5.33.1 * terminfo-base-6.1-150000.5.33.1 * tack-debuginfo-6.1-150000.5.33.1 * ncurses-utils-debuginfo-6.1-150000.5.33.1 * libncurses6-6.1-150000.5.33.1 * ncurses-utils-6.1-150000.5.33.1 * libncurses6-debuginfo-6.1-150000.5.33.1 * terminfo-screen-6.1-150000.5.33.1 * terminfo-6.1-150000.5.33.1 * terminfo-iterm-6.1-150000.5.33.1 * ncurses-debugsource-6.1-150000.5.33.1 * ncurses-devel-debuginfo-6.1-150000.5.33.1 * Basesystem Module 15-SP7 (x86_64) * libncurses6-32bit-6.1-150000.5.33.1 * libncurses6-32bit-debuginfo-6.1-150000.5.33.1 * Development Tools Module 15-SP7 (x86_64) * ncurses-devel-32bit-6.1-150000.5.33.1 * ncurses-devel-32bit-debuginfo-6.1-150000.5.33.1 * Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64) * ncurses5-devel-6.1-150000.5.33.1 * ncurses-debugsource-6.1-150000.5.33.1 * libncurses5-6.1-150000.5.33.1 * libncurses5-debuginfo-6.1-150000.5.33.1 * Legacy Module 15-SP7 (x86_64) * libncurses5-32bit-debuginfo-6.1-150000.5.33.1 * libncurses5-32bit-6.1-150000.5.33.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * terminfo-base-6.1-150000.5.33.1 * ncurses-utils-debuginfo-6.1-150000.5.33.1 * libncurses6-6.1-150000.5.33.1 * ncurses-utils-6.1-150000.5.33.1 * libncurses6-debuginfo-6.1-150000.5.33.1 * terminfo-6.1-150000.5.33.1 * ncurses-debugsource-6.1-150000.5.33.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * terminfo-base-6.1-150000.5.33.1 * ncurses-utils-debuginfo-6.1-150000.5.33.1 * libncurses6-6.1-150000.5.33.1 * ncurses-utils-6.1-150000.5.33.1 * libncurses6-debuginfo-6.1-150000.5.33.1 * terminfo-6.1-150000.5.33.1 * ncurses-debugsource-6.1-150000.5.33.1 ## References: * https://www.suse.com/security/cve/CVE-2025-69720.html * https://bugzilla.suse.com/show_bug.cgi?id=1259924 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:55 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:36:55 -0000 Subject: SUSE-SU-2026:21158-1: moderate: Security update for util-linux Message-ID: <177677501571.7580.9704860719161705282@5a8be24cc32b> # Security update for util-linux Announcement ID: SUSE-SU-2026:21158-1 Release Date: 2026-04-09T13:00:19Z Rating: moderate References: * bsc#1222465 * bsc#1254666 * bsc#1258859 * jsc#PED-13682 Cross-References: * CVE-2025-14104 * CVE-2026-3184 CVSS scores: * CVE-2025-14104 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-14104 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2025-14104 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-3184 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-3184 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-3184 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities, contains one feature and has one fix can now be installed. ## Description: This update for util-linux fixes the following issues: Security issues: * CVE-2025-14104: heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). * CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859). Non security issues: * fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465). * lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-510=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-510=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * util-linux-2.41.1-160000.3.1 * libuuid-devel-2.41.1-160000.3.1 * liblastlog2-2-debuginfo-2.41.1-160000.3.1 * libblkid1-2.41.1-160000.3.1 * libfdisk1-2.41.1-160000.3.1 * libuuid1-2.41.1-160000.3.1 * util-linux-systemd-debuginfo-2.41.1-160000.3.1 * liblastlog2-devel-2.41.1-160000.3.1 * uuidd-2.41.1-160000.3.1 * python313-libmount-2.41.1-160000.3.1 * util-linux-systemd-debugsource-2.41.1-160000.3.1 * libfdisk-devel-2.41.1-160000.3.1 * libblkid-devel-2.41.1-160000.3.1 * libblkid-devel-static-2.41.1-160000.3.1 * libmount-devel-2.41.1-160000.3.1 * liblastlog2-2-2.41.1-160000.3.1 * libuuid-devel-static-2.41.1-160000.3.1 * libfdisk-devel-static-2.41.1-160000.3.1 * util-linux-debugsource-2.41.1-160000.3.1 * util-linux-debuginfo-2.41.1-160000.3.1 * libmount1-2.41.1-160000.3.1 * lastlog2-2.41.1-160000.3.1 * util-linux-systemd-2.41.1-160000.3.1 * util-linux-tty-tools-debuginfo-2.41.1-160000.3.1 * libuuid1-debuginfo-2.41.1-160000.3.1 * libmount1-debuginfo-2.41.1-160000.3.1 * libsmartcols1-debuginfo-2.41.1-160000.3.1 * libsmartcols1-2.41.1-160000.3.1 * python313-libmount-debuginfo-2.41.1-160000.3.1 * libblkid1-debuginfo-2.41.1-160000.3.1 * libsmartcols-devel-2.41.1-160000.3.1 * util-linux-tty-tools-2.41.1-160000.3.1 * lastlog2-debuginfo-2.41.1-160000.3.1 * libmount-devel-static-2.41.1-160000.3.1 * libfdisk1-debuginfo-2.41.1-160000.3.1 * libsmartcols-devel-static-2.41.1-160000.3.1 * python-libmount-debugsource-2.41.1-160000.3.1 * uuidd-debuginfo-2.41.1-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * util-linux-lang-2.41.1-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * util-linux-2.41.1-160000.3.1 * libuuid-devel-2.41.1-160000.3.1 * liblastlog2-2-debuginfo-2.41.1-160000.3.1 * libblkid1-2.41.1-160000.3.1 * libfdisk1-2.41.1-160000.3.1 * libuuid1-2.41.1-160000.3.1 * util-linux-systemd-debuginfo-2.41.1-160000.3.1 * liblastlog2-devel-2.41.1-160000.3.1 * uuidd-2.41.1-160000.3.1 * python313-libmount-2.41.1-160000.3.1 * util-linux-systemd-debugsource-2.41.1-160000.3.1 * libfdisk-devel-2.41.1-160000.3.1 * libblkid-devel-2.41.1-160000.3.1 * libblkid-devel-static-2.41.1-160000.3.1 * libmount-devel-2.41.1-160000.3.1 * liblastlog2-2-2.41.1-160000.3.1 * libuuid-devel-static-2.41.1-160000.3.1 * libfdisk-devel-static-2.41.1-160000.3.1 * util-linux-debugsource-2.41.1-160000.3.1 * util-linux-debuginfo-2.41.1-160000.3.1 * libmount1-2.41.1-160000.3.1 * lastlog2-2.41.1-160000.3.1 * util-linux-systemd-2.41.1-160000.3.1 * util-linux-tty-tools-debuginfo-2.41.1-160000.3.1 * libuuid1-debuginfo-2.41.1-160000.3.1 * libmount1-debuginfo-2.41.1-160000.3.1 * libsmartcols1-debuginfo-2.41.1-160000.3.1 * libsmartcols1-2.41.1-160000.3.1 * python313-libmount-debuginfo-2.41.1-160000.3.1 * libblkid1-debuginfo-2.41.1-160000.3.1 * libsmartcols-devel-2.41.1-160000.3.1 * util-linux-tty-tools-2.41.1-160000.3.1 * lastlog2-debuginfo-2.41.1-160000.3.1 * libmount-devel-static-2.41.1-160000.3.1 * libfdisk1-debuginfo-2.41.1-160000.3.1 * libsmartcols-devel-static-2.41.1-160000.3.1 * python-libmount-debugsource-2.41.1-160000.3.1 * uuidd-debuginfo-2.41.1-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * util-linux-lang-2.41.1-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-14104.html * https://www.suse.com/security/cve/CVE-2026-3184.html * https://bugzilla.suse.com/show_bug.cgi?id=1222465 * https://bugzilla.suse.com/show_bug.cgi?id=1254666 * https://bugzilla.suse.com/show_bug.cgi?id=1258859 * https://jira.suse.com/browse/PED-13682 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:38:37 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:38:37 -0000 Subject: SUSE-SU-2026:1508-1: important: Security update for podman Message-ID: <177677511752.7580.9684989348892232508@5a8be24cc32b> # Security update for podman Announcement ID: SUSE-SU-2026:1508-1 Release Date: 2026-04-21T06:27:09Z Rating: important References: Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that can now be installed. ## Description: This update for podman rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1508=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1508=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1508=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1508=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1508=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1508=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1508=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1508=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1508=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * podmansh-4.9.5-150400.4.67.1 * podman-remote-4.9.5-150400.4.67.1 * podman-remote-debuginfo-4.9.5-150400.4.67.1 * podman-4.9.5-150400.4.67.1 * podman-debuginfo-4.9.5-150400.4.67.1 * openSUSE Leap 15.4 (noarch) * podman-docker-4.9.5-150400.4.67.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * podman-4.9.5-150400.4.67.1 * podman-remote-4.9.5-150400.4.67.1 * podman-debuginfo-4.9.5-150400.4.67.1 * podman-remote-debuginfo-4.9.5-150400.4.67.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * podman-4.9.5-150400.4.67.1 * podman-remote-4.9.5-150400.4.67.1 * podman-debuginfo-4.9.5-150400.4.67.1 * podman-remote-debuginfo-4.9.5-150400.4.67.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * podman-4.9.5-150400.4.67.1 * podman-remote-4.9.5-150400.4.67.1 * podman-debuginfo-4.9.5-150400.4.67.1 * podman-remote-debuginfo-4.9.5-150400.4.67.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * podman-4.9.5-150400.4.67.1 * podman-remote-4.9.5-150400.4.67.1 * podman-debuginfo-4.9.5-150400.4.67.1 * podman-remote-debuginfo-4.9.5-150400.4.67.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * podman-4.9.5-150400.4.67.1 * podman-remote-4.9.5-150400.4.67.1 * podman-debuginfo-4.9.5-150400.4.67.1 * podman-remote-debuginfo-4.9.5-150400.4.67.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * podman-docker-4.9.5-150400.4.67.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * podman-4.9.5-150400.4.67.1 * podman-remote-4.9.5-150400.4.67.1 * podman-debuginfo-4.9.5-150400.4.67.1 * podman-remote-debuginfo-4.9.5-150400.4.67.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * podman-docker-4.9.5-150400.4.67.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * podman-4.9.5-150400.4.67.1 * podman-remote-4.9.5-150400.4.67.1 * podman-debuginfo-4.9.5-150400.4.67.1 * podman-remote-debuginfo-4.9.5-150400.4.67.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * podman-docker-4.9.5-150400.4.67.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * podman-4.9.5-150400.4.67.1 * podman-remote-4.9.5-150400.4.67.1 * podman-debuginfo-4.9.5-150400.4.67.1 * podman-remote-debuginfo-4.9.5-150400.4.67.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * podman-docker-4.9.5-150400.4.67.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:00 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:37:00 -0000 Subject: SUSE-RU-2026:21156-1: moderate: Recommended update for perf Message-ID: <177677502016.7580.16969965050024956704@5a8be24cc32b> # Recommended update for perf Announcement ID: SUSE-RU-2026:21156-1 Release Date: 2026-04-09T12:33:13Z Rating: moderate References: * jsc#PED-13611 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that contains one feature can now be installed. ## Description: This update for perf fixes the following issues: * perf list: Add IBM z17 event descriptions (jsc#PED-13611) * perf hwmon_pmu: Fix uninitialized variable warning * perf test: Fix a build error in x86 topdown test * perf bpf-utils: Harden get_bpf_prog_info_linear * perf bpf-utils: Constify bpil_array_desc * perf bpf-event: Fix use-after-free in synthesis * perf symbol-minimal: Fix ehdr reading in filename__read_build_id * perf record: Cache build-ID of hit DSOs only * perf topdown: Use attribute to see an event is a topdown metic or slots * perf hwmon_pmu: Avoid shortening hwmon PMU name * perf tests bp_account: Fix leaked file descriptor * perf sched: Fix memory leaks in 'perf sched latency' * perf sched: Use RC_CHK_EQUAL() to compare pointers * perf sched: Fix memory leaks for evsel: priv in timehist * perf sched: Fix thread leaks in 'perf sched timehist' * perf sched: Fix memory leaks in 'perf sched map' * perf sched: Free thread: priv using priv_destructor * perf sched: Make sure it frees the usage string * perf dso: Add missed dso__put to dso__load_kcore * perf parse-events: Set default GH modifier properly * perf trace: Remove --map-dump documentation ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-506=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-506=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * perf-6.12.0.git15644.f62e448821-160000.1.1 * perf-debuginfo-6.12.0.git15644.f62e448821-160000.1.1 * perf-debugsource-6.12.0.git15644.f62e448821-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * perf-6.12.0.git15644.f62e448821-160000.1.1 * perf-debuginfo-6.12.0.git15644.f62e448821-160000.1.1 * perf-debugsource-6.12.0.git15644.f62e448821-160000.1.1 ## References: * https://jira.suse.com/browse/PED-13611 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:32:16 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:32:16 -0000 Subject: SUSE-SU-2026:21210-1: important: Security update for google-cloud-sap-agent Message-ID: <177677473682.7580.18036320609758265082@5a8be24cc32b> # Security update for google-cloud-sap-agent Announcement ID: SUSE-SU-2026:21210-1 Release Date: 2026-04-17T07:57:12Z Rating: important References: * bsc#1259816 * bsc#1260265 Cross-References: * CVE-2026-33186 CVSS scores: * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 (bsc#1259816): * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260265). Changes for google-cloud-sap-agent: * Collect WLM metric `saphanasr_angi_installed` for all OS types. * Failure handling: Remove attached disks from CG * OTE Status checks for Parameter Manager (SAP Agent) * Log command-line arguments in configureinstance. * Minor multiple reliability checks and fixes * Support custom names for restored disks in hanadiskrestore * Add newAttachedDisks to Restorer and detach them on restore failure. * Improve unit test coverage for hanadiskbackup and hanadiskrestore * Add support for refresh point tests. * Refactor HANA disk backup user validation and physical path parsing. * Auto updated compiled protocol buffers * Parameter Manager integration to SAP Agent * Modify collection logic for SAP HANA configuration files. * Update workloadagentplatform version and hash. * Update WLM Validation metrics to support SAPHanaSR-angi setups. * Increment agent version to 3.12. * SAP HANA Pacemaker failover settings can come from `SAPHanaController`. * Update collection for WLM metric `ha_sr_hook_configured`. * Refactor CheckTopology to accept instance number. * Use constant backoff with max retries for snapshot group operations. * Update workloadagentplatform dependency ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-578=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-578=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * google-cloud-sap-agent-3.12-160000.1.1 * google-cloud-sap-agent-debuginfo-3.12-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * google-cloud-sap-agent-3.12-160000.1.1 * google-cloud-sap-agent-debuginfo-3.12-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1259816 * https://bugzilla.suse.com/show_bug.cgi?id=1260265 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:09 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:37:09 -0000 Subject: SUSE-SU-2026:21153-1: important: Security update for pgvector Message-ID: <177677502955.7580.8780439411940674747@5a8be24cc32b> # Security update for pgvector Announcement ID: SUSE-SU-2026:21153-1 Release Date: 2026-04-09T12:27:13Z Rating: important References: * bsc#1258945 Cross-References: * CVE-2026-3172 CVSS scores: * CVE-2026-3172 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-3172 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for pgvector fixes the following issue: Update to pgvector 0.8.2: * CVE-2026-3172: Buffer overflow in parallel HNSW index build (bsc#1258945). Changelog: * Fixed Index Searches in EXPLAIN output for Postgres 18 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-504=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-504=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * postgresql15-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql13-pgvector-debugsource-0.8.2-160000.1.1 * postgresql14-pgvector-debugsource-0.8.2-160000.1.1 * postgresql13-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql17-pgvector-debugsource-0.8.2-160000.1.1 * postgresql16-pgvector-debugsource-0.8.2-160000.1.1 * postgresql16-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql18-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql18-pgvector-debugsource-0.8.2-160000.1.1 * postgresql13-pgvector-0.8.2-160000.1.1 * postgresql14-pgvector-0.8.2-160000.1.1 * postgresql15-pgvector-0.8.2-160000.1.1 * postgresql17-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql18-pgvector-0.8.2-160000.1.1 * postgresql17-pgvector-0.8.2-160000.1.1 * postgresql16-pgvector-0.8.2-160000.1.1 * postgresql14-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql15-pgvector-debugsource-0.8.2-160000.1.1 * pgvector-devel-0.8.2-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * postgresql15-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql13-pgvector-debugsource-0.8.2-160000.1.1 * postgresql14-pgvector-debugsource-0.8.2-160000.1.1 * postgresql13-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql17-pgvector-debugsource-0.8.2-160000.1.1 * postgresql16-pgvector-debugsource-0.8.2-160000.1.1 * postgresql16-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql18-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql18-pgvector-debugsource-0.8.2-160000.1.1 * postgresql13-pgvector-0.8.2-160000.1.1 * postgresql14-pgvector-0.8.2-160000.1.1 * postgresql15-pgvector-0.8.2-160000.1.1 * postgresql17-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql18-pgvector-0.8.2-160000.1.1 * postgresql17-pgvector-0.8.2-160000.1.1 * postgresql16-pgvector-0.8.2-160000.1.1 * postgresql14-pgvector-debuginfo-0.8.2-160000.1.1 * postgresql15-pgvector-debugsource-0.8.2-160000.1.1 * pgvector-devel-0.8.2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3172.html * https://bugzilla.suse.com/show_bug.cgi?id=1258945 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:12 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:37:12 -0000 Subject: SUSE-RU-2026:21152-1: moderate: Recommended update for chrony Message-ID: <177677503247.7580.18240240310341703145@5a8be24cc32b> # Recommended update for chrony Announcement ID: SUSE-RU-2026:21152-1 Release Date: 2026-04-09T12:15:37Z Rating: moderate References: * bsc#1246544 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for chrony fixes the following issues: * Add maxunreach option to limit selection of unreachable sources * Add -u option to chronyc to drop root privileges (default chronyc user is set by configure script) * Fix refclock extpps option to work on Linux greater than or equal to 6.15 * Validate refclock samples for reachability updates * Fix racy socket creation (bsc#1246544) * Add opencommands directive to select remote monitoring commands * Add interval option to driftfile directive * Add waitsynced and waitunsynced options to local directive * Add sanity checks for integer values in configuration * Add support for systemd Type=notify service * Add RTC refclock driver * Allow PHC refclock to be specified with network interface name * Do not require multiple refclock samples per poll to simplify filter configuration * Keep refclock reachable when dropping samples with large delay * Improve quantile-based filtering to adapt faster to larger delay * Improve logging of selection failures * Detect clock interference from other processes * Try to reopen message log (-l option) on cyclelogs command * Fix sourcedir reloading to not multiply sources * Fix tracking offset after failed clock step * Drop support for NTS with Nettle less than 3.6 and GnuTLS less than 3.6.14 * Drop support for building without POSIX threads ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-503=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-503=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * chrony-4.8-160000.1.1 * chrony-debugsource-4.8-160000.1.1 * chrony-debuginfo-4.8-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * chrony-pool-suse-4.8-160000.1.1 * chrony-pool-empty-4.8-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * chrony-4.8-160000.1.1 * chrony-debugsource-4.8-160000.1.1 * chrony-debuginfo-4.8-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * chrony-pool-suse-4.8-160000.1.1 * chrony-pool-empty-4.8-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1246544 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:16 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:37:16 -0000 Subject: SUSE-SU-2026:21151-1: moderate: Security update for zlib Message-ID: <177677503697.7580.3401693062767686494@5a8be24cc32b> # Security update for zlib Announcement ID: SUSE-SU-2026:21151-1 Release Date: 2026-04-09T11:18:30Z Rating: moderate References: * bsc#1216378 * bsc#1258392 Cross-References: * CVE-2023-45853 * CVE-2026-27171 CVSS scores: * CVE-2023-45853 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45853 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-45853 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27171 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-27171 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27171 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27171 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for zlib fixes the following issues: * CVE-2026-27171: Fixed an infinite loop via the crc32_combine64 and crc32_combine_gen64 functions due to missing checks for negative lengths. (bsc#1258392) * CVE-2023-45853: Fixed an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6. (bsc#1216378) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-502=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-502=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * minizip-devel-1.2.13-160000.3.1 * zlib-devel-static-1.2.13-160000.3.1 * libminizip1-1.2.13-160000.3.1 * libz1-debuginfo-1.2.13-160000.3.1 * zlib-devel-1.2.13-160000.3.1 * libz1-1.2.13-160000.3.1 * libminizip1-debuginfo-1.2.13-160000.3.1 * zlib-debugsource-1.2.13-160000.3.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * libz1-x86-64-v3-debuginfo-1.2.13-160000.3.1 * libminizip1-x86-64-v3-debuginfo-1.2.13-160000.3.1 * libminizip1-x86-64-v3-1.2.13-160000.3.1 * libz1-x86-64-v3-1.2.13-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * minizip-devel-1.2.13-160000.3.1 * zlib-devel-static-1.2.13-160000.3.1 * libminizip1-1.2.13-160000.3.1 * libz1-debuginfo-1.2.13-160000.3.1 * zlib-devel-1.2.13-160000.3.1 * libz1-1.2.13-160000.3.1 * libminizip1-debuginfo-1.2.13-160000.3.1 * zlib-debugsource-1.2.13-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * libz1-x86-64-v3-debuginfo-1.2.13-160000.3.1 * libminizip1-x86-64-v3-debuginfo-1.2.13-160000.3.1 * libminizip1-x86-64-v3-1.2.13-160000.3.1 * libz1-x86-64-v3-1.2.13-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45853.html * https://www.suse.com/security/cve/CVE-2026-27171.html * https://bugzilla.suse.com/show_bug.cgi?id=1216378 * https://bugzilla.suse.com/show_bug.cgi?id=1258392 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:30:27 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:30:27 -0000 Subject: SUSE-RU-2026:21223-1: moderate: Recommended update for patterns-sap Message-ID: <177677462784.7580.12204266076453753518@5a8be24cc32b> # Recommended update for patterns-sap Announcement ID: SUSE-RU-2026:21223-1 Release Date: 2026-04-17T15:13:18Z Rating: moderate References: * bsc#1259071 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for patterns-sap fixes the following issues: * add package 'polkit' to pattern 'minimal_sap' (bsc#1259071) * move 'libltdl7' from pattern 'base_sap_server' to pattern 'minimal_sap' * add package 'ansible-trento' to pattern 'automation' * use sentence style capitalization everywhere for consistency * minor updates for some entries ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-587=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-587=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * patterns-sap-base_sap_server-16.0-160000.5.1 * patterns-sap-monitoring-16.0-160000.5.1 * patterns-sap-DB-16.0-160000.5.1 * patterns-sap-debug-16.0-160000.5.1 * patterns-sap-addons-16.0-160000.5.1 * patterns-sap-automation-16.0-160000.5.1 * patterns-sap-security-16.0-160000.5.1 * patterns-sap-trento_server-16.0-160000.5.1 * patterns-sap-APP-16.0-160000.5.1 * patterns-sap-HADB-16.0-160000.5.1 * patterns-sap-gui-16.0-160000.5.1 * patterns-sap-HAAPP-16.0-160000.5.1 * patterns-sap-minimal_sap-16.0-160000.5.1 * patterns-sap-sap_all-16.0-160000.5.1 * patterns-sap-trento_agent-16.0-160000.5.1 * SUSE Linux Enterprise Server 16.0 (ppc64le x86_64) * patterns-sap-minimal_sap-16.0-160000.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1259071 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:18 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:37:18 -0000 Subject: SUSE-RU-2026:21150-1: moderate: Recommended update for patterns-base Message-ID: <177677503829.7580.3725134209159956076@5a8be24cc32b> # Recommended update for patterns-base Announcement ID: SUSE-RU-2026:21150-1 Release Date: 2026-04-09T11:14:21Z Rating: moderate References: * jsc#PED-262 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that contains one feature can now be installed. ## Description: This update for patterns-base fixes the following issues: Changes in patterns-base: * Drop biosdevname, this is being replaced by systemd predictable network interface naming (jsc#PED-262). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-500=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-500=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * patterns-base-selinux-20241218-160000.3.1 * patterns-base-minimal_base-20241218-160000.3.1 * patterns-base-bootloader-20241218-160000.3.1 * patterns-base-documentation-20241218-160000.3.1 * patterns-base-fips-20241218-160000.3.1 * patterns-base-enhanced_base-20241218-160000.3.1 * patterns-base-sw_management-20241218-160000.3.1 * patterns-base-base-20241218-160000.3.1 * patterns-base-basesystem-20241218-160000.3.1 * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * patterns-base-kernel_livepatching-20241218-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * patterns-base-selinux-20241218-160000.3.1 * patterns-base-minimal_base-20241218-160000.3.1 * patterns-base-bootloader-20241218-160000.3.1 * patterns-base-documentation-20241218-160000.3.1 * patterns-base-fips-20241218-160000.3.1 * patterns-base-enhanced_base-20241218-160000.3.1 * patterns-base-sw_management-20241218-160000.3.1 * patterns-base-base-20241218-160000.3.1 * patterns-base-basesystem-20241218-160000.3.1 * patterns-base-kernel_livepatching-20241218-160000.3.1 ## References: * https://jira.suse.com/browse/PED-262 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:30:14 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:30:14 -0000 Subject: SUSE-RU-2026:21225-1: moderate: Recommended update for read-only-root-fs Message-ID: <177677461478.7580.18146984021902527318@5a8be24cc32b> # Recommended update for read-only-root-fs Announcement ID: SUSE-RU-2026:21225-1 Release Date: 2026-04-10T12:55:21Z Rating: moderate References: * bsc#1252892 Affected Products: * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for read-only-root-fs fixes the following issues: * Add patch to fix workaround for read-only / subvolumes (bsc#1252892) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-524=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * read-only-root-fs-volatile-1.0+git20250708.3eed5de-160000.4.1 * read-only-root-fs-1.0+git20250708.3eed5de-160000.4.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1252892 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:26 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:37:26 -0000 Subject: SUSE-RU-2026:21148-1: moderate: Recommended update for adaptec-firmware Message-ID: <177677504699.7580.3907959562485581203@5a8be24cc32b> # Recommended update for adaptec-firmware Announcement ID: SUSE-RU-2026:21148-1 Release Date: 2026-04-09T11:10:42Z Rating: moderate References: * bsc#1252133 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for adaptec-firmware fixes the following issues: Changes in adaptec-firmware: * use %license tag [bsc#1252133] ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-498=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-498=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * adaptec-firmware-1.35-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * adaptec-firmware-1.35-160000.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1252133 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:33 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:37:33 -0000 Subject: SUSE-RU-2026:21146-1: moderate: Recommended update for umoci Message-ID: <177677505397.7580.9593360576147378832@5a8be24cc32b> # Recommended update for umoci Announcement ID: SUSE-RU-2026:21146-1 Release Date: 2026-04-09T11:07:42Z Rating: moderate References: * bsc#1249450 * bsc#1252025 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has two fixes can now be installed. ## Description: This update for umoci fixes the following issues: Update to umoci v0.6.0. Upstream changelog is available from bsc#1252025 * umoci now has automatic SOURCE_DATE_EPOCH support, improving the reproducibility of generated images. * "umoci stat" now provides more information about theimage. * "umoci config" now supports --platform.variant (architecture variants) which resolves issues with images on ARM (on ARM systems, "umoci new" will auto- fill the host CPU variant). Update to umoci v0.5.1. Upstream changelog is available from bsc#1249450 * For images with an empty index.json, umoci will no longer incorrectly set the manifests entry to null. * umoci will now produce an error for images with negative-sized descriptors, based on recent discussions in the upstream image-spec. * Use go:embed to fill umoci --version information from VERSION. * Stop using oci-image-tools for integration tests, instead use some smoke tests and the docker-library-maintained meta-scripts. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-496=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-496=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * umoci-0.6.0-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * umoci-0.6.0-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1249450 * https://bugzilla.suse.com/show_bug.cgi?id=1252025 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:50 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:37:50 -0000 Subject: SUSE-SU-2026:21143-1: important: Security update for tar Message-ID: <177677507059.7580.4928633695793860227@5a8be24cc32b> # Security update for tar Announcement ID: SUSE-SU-2026:21143-1 Release Date: 2026-04-07T14:58:07Z Rating: important References: * bsc#1246399 * bsc#1246607 Cross-References: * CVE-2025-45582 CVSS scores: * CVE-2025-45582 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-45582 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-45582 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for tar fixes the following issue: Security issue: * CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). Non security issue: * Fixes tar creating invalid tarballs when used with --delete (bsc#1246607) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-486=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-486=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * tar-debuginfo-1.35-160000.3.1 * tar-debugsource-1.35-160000.3.1 * tar-rmt-1.35-160000.3.1 * tar-1.35-160000.3.1 * tar-rmt-debuginfo-1.35-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * tar-backup-scripts-1.35-160000.3.1 * tar-lang-1.35-160000.3.1 * tar-doc-1.35-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * tar-debuginfo-1.35-160000.3.1 * tar-debugsource-1.35-160000.3.1 * tar-rmt-1.35-160000.3.1 * tar-1.35-160000.3.1 * tar-rmt-debuginfo-1.35-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * tar-backup-scripts-1.35-160000.3.1 * tar-lang-1.35-160000.3.1 * tar-doc-1.35-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-45582.html * https://bugzilla.suse.com/show_bug.cgi?id=1246399 * https://bugzilla.suse.com/show_bug.cgi?id=1246607 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:53 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:37:53 -0000 Subject: SUSE-SU-2026:21142-1: moderate: Security update for libtasn1 Message-ID: <177677507372.7580.8096282925252182200@5a8be24cc32b> # Security update for libtasn1 Announcement ID: SUSE-SU-2026:21142-1 Release Date: 2026-04-07T14:33:05Z Rating: moderate References: * bsc#1256341 Cross-References: * CVE-2025-13151 CVSS scores: * CVE-2025-13151 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-13151 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-13151 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for libtasn1 fixes the following issues: * CVE-2025-13151: lack of validation of input data size leads to stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-484=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-484=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libtasn1-tools-4.21.0-160000.1.1 * libtasn1-tools-debuginfo-4.21.0-160000.1.1 * libtasn1-6-debuginfo-4.21.0-160000.1.1 * libtasn1-devel-4.21.0-160000.1.1 * libtasn1-debugsource-4.21.0-160000.1.1 * libtasn1-6-4.21.0-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libtasn1-tools-4.21.0-160000.1.1 * libtasn1-tools-debuginfo-4.21.0-160000.1.1 * libtasn1-6-debuginfo-4.21.0-160000.1.1 * libtasn1-devel-4.21.0-160000.1.1 * libtasn1-debugsource-4.21.0-160000.1.1 * libtasn1-6-4.21.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13151.html * https://bugzilla.suse.com/show_bug.cgi?id=1256341 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:31:59 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:31:59 -0000 Subject: SUSE-FU-2026:21213-1: moderate: Feature update for libgcrypt, libgpg-error Message-ID: <177677471965.7580.11105126295062965810@5a8be24cc32b> # Feature update for libgcrypt, libgpg-error Announcement ID: SUSE-FU-2026:21213-1 Release Date: 2026-04-17T10:37:59Z Rating: moderate References: * jsc#PED-15059 * jsc#PED-15907 Cross-References: * CVE-2024-2236 CVSS scores: * CVE-2024-2236 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-2236 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability and contains two features can now be installed. ## Description: This update for libgcrypt, libgpg-error fixes the following issues: Update libgcrypt to 1.12.1 (jsc#PED-15059): * New and extended interfaces: * Allow access to the FIPS service indicator via the new GCRYCTL_FIPS_SERVICE_INDICATOR control code. * Make SHA-1 non-FIPS internally for the 1.12 API * Add Dilithium (ML-DSA) support * Support optional random-override and support byte string data * Bug fixes: * Use secure MPI in _gcry_mpi_assign_limb_space. * Use CSIDL_COMMON_APPDATA instead of /etc on Windows. * Apply a Kyber patch from upstream. * Fix an edge case in Jent initialization. * mceliece6688128f: Fix stack overflow crash on win64/wine * Performance: * Many performance improvements, new AVX512 implementations for modern CPUs. * Add RISC-V Zbb+Zbc implementation of CRC. * Add RISC-V vector cryptography implementation of GHASH, AES, SHA256 and SHA512 * Add AVX2 and AVX512 code paths to improve CRC. For a full changelog, see: https://dev.gnupg.org/source/libgcrypt/history/master/;libgcrypt-1.12.0 Update libgpg-error to 1.58: * New src/gpg-error.c (main): New command "fconcat". * Rename src/spawn-posix.c (struct gpgrt_spawn_actions): Rename the field to ENVP. * argparse: Use SYSCONFDIR for /etc. * Update translations for Portugese, German * src/estream.c (parse_mode): Fix parsing of "share". Set sysopen flag. * syscfg: Add 64-bit Android arch. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-585=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-585=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libgpg-error-devel-debuginfo-1.58-160000.1.1 * libgpg-error-debugsource-1.58-160000.1.1 * libgpg-error0-1.58-160000.1.1 * libgcrypt-debugsource-1.12.1-160000.1.1 * libgpg-error-devel-1.58-160000.1.1 * libgcrypt20-1.12.1-160000.1.1 * libgcrypt-devel-1.12.1-160000.1.1 * libgcrypt-devel-debuginfo-1.12.1-160000.1.1 * libgcrypt20-debuginfo-1.12.1-160000.1.1 * libgpg-error0-debuginfo-1.58-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * libgcrypt20-x86-64-v3-debuginfo-1.12.1-160000.1.1 * libgcrypt-devel-x86-64-v3-1.12.1-160000.1.1 * libgcrypt20-x86-64-v3-1.12.1-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libgpg-error-devel-debuginfo-1.58-160000.1.1 * libgpg-error-debugsource-1.58-160000.1.1 * libgpg-error0-1.58-160000.1.1 * libgcrypt-debugsource-1.12.1-160000.1.1 * libgpg-error-devel-1.58-160000.1.1 * libgcrypt20-1.12.1-160000.1.1 * libgcrypt-devel-1.12.1-160000.1.1 * libgcrypt-devel-debuginfo-1.12.1-160000.1.1 * libgcrypt20-debuginfo-1.12.1-160000.1.1 * libgpg-error0-debuginfo-1.58-160000.1.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * libgcrypt20-x86-64-v3-debuginfo-1.12.1-160000.1.1 * libgcrypt-devel-x86-64-v3-1.12.1-160000.1.1 * libgcrypt20-x86-64-v3-1.12.1-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-2236.html * https://jira.suse.com/browse/PED-15059 * https://jira.suse.com/browse/PED-15907 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:37:59 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:37:59 -0000 Subject: SUSE-SU-2026:21140-1: important: Security update for tigervnc Message-ID: <177677507947.7580.15116488421224281858@5a8be24cc32b> # Security update for tigervnc Announcement ID: SUSE-SU-2026:21140-1 Release Date: 2026-04-07T12:21:55Z Rating: important References: * bsc#1260871 Cross-References: * CVE-2026-34352 CVSS scores: * CVE-2026-34352 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L * CVE-2026-34352 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34352 ( NVD ): 8.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for tigervnc fixes the following issues: * CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-479=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-479=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * tigervnc-debuginfo-1.15.0-160000.3.1 * tigervnc-debugsource-1.15.0-160000.3.1 * tigervnc-1.15.0-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * tigervnc-selinux-1.15.0-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * tigervnc-debuginfo-1.15.0-160000.3.1 * tigervnc-debugsource-1.15.0-160000.3.1 * tigervnc-1.15.0-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * tigervnc-selinux-1.15.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34352.html * https://bugzilla.suse.com/show_bug.cgi?id=1260871 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:32:35 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:32:35 -0000 Subject: SUSE-SU-2026:21208-1: important: Security update for dovecot24 Message-ID: <177677475574.7580.8831518784064040746@5a8be24cc32b> # Security update for dovecot24 Announcement ID: SUSE-SU-2026:21208-1 Release Date: 2026-04-16T13:10:27Z Rating: important References: * bsc#1260893 * bsc#1260894 * bsc#1260895 * bsc#1260896 * bsc#1260897 * bsc#1260898 * bsc#1260899 * bsc#1260900 * bsc#1260901 * bsc#1260902 Cross-References: * CVE-2025-59028 * CVE-2025-59031 * CVE-2025-59032 * CVE-2026-24031 * CVE-2026-27855 * CVE-2026-27856 * CVE-2026-27857 * CVE-2026-27858 * CVE-2026-27859 * CVE-2026-27860 CVSS scores: * CVE-2025-59028 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-59028 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-59031 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-59031 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-59031 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-59032 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-59032 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59032 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-24031 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-24031 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L * CVE-2026-24031 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L * CVE-2026-27855 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-27855 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-27855 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-27856 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-27856 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-27856 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-27857 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-27857 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27857 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27858 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27858 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27858 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27859 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-27859 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27859 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-27860 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-27860 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-27860 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for dovecot24 fixes the following issues: * Update to v2.4.3 * CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins (bsc#1260894). * CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing (bsc#1260895). * CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client (bsc#1260902). * CVE-2026-24031: SQL injection possible if auth_username_chars is configured empty. Fixed escaping to always happen. v2.4 regression (bsc#1260896). * CVE-2026-27855: OTP driver vulnerable to replay attack (bsc#1260900). * CVE-2026-27856: Doveadm credentials were not checked using timing-safe checking function (bsc#1260899). * CVE-2026-27857: sending excessive parenthesis causes imap-login to use excessive memory (bsc#1260898). * CVE-2026-27858: pigeonhole: managesieve-login can allocate large amount of memory during authentication (bsc#1260901). * CVE-2026-27859: excessive RFC 2231 MIME parameters in email would can excessive CPU usage (bsc#1260897). * CVE-2026-27860: LDAP query injection possible if auth_username_chars is configured empty. Fixed escaping to always happen. v2.4 regression (bsc#1260893). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-577=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-577=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * dovecot24-fts-solr-2.4.3-160000.1.1 * dovecot24-fts-solr-debuginfo-2.4.3-160000.1.1 * dovecot24-debugsource-2.4.3-160000.1.1 * dovecot24-backend-mysql-debuginfo-2.4.3-160000.1.1 * dovecot24-backend-pgsql-debuginfo-2.4.3-160000.1.1 * dovecot24-backend-sqlite-debuginfo-2.4.3-160000.1.1 * dovecot24-devel-2.4.3-160000.1.1 * dovecot24-fts-debuginfo-2.4.3-160000.1.1 * dovecot24-backend-pgsql-2.4.3-160000.1.1 * dovecot24-debuginfo-2.4.3-160000.1.1 * dovecot24-fts-2.4.3-160000.1.1 * dovecot24-2.4.3-160000.1.1 * dovecot24-backend-mysql-2.4.3-160000.1.1 * dovecot24-backend-sqlite-2.4.3-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * dovecot24-fts-solr-2.4.3-160000.1.1 * dovecot24-fts-solr-debuginfo-2.4.3-160000.1.1 * dovecot24-debugsource-2.4.3-160000.1.1 * dovecot24-backend-mysql-debuginfo-2.4.3-160000.1.1 * dovecot24-backend-pgsql-debuginfo-2.4.3-160000.1.1 * dovecot24-backend-sqlite-debuginfo-2.4.3-160000.1.1 * dovecot24-devel-2.4.3-160000.1.1 * dovecot24-fts-debuginfo-2.4.3-160000.1.1 * dovecot24-backend-pgsql-2.4.3-160000.1.1 * dovecot24-debuginfo-2.4.3-160000.1.1 * dovecot24-fts-2.4.3-160000.1.1 * dovecot24-2.4.3-160000.1.1 * dovecot24-backend-mysql-2.4.3-160000.1.1 * dovecot24-backend-sqlite-2.4.3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59028.html * https://www.suse.com/security/cve/CVE-2025-59031.html * https://www.suse.com/security/cve/CVE-2025-59032.html * https://www.suse.com/security/cve/CVE-2026-24031.html * https://www.suse.com/security/cve/CVE-2026-27855.html * https://www.suse.com/security/cve/CVE-2026-27856.html * https://www.suse.com/security/cve/CVE-2026-27857.html * https://www.suse.com/security/cve/CVE-2026-27858.html * https://www.suse.com/security/cve/CVE-2026-27859.html * https://www.suse.com/security/cve/CVE-2026-27860.html * https://bugzilla.suse.com/show_bug.cgi?id=1260893 * https://bugzilla.suse.com/show_bug.cgi?id=1260894 * https://bugzilla.suse.com/show_bug.cgi?id=1260895 * https://bugzilla.suse.com/show_bug.cgi?id=1260896 * https://bugzilla.suse.com/show_bug.cgi?id=1260897 * https://bugzilla.suse.com/show_bug.cgi?id=1260898 * https://bugzilla.suse.com/show_bug.cgi?id=1260899 * https://bugzilla.suse.com/show_bug.cgi?id=1260900 * https://bugzilla.suse.com/show_bug.cgi?id=1260901 * https://bugzilla.suse.com/show_bug.cgi?id=1260902 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:38:35 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:38:35 -0000 Subject: SUSE-SU-2026:1509-1: important: Security update for nodejs22 Message-ID: <177677511565.7580.17862472937671904889@5a8be24cc32b> # Security update for nodejs22 Announcement ID: SUSE-SU-2026:1509-1 Release Date: 2026-04-21T06:27:54Z Rating: important References: * bsc#1256576 * bsc#1260455 * bsc#1260462 * bsc#1260463 * bsc#1260480 * bsc#1260482 * bsc#1260494 Cross-References: * CVE-2026-21637 * CVE-2026-21710 * CVE-2026-21713 * CVE-2026-21714 * CVE-2026-21715 * CVE-2026-21716 * CVE-2026-21717 CVSS scores: * CVE-2026-21637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21713 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21714 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21715 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21716 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21716 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21717 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves seven vulnerabilities can now be installed. ## Description: This update for nodejs22 fixes the following issues: Update to version 22.22.2. * CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request (bsc#1260494). * CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file permissions and ownership on already-open file descriptors (bsc#1260462). * CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482). * CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480). * CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and potential MAC forgery (bsc#1260463). * CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455). * CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1509=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1509=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1509=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * npm22-22.22.2-150600.13.15.1 * nodejs22-debugsource-22.22.2-150600.13.15.1 * nodejs22-22.22.2-150600.13.15.1 * corepack22-22.22.2-150600.13.15.1 * nodejs22-devel-22.22.2-150600.13.15.1 * nodejs22-debuginfo-22.22.2-150600.13.15.1 * openSUSE Leap 15.6 (noarch) * nodejs22-docs-22.22.2-150600.13.15.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * npm22-22.22.2-150600.13.15.1 * nodejs22-debugsource-22.22.2-150600.13.15.1 * nodejs22-22.22.2-150600.13.15.1 * nodejs22-devel-22.22.2-150600.13.15.1 * nodejs22-debuginfo-22.22.2-150600.13.15.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * nodejs22-docs-22.22.2-150600.13.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * npm22-22.22.2-150600.13.15.1 * nodejs22-debugsource-22.22.2-150600.13.15.1 * nodejs22-22.22.2-150600.13.15.1 * nodejs22-devel-22.22.2-150600.13.15.1 * nodejs22-debuginfo-22.22.2-150600.13.15.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * nodejs22-docs-22.22.2-150600.13.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21637.html * https://www.suse.com/security/cve/CVE-2026-21710.html * https://www.suse.com/security/cve/CVE-2026-21713.html * https://www.suse.com/security/cve/CVE-2026-21714.html * https://www.suse.com/security/cve/CVE-2026-21715.html * https://www.suse.com/security/cve/CVE-2026-21716.html * https://www.suse.com/security/cve/CVE-2026-21717.html * https://bugzilla.suse.com/show_bug.cgi?id=1256576 * https://bugzilla.suse.com/show_bug.cgi?id=1260455 * https://bugzilla.suse.com/show_bug.cgi?id=1260462 * https://bugzilla.suse.com/show_bug.cgi?id=1260463 * https://bugzilla.suse.com/show_bug.cgi?id=1260480 * https://bugzilla.suse.com/show_bug.cgi?id=1260482 * https://bugzilla.suse.com/show_bug.cgi?id=1260494 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:38:40 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:38:40 -0000 Subject: SUSE-RU-2026:1506-1: important: Recommended update for libtcnative-1-0 Message-ID: <177677512082.7580.15370242393232386978@5a8be24cc32b> # Recommended update for libtcnative-1-0 Announcement ID: SUSE-RU-2026:1506-1 Release Date: 2026-04-21T00:32:57Z Rating: important References: * bsc#1260322 Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update for libtcnative-1-0 fixes the following issues: Update to 1.3.7: [bsc#1260322] 1.3.7: * Code: Refactor access to ASN1_OCTET_STRING to use setters to fix errors when building against the latest OpenSSL 4.0.x code. (markt) * Fix: Fix the handling of OCSP requests with multiple responder URIs. (jfclere) * Fix: Fix the handling of TRY_AGAIN responses to OCSP requests when soft fail is disabled. (jfclere) 1.3.6: * Code: Refactor the SSL_CONF_CTX clean-up to align it with SSL and SSL_CTX clean-up. (markt) * Fix: Fix unnecessarily large buffer allocation when filtering out NULL and export ciphers. Pull requests #35 and #37 provided by chenjp. (markt) * Fix: Fix a potential memory leak if an invalid OpenSSLConf is provided. Pull request #36 provided by chenjp. (markt) * Fix: Refactor setting of OCSP configuration defaults as they were only applied if the SSL_CONF_CTX was used. While one was always used with Tomcat versions aware of the OCSP configuration options, one was not always used with Tomcat versions unaware of the OCSP configuration options leading to OCSP verification being enabled by default when the expected behaviour was disabled by default. (markt) * Code: Improve performance for the rare case of handling large OCSP responses. (markt) 1.3.5: * Fix: Remove group write permissions from the files in the tar.gz source archive. (markt) * Fix: Clear an additional error in OCSP processing that was preventing OCSP soft fail working with Tomcat's APR/native connector. (markt) 1.3.4: * Fix: Correct logic error that prevented the configuration of TLS 1.3 cipher suites. (markt) 1.3.3: * Fix: Refactor the addition of TLS 1.3 cipher suite configuration to avoid a regression when running a version of Tomcat that pre-dates this change. (markt) 1.3.2: * Update: Rename configure.in to modern autotools style configure.ac. (rjung) * Update: Fix incomplete updates for autotools generated files during "buildconf" execution. (rjung) * Update: Improve quoting in tcnative.m4. (rjung) * Update: Update the minimum version of autoconf for releasing to 2.68. (rjung) * Fix: Fix the autoconf warnings when creating a release. (markt) * Update: The Windows binaries are now built with OCSP support enabled by default. (markt) * Add: Include a nonce with OCSP requests and check the nonce, if any, in the OCSP response. (markt) * Add: Expand verification of OCSP responses. (markt) * Add: Add the ability to configure the OCSP checks to soft-fail - i.e. if the responder cannot be contacted or fails to respond in a timely manner the OCSP check will not fail. (markt) * Add: Add a configurable timeout to the writing of OCSP requests and reading of OCSP responses. (markt) * Add: Add the ability to control the OCSP verification flags. (markt) * Add: Configure TLS 1.3 connections from the provided ciphers list as well as connections using TLS 1.2 and earlier. Pull request provided by gastush. (markt) * Update: Update the Windows build environment to use Visual Studio 2022. (markt) 1.3.1: * Fix: Fix a crash on Windows when SSLContext.setCACertificate() is invoked with a null value for caCertificateFile and a non-null value for caCertificatePath until properly addressed with https://github.com/openssl/openssl/issues/24416. (michaelo) * Add: Use ERR_error_string_n with a definite buffer length as a named constant. (schultz) * Add: Ensure local reference capacity is available when creating new arrays and Strings. (schultz) * Update: Update the recommended minimum version of OpenSSL to 3.0.14. (markt) 1.3.0: * Update: Drop useless compile.optimize option. (michaelo) * Update: Align Java source compile configuration with Tomcat. (michaelo) * Fix: Fix version set in DLL header on Windows. (michaelo) * Update: Remove an unreachable if condition around CRLs in sslcontext.c. (michaelo) * Fix: 67818: When calling SSL.setVerify() or SSLContext.setVerify(), the default verify paths are no longer set. Only the explicitly configured trust store, if any, will be used. (michaelo) * Update: Update the minimum supported version of LibreSSL to 3.5.2. (markt) * Design: Remove NPN support as NPN was never standardised and browser support was removed in 2019. (markt) * Update: Update the recommended minimum version of OpenSSL to 3.0.13. (markt) Update to 1.2.39: * Fix: 67061: If the insecure optionalNoCA certificate verification mode is used, disable OCSP if enabled else client certificates from unknown certificate authorities will be rejected. * Update: Update the recommended minimum version of OpenSSL to 3.0.11. * Change the hardcoded libopenssl-1_1-devel to libopenssl-devel for distributions that have the right version ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1506=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1506=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1506=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1506=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1506=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1506=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1506=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1506=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libtcnative-1-0-debugsource-1.3.7-150200.6.5.1 * libtcnative-1-0-devel-1.3.7-150200.6.5.1 * libtcnative-1-0-debuginfo-1.3.7-150200.6.5.1 * libtcnative-1-0-1.3.7-150200.6.5.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libtcnative-1-0-debugsource-1.3.7-150200.6.5.1 * libtcnative-1-0-devel-1.3.7-150200.6.5.1 * libtcnative-1-0-debuginfo-1.3.7-150200.6.5.1 * libtcnative-1-0-1.3.7-150200.6.5.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libtcnative-1-0-debugsource-1.3.7-150200.6.5.1 * libtcnative-1-0-devel-1.3.7-150200.6.5.1 * libtcnative-1-0-debuginfo-1.3.7-150200.6.5.1 * libtcnative-1-0-1.3.7-150200.6.5.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libtcnative-1-0-debugsource-1.3.7-150200.6.5.1 * libtcnative-1-0-devel-1.3.7-150200.6.5.1 * libtcnative-1-0-debuginfo-1.3.7-150200.6.5.1 * libtcnative-1-0-1.3.7-150200.6.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libtcnative-1-0-debugsource-1.3.7-150200.6.5.1 * libtcnative-1-0-devel-1.3.7-150200.6.5.1 * libtcnative-1-0-debuginfo-1.3.7-150200.6.5.1 * libtcnative-1-0-1.3.7-150200.6.5.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libtcnative-1-0-debugsource-1.3.7-150200.6.5.1 * libtcnative-1-0-devel-1.3.7-150200.6.5.1 * libtcnative-1-0-debuginfo-1.3.7-150200.6.5.1 * libtcnative-1-0-1.3.7-150200.6.5.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libtcnative-1-0-debugsource-1.3.7-150200.6.5.1 * libtcnative-1-0-devel-1.3.7-150200.6.5.1 * libtcnative-1-0-debuginfo-1.3.7-150200.6.5.1 * libtcnative-1-0-1.3.7-150200.6.5.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libtcnative-1-0-debugsource-1.3.7-150200.6.5.1 * libtcnative-1-0-devel-1.3.7-150200.6.5.1 * libtcnative-1-0-debuginfo-1.3.7-150200.6.5.1 * libtcnative-1-0-1.3.7-150200.6.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1260322 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:30:47 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:30:47 -0000 Subject: SUSE-SU-2026:21221-1: important: Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) Message-ID: <177677464757.7580.16184086630217930920@5a8be24cc32b> # Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21221-1 Release Date: 2026-04-13T09:00:08Z Rating: important References: * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves six vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-538=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-538=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_2-debugsource-5-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-5-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-debuginfo-5-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-SLE16_Update_2-debugsource-5-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-5-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-debuginfo-5-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:32:54 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:32:54 -0000 Subject: SUSE-SU-2026:21204-1: important: Security update for bind Message-ID: <177677477455.7580.4961803955657095718@5a8be24cc32b> # Security update for bind Announcement ID: SUSE-SU-2026:21204-1 Release Date: 2026-04-16T10:12:49Z Rating: important References: * bsc#1259202 * bsc#1260567 * bsc#1260568 * bsc#1260569 * bsc#1260805 Cross-References: * CVE-2026-1519 * CVE-2026-3104 * CVE-2026-3119 * CVE-2026-3591 CVSS scores: * CVE-2026-1519 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-1519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3104 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-3104 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3104 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-3119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3119 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-3591 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3591 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3591 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves four vulnerabilities and has one fix can now be installed. ## Description: This update for bind fixes the following issues: * Update to release 9.20.21 * CVE-2026-1519: maliciously crafted DNSSEC-validated zone can lead to denial of service (bsc#1260805). * CVE-2026-3104: memory leak in code preparing DNSSEC proofs of non-existence allows for DoS (bsc#1260567). * CVE-2026-3119: authenticated queries containing a TKEY record may cause `named` to terminate unexpectedly (bsc#1260568). * CVE-2026-3591: stack use-after-return flaw in SIG(0) handling code allows for ACL bypass (bsc#1260569). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-573=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-573=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * bind-modules-ldap-9.20.21-160000.1.1 * bind-modules-sqlite3-9.20.21-160000.1.1 * bind-modules-sqlite3-debuginfo-9.20.21-160000.1.1 * bind-utils-debuginfo-9.20.21-160000.1.1 * bind-modules-generic-9.20.21-160000.1.1 * bind-modules-perl-9.20.21-160000.1.1 * bind-utils-9.20.21-160000.1.1 * bind-debuginfo-9.20.21-160000.1.1 * bind-debugsource-9.20.21-160000.1.1 * bind-modules-perl-debuginfo-9.20.21-160000.1.1 * bind-modules-generic-debuginfo-9.20.21-160000.1.1 * bind-modules-ldap-debuginfo-9.20.21-160000.1.1 * bind-modules-mysql-9.20.21-160000.1.1 * bind-9.20.21-160000.1.1 * bind-modules-mysql-debuginfo-9.20.21-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * bind-doc-9.20.21-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * bind-modules-ldap-9.20.21-160000.1.1 * bind-modules-sqlite3-9.20.21-160000.1.1 * bind-modules-sqlite3-debuginfo-9.20.21-160000.1.1 * bind-utils-debuginfo-9.20.21-160000.1.1 * bind-modules-generic-9.20.21-160000.1.1 * bind-modules-perl-9.20.21-160000.1.1 * bind-utils-9.20.21-160000.1.1 * bind-debuginfo-9.20.21-160000.1.1 * bind-debugsource-9.20.21-160000.1.1 * bind-modules-perl-debuginfo-9.20.21-160000.1.1 * bind-modules-generic-debuginfo-9.20.21-160000.1.1 * bind-modules-ldap-debuginfo-9.20.21-160000.1.1 * bind-modules-mysql-9.20.21-160000.1.1 * bind-9.20.21-160000.1.1 * bind-modules-mysql-debuginfo-9.20.21-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * bind-doc-9.20.21-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1519.html * https://www.suse.com/security/cve/CVE-2026-3104.html * https://www.suse.com/security/cve/CVE-2026-3119.html * https://www.suse.com/security/cve/CVE-2026-3591.html * https://bugzilla.suse.com/show_bug.cgi?id=1259202 * https://bugzilla.suse.com/show_bug.cgi?id=1260567 * https://bugzilla.suse.com/show_bug.cgi?id=1260568 * https://bugzilla.suse.com/show_bug.cgi?id=1260569 * https://bugzilla.suse.com/show_bug.cgi?id=1260805 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:23 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:33:23 -0000 Subject: SUSE-SU-2026:21197-1: important: Security update for vim Message-ID: <177677480352.7580.16473280664415757412@5a8be24cc32b> # Security update for vim Announcement ID: SUSE-SU-2026:21197-1 Release Date: 2026-04-15T08:17:27Z Rating: important References: * bsc#1259985 * bsc#1261191 * bsc#1261271 Cross-References: * CVE-2026-33412 * CVE-2026-34714 * CVE-2026-34982 CVSS scores: * CVE-2026-33412 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33412 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N * CVE-2026-33412 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2026-34714 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-34714 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34714 ( NVD ): 9.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L * CVE-2026-34714 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34982 ( SUSE ): 8.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-34982 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N * CVE-2026-34982 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: * CVE-2026-33412: command injection via newline in glob() (bsc#1259985). * CVE-2026-34714: crafted file can allow code execution (bsc#1261191). * CVE-2026-34982: Vim modeline bypass via various options (bsc#1261271). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-563=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-563=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.2.0280-160000.1.1 * xxd-debuginfo-9.2.0280-160000.1.1 * xxd-9.2.0280-160000.1.1 * vim-debuginfo-9.2.0280-160000.1.1 * vim-small-debuginfo-9.2.0280-160000.1.1 * gvim-9.2.0280-160000.1.1 * vim-small-9.2.0280-160000.1.1 * gvim-debuginfo-9.2.0280-160000.1.1 * vim-9.2.0280-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * vim-data-common-9.2.0280-160000.1.1 * vim-data-9.2.0280-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * vim-debugsource-9.2.0280-160000.1.1 * xxd-debuginfo-9.2.0280-160000.1.1 * xxd-9.2.0280-160000.1.1 * vim-debuginfo-9.2.0280-160000.1.1 * vim-small-debuginfo-9.2.0280-160000.1.1 * gvim-9.2.0280-160000.1.1 * vim-small-9.2.0280-160000.1.1 * gvim-debuginfo-9.2.0280-160000.1.1 * vim-9.2.0280-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * vim-data-common-9.2.0280-160000.1.1 * vim-data-9.2.0280-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33412.html * https://www.suse.com/security/cve/CVE-2026-34714.html * https://www.suse.com/security/cve/CVE-2026-34982.html * https://bugzilla.suse.com/show_bug.cgi?id=1259985 * https://bugzilla.suse.com/show_bug.cgi?id=1261191 * https://bugzilla.suse.com/show_bug.cgi?id=1261271 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:25 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:33:25 -0000 Subject: SUSE-RU-2026:21196-1: moderate: Recommended update for python-gcemetadata, regionServiceClientConfigGCE Message-ID: <177677480522.7580.12876370849202529530@5a8be24cc32b> # Recommended update for python-gcemetadata, regionServiceClientConfigGCE Announcement ID: SUSE-RU-2026:21196-1 Release Date: 2026-04-15T07:28:46Z Rating: moderate References: * jsc#PED-8944 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that contains one feature can now be installed. ## Description: This update for python-gcemetadata, regionServiceClientConfigGCE fixes the following issues: Changes in python-gcemetadata: * Update to version 1.1.0 (jsc#PED-8944) * Add licenses option in identity command. * Switch the SLE 15 build setup to also use a macro instead of referencing in SLE 16 and later distributions and Python 3.11 for SLE 15 SP4 and Changes in regionServiceClientConfigGCE: * Update to version 5.2.0: * Drop the if condition for gcemetdata requirement * Update to version 5.1.0: * Add licenses info in the metdata * Accomodate build setup: * SLE 16 python-requests requires SSL v3 certificates. Update 2 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-562=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-562=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * regionServiceClientConfigGCE-5.2.0-160000.1.1 * python-gcemetadata-1.1.0-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * regionServiceClientConfigGCE-5.2.0-160000.1.1 * python-gcemetadata-1.1.0-160000.1.1 ## References: * https://jira.suse.com/browse/PED-8944 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:31:46 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:31:46 -0000 Subject: SUSE-SU-2026:21216-1: important: Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) Message-ID: <177677470623.7580.240554947862281693@5a8be24cc32b> # Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21216-1 Release Date: 2026-04-10T08:13:56Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-517=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-517=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_9-default-3-160000.1.1 * kernel-livepatch-6_12_0-160000_9-default-debuginfo-3-160000.1.1 * kernel-livepatch-SLE16_Update_4-debugsource-3-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-6_12_0-160000_9-default-3-160000.1.1 * kernel-livepatch-6_12_0-160000_9-default-debuginfo-3-160000.1.1 * kernel-livepatch-SLE16_Update_4-debugsource-3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:32:45 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:32:45 -0000 Subject: SUSE-RU-2026:21205-1: moderate: Recommended update for update-bootloader Message-ID: <177677476594.7580.10710431959677334185@5a8be24cc32b> # Recommended update for update-bootloader Announcement ID: SUSE-RU-2026:21205-1 Release Date: 2026-04-16T10:19:06Z Rating: moderate References: * bsc#1246013 * jsc#PED-14833 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that contains one feature and has one fix can now be installed. ## Description: This update for update-bootloader fixes the following issues: * Upgrade to version 1.27: * adjust spec file for immutable mode: switch to using * systemd-tmpfiles (jsc#PED-14833) * Upgrade to version 1.26: * adjust test cases * Implement config for BLS (bsc#1246013) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-574=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-574=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * update-bootloader-1.27-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * update-bootloader-1.27-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1246013 * https://jira.suse.com/browse/PED-14833 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:32:11 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:32:11 -0000 Subject: SUSE-SU-2026:21211-1: important: Security update for xwayland Message-ID: <177677473197.7580.17060904370017483107@5a8be24cc32b> # Security update for xwayland Announcement ID: SUSE-SU-2026:21211-1 Release Date: 2026-04-17T07:57:12Z Rating: important References: * bsc#1260922 * bsc#1260923 * bsc#1260924 * bsc#1260925 * bsc#1260926 Cross-References: * CVE-2026-33999 * CVE-2026-34000 * CVE-2026-34001 * CVE-2026-34002 * CVE-2026-34003 CVSS scores: * CVE-2026-33999 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-33999 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34000 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34000 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34001 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-34001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-34002 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34002 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2026-34003 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-34003 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for xwayland fixes the following issues: * CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap() (bsc#1260922). * CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom() (bsc#1260923). * CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence() (bsc#1260924). * CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap() (bsc#1260925). * CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes() (bsc#1260926). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-583=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-583=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * xwayland-debugsource-24.1.6-160000.4.1 * xwayland-24.1.6-160000.4.1 * xwayland-debuginfo-24.1.6-160000.4.1 * xwayland-devel-24.1.6-160000.4.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * xwayland-debugsource-24.1.6-160000.4.1 * xwayland-24.1.6-160000.4.1 * xwayland-debuginfo-24.1.6-160000.4.1 * xwayland-devel-24.1.6-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33999.html * https://www.suse.com/security/cve/CVE-2026-34000.html * https://www.suse.com/security/cve/CVE-2026-34001.html * https://www.suse.com/security/cve/CVE-2026-34002.html * https://www.suse.com/security/cve/CVE-2026-34003.html * https://bugzilla.suse.com/show_bug.cgi?id=1260922 * https://bugzilla.suse.com/show_bug.cgi?id=1260923 * https://bugzilla.suse.com/show_bug.cgi?id=1260924 * https://bugzilla.suse.com/show_bug.cgi?id=1260925 * https://bugzilla.suse.com/show_bug.cgi?id=1260926 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:32:42 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:32:42 -0000 Subject: SUSE-SU-2026:21206-1: important: Security update for LibVNCServer Message-ID: <177677476290.7580.6495573567134938020@5a8be24cc32b> # Security update for LibVNCServer Announcement ID: SUSE-SU-2026:21206-1 Release Date: 2026-04-16T13:10:27Z Rating: important References: * bsc#1260429 * bsc#1260431 Cross-References: * CVE-2026-32853 * CVE-2026-32854 CVSS scores: * CVE-2026-32853 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32853 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2026-32853 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-32853 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H * CVE-2026-32854 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-32854 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-32854 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-32854 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for LibVNCServer fixes the following issues: * CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service (bsc#1260431). * CVE-2026-32854: crafted HTTP requests can cause a denial of service (bsc#1260429). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-575=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-575=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * LibVNCServer-debugsource-0.9.14-160000.4.1 * libvncclient1-0.9.14-160000.4.1 * libvncserver1-0.9.14-160000.4.1 * libvncclient1-debuginfo-0.9.14-160000.4.1 * libvncserver1-debuginfo-0.9.14-160000.4.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * LibVNCServer-debugsource-0.9.14-160000.4.1 * libvncclient1-0.9.14-160000.4.1 * libvncserver1-0.9.14-160000.4.1 * libvncclient1-debuginfo-0.9.14-160000.4.1 * libvncserver1-debuginfo-0.9.14-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-32853.html * https://www.suse.com/security/cve/CVE-2026-32854.html * https://bugzilla.suse.com/show_bug.cgi?id=1260429 * https://bugzilla.suse.com/show_bug.cgi?id=1260431 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:32:03 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:32:03 -0000 Subject: SUSE-SU-2026:21212-1: important: Security update for freeipmi Message-ID: <177677472304.7580.16562212138112742034@5a8be24cc32b> # Security update for freeipmi Announcement ID: SUSE-SU-2026:21212-1 Release Date: 2026-04-17T08:18:30Z Rating: important References: * bsc#1260414 Cross-References: * CVE-2026-33554 CVSS scores: * CVE-2026-33554 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-33554 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2026-33554 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for freeipmi fixes the following issue: * CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses (bsc#1260414). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-579=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-579=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libfreeipmi17-debuginfo-1.6.15-160000.3.1 * libipmidetect0-debuginfo-1.6.15-160000.3.1 * freeipmi-1.6.15-160000.3.1 * freeipmi-bmc-watchdog-debuginfo-1.6.15-160000.3.1 * freeipmi-ipmidetectd-1.6.15-160000.3.1 * libipmidetect0-1.6.15-160000.3.1 * libfreeipmi17-1.6.15-160000.3.1 * freeipmi-ipmiseld-debuginfo-1.6.15-160000.3.1 * freeipmi-ipmiseld-1.6.15-160000.3.1 * libipmimonitoring6-1.6.15-160000.3.1 * libipmiconsole2-1.6.15-160000.3.1 * freeipmi-bmc-watchdog-1.6.15-160000.3.1 * freeipmi-debuginfo-1.6.15-160000.3.1 * libipmiconsole2-debuginfo-1.6.15-160000.3.1 * freeipmi-ipmidetectd-debuginfo-1.6.15-160000.3.1 * libipmimonitoring6-debuginfo-1.6.15-160000.3.1 * freeipmi-devel-1.6.15-160000.3.1 * freeipmi-debugsource-1.6.15-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libfreeipmi17-debuginfo-1.6.15-160000.3.1 * libipmidetect0-debuginfo-1.6.15-160000.3.1 * freeipmi-1.6.15-160000.3.1 * freeipmi-bmc-watchdog-debuginfo-1.6.15-160000.3.1 * freeipmi-ipmidetectd-1.6.15-160000.3.1 * libipmidetect0-1.6.15-160000.3.1 * libfreeipmi17-1.6.15-160000.3.1 * freeipmi-ipmiseld-debuginfo-1.6.15-160000.3.1 * freeipmi-ipmiseld-1.6.15-160000.3.1 * libipmimonitoring6-1.6.15-160000.3.1 * libipmiconsole2-1.6.15-160000.3.1 * freeipmi-bmc-watchdog-1.6.15-160000.3.1 * freeipmi-debuginfo-1.6.15-160000.3.1 * libipmiconsole2-debuginfo-1.6.15-160000.3.1 * freeipmi-ipmidetectd-debuginfo-1.6.15-160000.3.1 * libipmimonitoring6-debuginfo-1.6.15-160000.3.1 * freeipmi-devel-1.6.15-160000.3.1 * freeipmi-debugsource-1.6.15-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33554.html * https://bugzilla.suse.com/show_bug.cgi?id=1260414 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:31:23 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:31:23 -0000 Subject: SUSE-SU-2026:21218-1: important: Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16) Message-ID: <177677468304.7580.17850626186227387090@5a8be24cc32b> # Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21218-1 Release Date: 2026-04-13T02:13:48Z Rating: important References: * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues The following security issues were fixed: * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-532=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-532=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_5-debugsource-2-160000.1.1 * kernel-livepatch-6_12_0-160000_26-default-2-160000.1.1 * kernel-livepatch-6_12_0-160000_26-default-debuginfo-2-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-SLE16_Update_5-debugsource-2-160000.1.1 * kernel-livepatch-6_12_0-160000_26-default-2-160000.1.1 * kernel-livepatch-6_12_0-160000_26-default-debuginfo-2-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:30:58 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:30:58 -0000 Subject: SUSE-SU-2026:21220-1: important: Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Message-ID: <177677465828.7580.8776430986943284724@5a8be24cc32b> # Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21220-1 Release Date: 2026-04-13T03:16:46Z Rating: important References: * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.8.1 fixes various security issues The following security issues were fixed: * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-534=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-534=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_3-debugsource-4-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-debuginfo-4-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-4-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-SLE16_Update_3-debugsource-4-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-debuginfo-4-160000.1.1 * kernel-livepatch-6_12_0-160000_8-default-4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:32:38 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:32:38 -0000 Subject: SUSE-RU-2026:21207-1: important: Recommended update for opensm Message-ID: <177677475864.7580.1774580925302811282@5a8be24cc32b> # Recommended update for opensm Announcement ID: SUSE-RU-2026:21207-1 Release Date: 2026-04-16T13:10:27Z Rating: important References: * bsc#1258143 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for opensm fixes the following issue: Change in opensm: * Fix issue with NDR switches (bsc#1258143). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-576=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-576=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libosmvendor5-3.3.24-160000.3.1 * libopensm9-3.3.24-160000.3.1 * libosmcomp5-3.3.24-160000.3.1 * opensm-debugsource-3.3.24-160000.3.1 * opensm-devel-3.3.24-160000.3.1 * libosmcomp5-debuginfo-3.3.24-160000.3.1 * opensm-3.3.24-160000.3.1 * libosmvendor5-debuginfo-3.3.24-160000.3.1 * libopensm9-debuginfo-3.3.24-160000.3.1 * opensm-debuginfo-3.3.24-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libosmvendor5-3.3.24-160000.3.1 * libopensm9-3.3.24-160000.3.1 * libosmcomp5-3.3.24-160000.3.1 * opensm-debugsource-3.3.24-160000.3.1 * opensm-devel-3.3.24-160000.3.1 * libosmcomp5-debuginfo-3.3.24-160000.3.1 * opensm-3.3.24-160000.3.1 * libosmvendor5-debuginfo-3.3.24-160000.3.1 * libopensm9-debuginfo-3.3.24-160000.3.1 * opensm-debuginfo-3.3.24-160000.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1258143 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:31:57 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:31:57 -0000 Subject: SUSE-RU-2026:21214-1: moderate: Recommended update for selinux-policy Message-ID: <177677471759.7580.7279160961050406600@5a8be24cc32b> # Recommended update for selinux-policy Announcement ID: SUSE-RU-2026:21214-1 Release Date: 2026-04-17T14:33:24Z Rating: moderate References: * bsc#1239177 * bsc#1253682 * bsc#1259867 * bsc#1261535 * bsc#1262083 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has five fixes can now be installed. ## Description: This update for selinux-policy fixes the following issues: Changes in selinux-policy: * Move %postInstall to %post as fix until zypper moves to rpm single transaction backend by default (bsc#1262083) Update to version 20250627+git363.7b84cc7fb: * Add missing Nextcloud file contexts (bsc#1261535) * openSUSE uses /var/lib/php8 (bsc#1239177) * /srv/www/htdocs is DocumentRoot of apache (bsc#1261535) * Allow snapper sdbootutil plugin read kernel modules (bsc#1259867) * Allow named_filetrans_domain filetrans flatpak homedir (bsc#1253682) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-586=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-586=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * selinux-policy-targeted-20250627+git363.7b84cc7fb-160000.1.1 * selinux-policy-doc-20250627+git363.7b84cc7fb-160000.1.1 * selinux-policy-devel-20250627+git363.7b84cc7fb-160000.1.1 * selinux-policy-minimum-20250627+git363.7b84cc7fb-160000.1.1 * selinux-policy-sandbox-20250627+git363.7b84cc7fb-160000.1.1 * selinux-policy-20250627+git363.7b84cc7fb-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * selinux-policy-targeted-20250627+git363.7b84cc7fb-160000.1.1 * selinux-policy-doc-20250627+git363.7b84cc7fb-160000.1.1 * selinux-policy-devel-20250627+git363.7b84cc7fb-160000.1.1 * selinux-policy-minimum-20250627+git363.7b84cc7fb-160000.1.1 * selinux-policy-sandbox-20250627+git363.7b84cc7fb-160000.1.1 * selinux-policy-20250627+git363.7b84cc7fb-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1239177 * https://bugzilla.suse.com/show_bug.cgi?id=1253682 * https://bugzilla.suse.com/show_bug.cgi?id=1259867 * https://bugzilla.suse.com/show_bug.cgi?id=1261535 * https://bugzilla.suse.com/show_bug.cgi?id=1262083 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:49 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:33:49 -0000 Subject: SUSE-RU-2026:21190-1: moderate: Recommended update for gpg2 Message-ID: <177677482947.7580.3714044173697416720@5a8be24cc32b> # Recommended update for gpg2 Announcement ID: SUSE-RU-2026:21190-1 Release Date: 2026-04-14T12:02:42Z Rating: moderate References: * bsc#1251214 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for gpg2 fixes the following issues: Changes in gpg2: * Fix Y2K38 FTBFS: * gpg2 quick-key-manipulation test FTBFS-2038 (bsc#1251214) * Upstream issue: dev.gnupg.org/T8096 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-554=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-554=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * gpg2-tpm-debuginfo-2.5.5-160000.5.1 * gpg2-debugsource-2.5.5-160000.5.1 * gpg2-2.5.5-160000.5.1 * gpg2-tpm-2.5.5-160000.5.1 * gpg2-debuginfo-2.5.5-160000.5.1 * dirmngr-debuginfo-2.5.5-160000.5.1 * dirmngr-2.5.5-160000.5.1 * SUSE Linux Enterprise Server 16.0 (noarch) * gpg2-lang-2.5.5-160000.5.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * gpg2-tpm-debuginfo-2.5.5-160000.5.1 * gpg2-debugsource-2.5.5-160000.5.1 * gpg2-2.5.5-160000.5.1 * gpg2-tpm-2.5.5-160000.5.1 * gpg2-debuginfo-2.5.5-160000.5.1 * dirmngr-debuginfo-2.5.5-160000.5.1 * dirmngr-2.5.5-160000.5.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * gpg2-lang-2.5.5-160000.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1251214 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:34:13 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:34:13 -0000 Subject: SUSE-RU-2026:21185-1: moderate: Recommended update for libnvidia-egl-wayland, libnvidia-egl-x11 Message-ID: <177677485366.7580.6247581332059909449@5a8be24cc32b> # Recommended update for libnvidia-egl-wayland, libnvidia-egl-x11 Announcement ID: SUSE-RU-2026:21185-1 Release Date: 2026-04-13T15:02:47Z Rating: moderate References: * bsc#1247907 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for libnvidia-egl-wayland, libnvidia-egl-x11 fixes the following issues: Changes in libnvidia-egl-wayland: * update to version 1.1.22: * egl-wayland: remove extraneous call to wl_display_rou * update to version 1.1.21: * fix loading libdrm when wl_drm is not available * add FP16 DRM format - requires some fixes to the core driver to fully work however * fixed build against sle15-sp6/Leap 15.6 * update to version 1.1.20 (needed by 580.76.05 driver, bsc#1247907): * Add support for tegradisp-drm Changes in libnvidia-egl-x11: * bump version number to 1.0.5: * fix building on FreeBSD * rename a patch * update to v1.0.4 tarball/version 1.0.5: * fix attribute handling for eglCreateWindowPixmapSur * handle eglQuerySurface EGL_RENDER_BUFFER * enable implicit sync if we re-talking to the NVIDIA * updated to v1.0.2 tarball/version 1.0.3 (needed by 580.76.05 driver, bsc#1247907): * increment the version number to 1.0.3 * egl-x11: add support for tegradisp drm ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-546=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-546=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * libnvidia-egl-wayland1-1.1.22-160000.1.1 * libnvidia-egl-wayland-debugsource-1.1.22-160000.1.1 * libnvidia-egl-wayland-devel-1.1.22-160000.1.1 * libnvidia-egl-wayland1-debuginfo-1.1.22-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libnvidia-egl-x111-1.0.5-160000.1.1 * libnvidia-egl-x111-debuginfo-1.0.5-160000.1.1 * libnvidia-egl-x11-debugsource-1.0.5-160000.1.1 * libnvidia-egl-x11-devel-1.0.5-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * libnvidia-egl-wayland1-1.1.22-160000.1.1 * libnvidia-egl-wayland-debugsource-1.1.22-160000.1.1 * libnvidia-egl-wayland-devel-1.1.22-160000.1.1 * libnvidia-egl-wayland1-debuginfo-1.1.22-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libnvidia-egl-x111-1.0.5-160000.1.1 * libnvidia-egl-x111-debuginfo-1.0.5-160000.1.1 * libnvidia-egl-x11-debugsource-1.0.5-160000.1.1 * libnvidia-egl-x11-devel-1.0.5-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1247907 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:34:09 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:34:09 -0000 Subject: SUSE-SU-2026:21186-1: important: Security update for openssl-3 Message-ID: <177677484969.7580.16415983374949912647@5a8be24cc32b> # Security update for openssl-3 Announcement ID: SUSE-SU-2026:21186-1 Release Date: 2026-04-13T15:48:00Z Rating: important References: * bsc#1259652 * bsc#1260441 * bsc#1260442 * bsc#1260443 * bsc#1260444 * bsc#1260445 * bsc#1261678 * jsc#PED-15724 Cross-References: * CVE-2026-2673 * CVE-2026-28387 * CVE-2026-28388 * CVE-2026-28389 * CVE-2026-28390 * CVE-2026-31789 * CVE-2026-31790 CVSS scores: * CVE-2026-2673 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-2673 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-2673 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-31790 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves seven vulnerabilities and contains one feature can now be installed. ## Description: This update for openssl-3 fixes the following issues: Security issues fixed: * CVE-2026-2673: TLS 1.3 servers may choose unexpected key agreement group (bsc#1259652). * CVE-2026-28387: potential use-after-free in DANE client code (bsc#1260441). * CVE-2026-28388: NULL pointer dereference when processing a delta (bsc#1260442). * CVE-2026-28389: possible NULL pointer dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678). * CVE-2026-31789: heap buffer overflow in hexadecimal conversion (bsc#1260444). * CVE-2026-31790: incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). Other updates and bugfixes: * Enable MD2 in legacy provider (jsc#PED-15724). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-547=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-547=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * openssl-3-debugsource-3.5.0-160000.7.1 * openssl-3-debuginfo-3.5.0-160000.7.1 * libopenssl3-3.5.0-160000.7.1 * libopenssl-3-devel-3.5.0-160000.7.1 * libopenssl-3-fips-provider-3.5.0-160000.7.1 * libopenssl3-debuginfo-3.5.0-160000.7.1 * libopenssl-3-fips-provider-debuginfo-3.5.0-160000.7.1 * openssl-3-3.5.0-160000.7.1 * SUSE Linux Enterprise Server 16.0 (noarch) * openssl-3-doc-3.5.0-160000.7.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * libopenssl3-x86-64-v3-debuginfo-3.5.0-160000.7.1 * libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.7.1 * libopenssl3-x86-64-v3-3.5.0-160000.7.1 * libopenssl-3-fips-provider-x86-64-v3-debuginfo-3.5.0-160000.7.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * openssl-3-debugsource-3.5.0-160000.7.1 * openssl-3-debuginfo-3.5.0-160000.7.1 * libopenssl3-3.5.0-160000.7.1 * libopenssl-3-devel-3.5.0-160000.7.1 * libopenssl-3-fips-provider-3.5.0-160000.7.1 * libopenssl3-debuginfo-3.5.0-160000.7.1 * libopenssl-3-fips-provider-debuginfo-3.5.0-160000.7.1 * openssl-3-3.5.0-160000.7.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * libopenssl3-x86-64-v3-debuginfo-3.5.0-160000.7.1 * libopenssl-3-fips-provider-x86-64-v3-3.5.0-160000.7.1 * libopenssl3-x86-64-v3-3.5.0-160000.7.1 * libopenssl-3-fips-provider-x86-64-v3-debuginfo-3.5.0-160000.7.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * openssl-3-doc-3.5.0-160000.7.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2673.html * https://www.suse.com/security/cve/CVE-2026-28387.html * https://www.suse.com/security/cve/CVE-2026-28388.html * https://www.suse.com/security/cve/CVE-2026-28389.html * https://www.suse.com/security/cve/CVE-2026-28390.html * https://www.suse.com/security/cve/CVE-2026-31789.html * https://www.suse.com/security/cve/CVE-2026-31790.html * https://bugzilla.suse.com/show_bug.cgi?id=1259652 * https://bugzilla.suse.com/show_bug.cgi?id=1260441 * https://bugzilla.suse.com/show_bug.cgi?id=1260442 * https://bugzilla.suse.com/show_bug.cgi?id=1260443 * https://bugzilla.suse.com/show_bug.cgi?id=1260444 * https://bugzilla.suse.com/show_bug.cgi?id=1260445 * https://bugzilla.suse.com/show_bug.cgi?id=1261678 * https://jira.suse.com/browse/PED-15724 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:57 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:33:57 -0000 Subject: SUSE-RU-2026:21187-1: important: Recommended update for suse-migration-services Message-ID: <177677483798.7580.9629203536780576077@5a8be24cc32b> # Recommended update for suse-migration-services Announcement ID: SUSE-RU-2026:21187-1 Release Date: 2026-04-14T08:13:38Z Rating: important References: * bsc#1258174 * bsc#1258710 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has two fixes can now be installed. ## Description: This update for suse-migration-services fixes the following issues: * Bump version to 2.1.33: * Fix btrfs snapshot services Do not perform snapshot operations if the root filesystem is not btrfs based. * Fix lsm precheck Yet another test that doesn't restrict the scope of its runtime environment. * Fixed scope check for cpu_arch and check_ha * Update documentation * Bump version to2.1.32: * Fixed dataProvider setup in regionserverclnt.cfg In case of Azure the dataProvider information gets a device parameter added. This parameter must be added only once or not at all if it is already present. * Fixup import of certificates Only import if the file exists and is not a directory. We still assume that the file content of the pki trust directories matches certificates and not random non certificate files. * Fix consistency of regionserverclnt.cfg (bsc#1258710) * Bump version to 2.1.31: * Doc update Weave in more updates about the SLE 15 to 16 migration. While we have updated the code to support the migration to 16, the doc has been lacking appropriate references. * Fix setup of migration target for pre-check (bsc#1258174) * Make sure to fallback to scc.suse.com Systems that are not providing /etc/SUSEConnect should fallback to the default registration server which is https://scc.suse.com * Update test data * Switch reboot default * Be more explicit about kexec example Make it more explicit that Xen is only one example where kexec does not work. * Update documentation * Add wicked2nm-continue-migration to user doc * Move default container to official devel project * Fixed disk device name passed to azuremetadata * Fix SLES SAP migration 12 - 15 in public clouds * Fix python compatibility on latest zypper change * Manage documentation version Make sure documentation version and code version are consistently managed. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-549=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-549=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * suse-migration-pre-checks-2.1.33-160000.1.1 * suse-migration-services-common-2.1.33-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * suse-migration-pre-checks-2.1.33-160000.1.1 * suse-migration-services-common-2.1.33-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1258174 * https://bugzilla.suse.com/show_bug.cgi?id=1258710 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:35:48 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:35:48 -0000 Subject: SUSE-RU-2026:21174-1: moderate: Recommended update for ca-certificates-mozilla Message-ID: <177677494834.7580.6349804848779765147@5a8be24cc32b> # Recommended update for ca-certificates-mozilla Announcement ID: SUSE-RU-2026:21174-1 Release Date: 2026-04-11T08:22:09Z Rating: moderate References: * bsc#1258002 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for ca-certificates-mozilla fixes the following issues: * Updated to 2.84 state (bsc#1258002): * Removed: * Baltimore CyberTrust Root * CommScope Public Trust ECC Root-01 * CommScope Public Trust ECC Root-02 * CommScope Public Trust RSA Root-01 * CommScope Public Trust RSA Root-02 * DigiNotar Root CA * Added: * e-Szigno TLS Root CA 2023 * OISTE Client Root ECC G1 * OISTE Client Root RSA G1 * OISTE Server Root ECC G1 * OISTE Server Root RSA G1 * SwissSign RSA SMIME Root CA 2022 - 1 * SwissSign RSA TLS Root CA 2022 - 1 * TrustAsia SMIME ECC Root CA * TrustAsia SMIME RSA Root CA * TrustAsia TLS ECC Root CA * TrustAsia TLS RSA Root CA ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-531=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-531=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * ca-certificates-mozilla-prebuilt-2.84-160000.1.2 * ca-certificates-mozilla-2.84-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * ca-certificates-mozilla-prebuilt-2.84-160000.1.2 * ca-certificates-mozilla-2.84-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1258002 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:50 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:33:50 -0000 Subject: SUSE-RU-2026:21189-1: moderate: Recommended update for elfutils Message-ID: <177677483074.7580.2208337775928910340@5a8be24cc32b> # Recommended update for elfutils Announcement ID: SUSE-RU-2026:21189-1 Release Date: 2026-04-14T11:46:47Z Rating: moderate References: Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that can now be installed. ## Description: This update for elfutils fixes the following issues: * Move debuginfod homedir creation to tmpfiles.d ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-553=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-553=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libdebuginfod1-0.192-160000.3.1 * elfutils-debuginfod-debugsource-0.192-160000.3.1 * debuginfod-client-debuginfo-0.192-160000.3.1 * libelf1-0.192-160000.3.1 * elfutils-debuginfod-debuginfo-0.192-160000.3.1 * libasm1-debuginfo-0.192-160000.3.1 * elfutils-debuginfod-0.192-160000.3.1 * libelf1-debuginfo-0.192-160000.3.1 * libasm-devel-0.192-160000.3.1 * libdw1-debuginfo-0.192-160000.3.1 * libdebuginfod-devel-0.192-160000.3.1 * libelf-devel-0.192-160000.3.1 * debuginfod-profile-0.192-160000.3.1 * elfutils-debugsource-0.192-160000.3.1 * libdw-devel-0.192-160000.3.1 * libasm1-0.192-160000.3.1 * debuginfod-client-0.192-160000.3.1 * libdebuginfod1-debuginfo-0.192-160000.3.1 * elfutils-debuginfo-0.192-160000.3.1 * libdw1-0.192-160000.3.1 * elfutils-0.192-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * elfutils-lang-0.192-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libdebuginfod1-0.192-160000.3.1 * elfutils-debuginfod-debugsource-0.192-160000.3.1 * debuginfod-client-debuginfo-0.192-160000.3.1 * libelf1-0.192-160000.3.1 * elfutils-debuginfod-debuginfo-0.192-160000.3.1 * libasm1-debuginfo-0.192-160000.3.1 * elfutils-debuginfod-0.192-160000.3.1 * libelf1-debuginfo-0.192-160000.3.1 * libasm-devel-0.192-160000.3.1 * libdw1-debuginfo-0.192-160000.3.1 * libdebuginfod-devel-0.192-160000.3.1 * libelf-devel-0.192-160000.3.1 * debuginfod-profile-0.192-160000.3.1 * elfutils-debugsource-0.192-160000.3.1 * libdw-devel-0.192-160000.3.1 * libasm1-0.192-160000.3.1 * debuginfod-client-0.192-160000.3.1 * libdebuginfod1-debuginfo-0.192-160000.3.1 * elfutils-debuginfo-0.192-160000.3.1 * libdw1-0.192-160000.3.1 * elfutils-0.192-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * elfutils-lang-0.192-160000.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:35:29 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:35:29 -0000 Subject: SUSE-SU-2026:21178-1: important: Security update for python313 Message-ID: <177677492971.7580.715720984200510752@5a8be24cc32b> # Security update for python313 Announcement ID: SUSE-SU-2026:21178-1 Release Date: 2026-04-13T09:41:21Z Rating: important References: * bsc#1257181 * bsc#1259240 * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 * jsc#PED-15850 Cross-References: * CVE-2025-13462 * CVE-2026-1299 * CVE-2026-2297 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-1299 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-1299 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-2297 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-2297 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves seven vulnerabilities and contains one feature can now be installed. ## Description: This update for python313 fixes the following issues: Update to version 3.13.13. * CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). * CVE-2026-2297: incorrectly handled hook in FileLoader can lead to validation bypass (bsc#1259240). * CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). * CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). * CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-539=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-539=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * python313-base-3.13.13-160000.1.1 * python313-curses-3.13.13-160000.1.1 * python313-tk-debuginfo-3.13.13-160000.1.1 * python313-core-debugsource-3.13.13-160000.1.1 * python313-curses-debuginfo-3.13.13-160000.1.1 * python313-doc-devhelp-3.13.13-160000.1.1 * python313-dbm-3.13.13-160000.1.1 * python313-3.13.13-160000.1.1 * python313-debugsource-3.13.13-160000.1.1 * libpython3_13-1_0-3.13.13-160000.1.1 * libpython3_13-1_0-debuginfo-3.13.13-160000.1.1 * python313-tk-3.13.13-160000.1.1 * python313-devel-3.13.13-160000.1.1 * python313-devel-debuginfo-3.13.13-160000.1.1 * python313-debuginfo-3.13.13-160000.1.1 * python313-tools-3.13.13-160000.1.1 * python313-doc-3.13.13-160000.1.1 * python313-idle-3.13.13-160000.1.1 * python313-dbm-debuginfo-3.13.13-160000.1.1 * python313-base-debuginfo-3.13.13-160000.1.1 * SUSE Linux Enterprise Server 16.0 (x86_64) * python313-x86-64-v3-debuginfo-3.13.13-160000.1.1 * python313-base-x86-64-v3-3.13.13-160000.1.1 * libpython3_13-1_0-x86-64-v3-3.13.13-160000.1.1 * libpython3_13-1_0-x86-64-v3-debuginfo-3.13.13-160000.1.1 * python313-x86-64-v3-3.13.13-160000.1.1 * python313-base-x86-64-v3-debuginfo-3.13.13-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * python313-base-3.13.13-160000.1.1 * python313-curses-3.13.13-160000.1.1 * python313-tk-debuginfo-3.13.13-160000.1.1 * python313-core-debugsource-3.13.13-160000.1.1 * python313-curses-debuginfo-3.13.13-160000.1.1 * python313-doc-devhelp-3.13.13-160000.1.1 * python313-dbm-3.13.13-160000.1.1 * python313-3.13.13-160000.1.1 * python313-debugsource-3.13.13-160000.1.1 * libpython3_13-1_0-3.13.13-160000.1.1 * libpython3_13-1_0-debuginfo-3.13.13-160000.1.1 * python313-tk-3.13.13-160000.1.1 * python313-devel-3.13.13-160000.1.1 * python313-devel-debuginfo-3.13.13-160000.1.1 * python313-debuginfo-3.13.13-160000.1.1 * python313-tools-3.13.13-160000.1.1 * python313-doc-3.13.13-160000.1.1 * python313-idle-3.13.13-160000.1.1 * python313-dbm-debuginfo-3.13.13-160000.1.1 * python313-base-debuginfo-3.13.13-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * python313-x86-64-v3-debuginfo-3.13.13-160000.1.1 * python313-base-x86-64-v3-3.13.13-160000.1.1 * libpython3_13-1_0-x86-64-v3-3.13.13-160000.1.1 * libpython3_13-1_0-x86-64-v3-debuginfo-3.13.13-160000.1.1 * python313-x86-64-v3-3.13.13-160000.1.1 * python313-base-x86-64-v3-debuginfo-3.13.13-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-1299.html * https://www.suse.com/security/cve/CVE-2026-2297.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1257181 * https://bugzilla.suse.com/show_bug.cgi?id=1259240 * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 * https://jira.suse.com/browse/PED-15850 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:43 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:33:43 -0000 Subject: SUSE-SU-2026:21192-1: moderate: Security update for pam Message-ID: <177677482354.7580.8570337632087064096@5a8be24cc32b> # Security update for pam Announcement ID: SUSE-SU-2026:21192-1 Release Date: 2026-04-14T14:33:17Z Rating: moderate References: * bsc#1232234 Cross-References: * CVE-2024-10041 CVSS scores: * CVE-2024-10041 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2024-10041 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-10041 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for pam fixes the following issue: * CVE-2024-10041: libpam: vulnerable to read hashed password (bsc#1232234). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-556=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-556=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * pam-devel-1.7.1-160000.3.1 * pam-1.7.1-160000.3.1 * pam-extra-1.7.1-160000.3.1 * pam-debuginfo-1.7.1-160000.3.1 * pam-extra-debuginfo-1.7.1-160000.3.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x) * pam-full-src-debugsource-1.7.1-160000.3.1 * pam-debugsource-1.7.1-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * pam-doc-1.7.1-160000.3.1 * pam-manpages-1.7.1-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * pam-devel-1.7.1-160000.3.1 * pam-1.7.1-160000.3.1 * pam-extra-1.7.1-160000.3.1 * pam-debuginfo-1.7.1-160000.3.1 * pam-extra-debuginfo-1.7.1-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * pam-doc-1.7.1-160000.3.1 * pam-manpages-1.7.1-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le) * pam-full-src-debugsource-1.7.1-160000.3.1 * pam-debugsource-1.7.1-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-10041.html * https://bugzilla.suse.com/show_bug.cgi?id=1232234 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:34:16 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:34:16 -0000 Subject: SUSE-SU-2026:21184-1: critical: Security update for cockpit Message-ID: <177677485649.7580.6350063894921261399@5a8be24cc32b> # Security update for cockpit Announcement ID: SUSE-SU-2026:21184-1 Release Date: 2026-04-13T14:07:43Z Rating: critical References: * bsc#1261829 Cross-References: * CVE-2026-4631 CVSS scores: * CVE-2026-4631 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-4631 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-4631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for cockpit fixes the following issues: Changes in cockpit: * CVE-2026-4631: Avoid ssh command injection that could be used to cause remote code execution (bsc#1261829) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-545=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-545=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * cockpit-ws-debuginfo-354-160000.3.1 * cockpit-ws-354-160000.3.1 * cockpit-ws-selinux-354-160000.3.1 * cockpit-devel-354-160000.3.1 * cockpit-debugsource-354-160000.3.1 * cockpit-354-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * cockpit-firewalld-354-160000.3.1 * cockpit-networkmanager-354-160000.3.1 * cockpit-kdump-354-160000.3.1 * cockpit-storaged-354-160000.3.1 * cockpit-doc-354-160000.3.1 * cockpit-bridge-354-160000.3.1 * cockpit-packagekit-354-160000.3.1 * cockpit-selinux-354-160000.3.1 * cockpit-system-354-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * cockpit-ws-debuginfo-354-160000.3.1 * cockpit-ws-354-160000.3.1 * cockpit-ws-selinux-354-160000.3.1 * cockpit-devel-354-160000.3.1 * cockpit-debugsource-354-160000.3.1 * cockpit-354-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * cockpit-firewalld-354-160000.3.1 * cockpit-networkmanager-354-160000.3.1 * cockpit-kdump-354-160000.3.1 * cockpit-storaged-354-160000.3.1 * cockpit-doc-354-160000.3.1 * cockpit-bridge-354-160000.3.1 * cockpit-packagekit-354-160000.3.1 * cockpit-selinux-354-160000.3.1 * cockpit-system-354-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4631.html * https://bugzilla.suse.com/show_bug.cgi?id=1261829 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:35 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:33:35 -0000 Subject: SUSE-SU-2026:21195-1: important: Security update for go1.26-openssl Message-ID: <177677481506.7580.13924776430110470533@5a8be24cc32b> # Security update for go1.26-openssl Announcement ID: SUSE-SU-2026:21195-1 Release Date: 2026-04-14T15:36:24Z Rating: important References: * bsc#1255111 * bsc#1259264 * bsc#1259265 * bsc#1259266 * bsc#1259267 * bsc#1259268 * jsc#SLE-18320 Cross-References: * CVE-2026-25679 * CVE-2026-27137 * CVE-2026-27138 * CVE-2026-27139 * CVE-2026-27142 CVSS scores: * CVE-2026-25679 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-25679 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-25679 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27137 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27137 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-27137 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27138 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27138 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27138 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27139 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-27139 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-27139 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-27142 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27142 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-27142 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves five vulnerabilities, contains one feature and has one fix can now be installed. ## Description: This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 (bsc#1255111, jsc#SLE-18320): * CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264). * CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints (bsc#1259266). * CVE-2026-27138: crypto/x509: panic in name constraint checking for malformed certificates (bsc#1259267). * CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268). * CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265). Changelog: * Fix fips140only test in boring mode * Fix fips140 only test * Add GODEBUG=fips140=auto mode (#341) * go#77252 cmd/compile: miscompile of global array initialization * go#77407 os: Go 1.25.x regression on RemoveAll for windows * go#77474 cmd/go: CGO compilation fails after upgrading from Go 1.25.5 to 1.25.6 due to --define-variable flag in pkg-config * go#77529 cmd/fix, x/tools/go/analysis/passes/modernize: stringscut: OOB panic in indexArgValid analyzing "buf.Bytes()" call * go#77532 net/smtp: expiry date of localhostCert for testing is too short * go#77536 cmd/compile: internal compiler error: 'main.func1': not lowered: v15, Load STRUCT PTR SSA * go#77618 strings: HasSuffix doesn't work correctly for multibyte runes in go 1.26 * go#77623 cmd/compile: internal compiler error on : "tried to free an already free register" with generic function and type >= 192 bytes * go#77624 cmd/fix, x/tools/go/analysis/passes/modernize: stringsbuilder breaks code when combining two strings.Builders * go#77680 cmd/link: TestFlagW/-w_-linkmode=external fails on illumos * go#77766 cmd/fix,x/tools/go/analysis/passes/modernize: rangeint uses target platform's type in the range expression, breaking other platforms * go#77780 reflect: breaking change for reflect.Value.Interface behaviour * go#77786 cmd/compile: rewriteFixedLoad does not properly sign extend AuxInt * go#77803 cmd/fix,x/tools/go/analysis/passes/modernize: reflect.TypeOf(nil) transformed into reflect.TypeForuntyped nil * go#77804 cmd/fix,x/tools/go/analysis/passes/modernize: minmax breaks select statements * go#77805 cmd/fix, x/tools/go/analysis/passes/modernize: waitgroup leads to a compilation error * go#77807 cmd/fix,x/tools/go/analysis/passes/modernize: stringsbuilder ignores variables if they are used multiple times * go#77849 cmd/fix,x/tools/go/analysis/passes/modernize: stringscut rewrite changes behavior * go#77860 cmd/go: change go mod init default go directive back to 1.N * go#77899 cmd/fix, x/tools/go/analysis/passes/modernize: bad rangeint rewriting * go#77904 x/tools/go/analysis/passes/modernize: stringsbuilder breaks code when GenDecl is a block declaration * go1.26.0 (released 2026-02-10) is a major release of Go. go1.26.x minor releases will be provided through February 2027. https://github.com/golang/go/wiki/Go-Release-Cycle go1.26 arrives six months after Go 1.25. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. * Language change: The built-in new function, which creates a new variable, now allows its operand to be an expression, specifying the initial value of the variable. * Language change: The restriction that a generic type may not refer to itself in its type parameter list has been lifted. It is now possible to specify type constraints that refer to the generic type being constrained. * go command: The venerable go fix command has been completely revamped and is now the home of Go's modernizers. It provides a dependable, push-button way to update Go code bases to the latest idioms and core library APIs. The initial suite of modernizers includes dozens of fixers to make use of modern features of the Go language and library, as well a source-level inliner that allows users to automate their own API migrations using //go:fix inline directives. These fixers should not change the behavior of your program, so if you encounter any issues with a fix performed by go fix, please report it. * go command: The rewritten go fix command builds atop the exact same Go analysis framework as go vet. This means the same analyzers that provide diagnostics in go vet can be used to suggest and apply fixes in go fix. The go fix command's historical fixers, all of which were obsolete, have been removed. * go command: Two upcoming Go blog posts will go into more detail on modernizers, the inliner, and how to get the most out of go fix. * go command: go mod init now defaults to a lower go version in new go.mod files. Running go mod init using a toolchain of version 1.N.X will create a go.mod file specifying the Go version go 1.(N-1).0. Pre-release versions of 1.N will create go.mod files specifying go 1.(N-2).0. For example, the Go 1.26 release candidates will create go.mod files with go 1.24.0, and Go 1.26 and its minor releases will create go.mod files with go 1.25.0. This is intended to encourage the creation of modules that are compatible with currently supported versions of Go. For additional control over the go version in new modules, go mod init can be followed up with go get go at version. * go command: cmd/doc, and go tool doc have been deleted. go doc can be used as a replacement for go tool doc: it takes the same flags and arguments and has the same behavior. * pprof: The pprof tool web UI, enabled with the -http flag, now defaults to the flame graph view. The previous graph view is available in the "View -> Graph" menu, or via /ui/graph. * Runtime: The new Green Tea garbage collector, previously available as an experiment in Go 1.25, is now enabled by default after incorporating feedback. This garbage collector's design improves the performance of marking and scanning small objects through better locality and CPU scalability. Benchmark results vary, but we expect somewhere between a 10-- 40% reduction in garbage collection overhead in real-world programs that heavily use the garbage collector. Further improvements, on the order of 10% in garbage collection overhead, are expected when running on newer amd64-based CPU platforms (Intel Ice Lake or AMD Zen 4 and newer), as the garbage collector now leverages vector instructions for scanning small objects when possible. The new garbage collector may be disabled by setting GOEXPERIMENT=nogreenteagc at build time. This opt-out setting is expected to be removed in Go 1.27. If you disable the new garbage collector for any reason related to its performance or behavior, please file an issue. * Runtime: cgo: The baseline runtime overhead of cgo calls has been reduced by ~30%. * Runtime: Heap base address randomization: On 64-bit platforms, the runtime now randomizes the heap base address at startup. This is a security enhancement that makes it harder for attackers to predict memory addresses and exploit vulnerabilities when using cgo. This feature may be disabled by setting GOEXPERIMENT=norandomizedheapbase64 at build time. This opt-out setting is expected to be removed in a future Go release. * Runtime: Experimental goroutine leak profile: A new profile type that reports leaked goroutines is now available as an experiment. The new profile type, named goroutineleak in the runtime/pprof package, may be enabled by setting GOEXPERIMENT=goroutineleakprofile at build time. Enabling the experiment also makes the profile available as a net/http/pprof endpoint, /debug/pprof/goroutineleak. A leaked goroutine is a goroutine blocked on some concurrency primitive (channels, sync.Mutex, sync.Cond, etc) that cannot possibly become unblocked. The runtime detects leaked goroutines using the garbage collector: if a goroutine G is blocked on concurrency primitive P, and P is unreachable from any runnable goroutine or any goroutine that those could unblock, then P cannot be unblocked, so goroutine G can never wake up. While it is impossible to detect permanently blocked goroutines in all cases, this approach detects a large class of such leaks. Because this technique builds on reachability, the runtime may fail to identify leaks caused by blocking on concurrency primitives reachable through global variables or the local variables of runnable goroutines. Special thanks to Vlad Saioc at Uber for contributing this work. The underlying theory is presented in detail in a publication by Saioc et al. The implementation is production-ready, and is only considered an experiment for the purposes of collecting feedback on the API, specifically the choice to make it a new profile. The feature is also designed to not incur any additional run-time overhead unless it is actively in-use. We encourage users to try out the new feature in the Go playground, in tests, in continuous integration, and in production. We welcome additional feedback on the proposal issue. We aim to enable goroutine leak profiles by default in Go 1.27. * Compiler: The compiler can now allocate the backing store for slices on the stack in more situations, which improves performance. If this change is causing trouble, the bisect tool can be used to find the allocation causing trouble using the -compile=variablemake flag. All such new stack allocations can also be turned off using -gcflags=all=-d=variablemakehash=n. If you encounter issues with this optimization, please file an issue. * Linker: On 64-bit ARM-based Windows (the windows/arm64 port), the linker now supports internal linking mode of cgo programs, which can be requested with the -ldflags=-linkmode=internal flag. * Linker: There are several minor changes to executable files. These changes do not affect running Go programs. They may affect programs that analyze Go executables, and they may affect people who use external linking mode with custom linker scripts. * Linker: The moduledata structure is now in its own section, named .go.module. * Linker: The moduledata cutab field, which is a slice, now has the correct length; previously the length was four times too large. * Linker: The pcHeader found at the start of the .gopclntab section no longer records the start of the text section. That field is now always zero. * Linker: That pcHeader change was made so that the .gopclntab section no longer contains any relocations. On platforms that support relro, the section has moved from the relro segment to the rodata segment. * Linker: The funcdata symbols and the findfunctab have moved from the .rodata section to the .gopclntab section. * Linker: The .gosymtab section has been removed. It was previously always present but empty. * Linker: When using internal linking, ELF sections now appear in the section header list sorted by address. The previous order was somewhat unpredictable. * Linker: The references to section names here use the ELF names as seen on Linux and other systems. The Mach-O names as seen on Darwin start with a double underscore and do not contain any dots. * Bootstrap: As mentioned in the Go 1.24 release notes, Go 1.26 now requires Go 1.24.6 or later for bootstrap. We expect that Go 1.28 will require a minor release of Go 1.26 or later for bootstrap. * Standard Library: New crypto/hpke package: The new crypto/hpke package implements Hybrid Public Key Encryption (HPKE) as specified in RFC 9180, including support for post-quantum hybrid KEMs. * Standard Library: New experimental simd/archsimd package: Go 1.26 introduces a new experimental simd/archsimd package, which can be enabled by setting the environment variable GOEXPERIMENT=simd at build time. This package provides access to architecture-specific SIMD operations. It is currently available on the amd64 architecture and supports 128-bit, 256-bit, and 512-bit vector types, such as Int8x16 and Float64x8, with operations such as Int8x16.Add. The API is not yet considered stable. We intend to provide support for other architectures in future versions, but the API intentionally architecture-specific and thus non-portable. In addition, we plan to develop a high-level portable SIMD package in the future. * Standard Library: New experimental runtime/secret package: The new runtime/secret package is available as an experiment, which GOEXPERIMENT=runtimesecret at build time. It provides a facility for securely erasing temporaries used in code that manipulates secret information--typically cryptographic in nature--such as registers, stack, new heap allocations. This package is intended to make it easier to ensure forward secrecy. It currently supports the amd64 and arm64 architectures on Linux. * bytes: The new Buffer.Peek method returns the next n bytes from the buffer without advancing it. * crypto: The new Encapsulator and Decapsulator interfaces allow accepting abstract KEM encapsulation or decapsulation keys. * crypto/dsa: The random parameter to GenerateKey is now ignored. Instead, it now always uses a secure source of cryptographically random bytes. For deterministic testing, use the new testing/cryptotest.SetGlobalRandom function. The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. * crypto/ecdh: The random parameter to Curve.GenerateKey is now behavior. The new KeyExchanger interface, implemented by PrivateKey, makes it possible to accept abstract ECDH private keys, e.g. those implemented in hardware. * crypto/ecdsa: The big.Int fields of PublicKey and PrivateKey are now deprecated. The random parameter to GenerateKey, SignASN1, Sign, and PrivateKey.Sign is now ignored. Instead, they now always use a secure source of cryptographically random bytes. For deterministic testing, use the new testing/cryptotest.SetGlobalRandom function. The new GODEBUG setting cryptocustomrand=1 temporarily restores the old * crypto/ed25519: If the random parameter to GenerateKey is nil, GenerateKey now always uses a secure source of cryptographically random bytes, instead of crypto/rand.Reader (which could have been overridden). The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. * crypto/fips140: The new WithoutEnforcement and Enforced functions now allow running in GODEBUG=fips140=only mode while selectively disabling the strict FIPS 140-3 checks. Version returns the resolved FIPS 140-3 Go Cryptographic Module version when building against a frozen module with GOFIPS140. * crypto/mlkem: The new DecapsulationKey768.Encapsulator and DecapsulationKey1024.Encapsulator methods implement the new crypto.Decapsulator interface. * crypto/mlkem/mlkemtest: The new crypto/mlkem/mlkemtest package exposes the Encapsulate768 and Encapsulate1024 functions which implement derandomized ML-KEM encapsulation, for use with known-answer tests. * crypto/rand: The random parameter to Prime is now * crypto/rsa: The new EncryptOAEPWithOptions function allows specifying different hash functions for OAEP padding and MGF1 mask generation. * crypto/rsa: The random parameter to GenerateKey, GenerateMultiPrimeKey, and EncryptPKCS1v15 is now ignored. Instead, they now always use a secure source of * crypto/rsa: If PrivateKey fields are modified after calling PrivateKey.Precompute, PrivateKey.Validate now fails. * crypto/rsa: PrivateKey.D is now checked for consistency with precomputed values, even if it is not used. * crypto/rsa: Unsafe PKCS #1 v1.5 encryption padding (implemented by EncryptPKCS1v15, DecryptPKCS1v15, and DecryptPKCS1v15SessionKey) is now deprecated. * crypto/subtle: The WithDataIndependentTiming function no longer locks the calling goroutine to the OS thread while executing the passed function. Additionally, any goroutines which are spawned during the execution of the passed function and their descendants now inherit the properties of WithDataIndependentTiming for their lifetime. This change also affects cgo in the following ways: * crypto/subtle: Any C code called via cgo from within the function passed to WithDataIndependentTiming, or from a goroutine spawned by the function passed to WithDataIndependentTiming and its descendants, will also have data independent timing enabled for the duration of the call. If the C code disables data independent timing, it will be re-enabled on return to Go. * crypto/subtle: If C code called via cgo, from the function passed to WithDataIndependentTiming or elsewhere, enables or disables data independent timing then calling into Go will preserve that state for the duration of the call. * crypto/tls: The hybrid SecP256r1MLKEM768 and SecP384r1MLKEM1024 post-quantum key exchanges are now enabled by default. They can be disabled by setting Config.CurvePreferences or with the tlssecpmlkem=0 GODEBUG setting. * crypto/tls: The new ClientHelloInfo.HelloRetryRequest field indicates if the ClientHello was sent in response to a HelloRetryRequest message. The new ConnectionState.HelloRetryRequest field indicates if the server sent a HelloRetryRequest, or if the client received a HelloRetryRequest, depending on connection role. * crypto/tls: The QUICConn type used by QUIC implementations includes a new event for reporting TLS handshake errors. * crypto/tls: If Certificate.PrivateKey implements crypto.MessageSigner, its SignMessage method is used instead of Sign in TLS 1.2 and later. * crypto/tls: The following GODEBUG settings introduced in Go 1.22 and Go 1.23 will be removed in the next major Go release. Starting in Go 1.27, the new behavior will apply regardless of GODEBUG setting or go.mod language version. * crypto/tls: GODEBUG tlsunsafeekm: ConnectionState.ExportKeyingMaterial will require TLS 1.3 or Extended Master Secret. * crypto/tls: GODEBUG tlsrsakex: legacy RSA-only key exchanges without ECDH won't be enabled by default. * crypto/tls: GODEBUG tls10server: the default minimum TLS version for both clients and servers will be TLS 1.2. * crypto/tls: GODEBUG tls3des: the default cipher suites will not include 3DES. * crypto/tls: GODEBUG x509keypairleaf: X509KeyPair and LoadX509KeyPair will always populate the Certificate.Leaf field. * crypto/x509: The ExtKeyUsage and KeyUsage types now have String methods that return the corresponding OID names as defined in RFC 5280 and other registries. * crypto/x509: The ExtKeyUsage type now has an OID method that returns the corresponding OID for the EKU. * crypto/x509: The new OIDFromASN1OID function allows converting an encoding/asn1.ObjectIdentifier into an OID. * debug/elf: Additional R_LARCH_* constants from LoongArch ELF psABI v20250521 (global version v2.40) are defined for use with LoongArch systems. * errors: The new AsType function is a generic version of As. It is type-safe, faster, and, in most cases, easier to use. * fmt: For unformatted strings, fmt.Errorf("x") now allocates less and generally matches the allocations for errors.New("x"). * go/ast: The new ParseDirective function parses directive comments, which are comments such as //go:generate. Source code tools can support their own directive comments and this new API should help them implement the conventional syntax. * go/ast: The new BasicLit.ValueEnd field records the precise end position of a literal so that the BasicLit.End method can now always return the correct answer. (Previously it was computed using a heuristic that was incorrect for multi-line raw string literals in Windows source files, due to removal of carriage returns.) * go/ast: Programs that update the ValuePos field of BasicLits produced by the parser may need to also update or clear the ValueEnd field to avoid minor differences in formatted output. * go/token: The new File.End convenience method returns the file's end position. * go/types: The gotypesalias GODEBUG setting introduced in Go 1.22 will be removed in the next major Go release. Starting in Go 1.27, the go/types package will always produce an Alias type for the representation of type aliases regardless of GODEBUG setting or go.mod language version. * image/jpeg: The JPEG encoder and decoder have been replaced with new, faster, more accurate implementations. Code that expects specific bit-for- bit outputs from the encoder or decoder may need to be updated. * io: ReadAll now allocates less intermediate memory and returns a minimally sized final slice. It is often about two times faster while typically allocating around half as much total memory, with more benefit for larger inputs. * log/slog: The NewMultiHandler function creates a MultiHandler that invokes all the given Handlers. Its Enabled method reports whether any of the handlers' Enabled methods return true. Its Handle, WithAttrs and WithGroup methods call the corresponding method on each of the enabled handlers. * net: The new Dialer methods DialIP, DialTCP, DialUDP, and DialUnix permit dialing specific network types with context values. * net/http: The new HTTP2Config.StrictMaxConcurrentRequests field controls whether a new connection should be opened if an existing HTTP/2 connection has exceeded its stream limit. * net/http: The new Transport.NewClientConn method returns a client connection to an HTTP server. Most users should continue to use Transport.RoundTrip to make requests, which manages a pool of connections. NewClientConn is useful for users who need to implement their own connection management. * net/http: Client now uses and sets cookies scoped to URLs with the host portion matching Request.Host when available. Previously, the connection address host was always used. * net/http/httptest: The HTTP client returned by Server.Client will now redirect requests for example.com and any subdomains to the server being tested. * net/http/httputil: The ReverseProxy.Director configuration field is deprecated in favor of ReverseProxy.Rewrite. * net/http/httputil: A malicious client can remove headers added by a Director function by designating those headers as hop-by-hop. Since there is no way to address this problem within the scope of the Director API, we added a new Rewrite hook in Go 1.20. Rewrite hooks are provided with both the unmodified inbound request received by the proxy and the outbound request which will be sent by the proxy. Since the Director hook is fundamentally unsafe, we are now deprecating it. * net/netip: The new Prefix.Compare method compares two prefixes. * net/url: Parse now rejects malformed URLs containing colons in the host subcomponent, such as http://::1/ or http://localhost:80:80/. URLs containing bracketed IPv6 addresses, such as http://[::1]/ are still accepted. The new GODEBUG setting urlstrictcolons=0 restores the old behavior. * os: The new Process.WithHandle method provides access to an internal process handle on supported platforms (pidfd on Linux 5.4 or later, Handle on Windows). * os: On Windows, the OpenFile flag parameter can now contain any combination of Windows-specific file flags, such as FILE_FLAG_OVERLAPPED and FILE_FLAG_SEQUENTIAL_SCAN, for control of file or device caching behavior, access modes, and other special-purpose flags. * os/signal: NotifyContext now cancels the returned context with context.CancelCauseFunc and an error indicating which signal was received. * reflect: The new methods Type.Fields, Type.Methods, Type.Ins and Type.Outs return iterators for a type's fields (for a struct type), methods, inputs and outputs parameters (for a function type), respectively. Similarly, the new methods Value.Fields and Value.Methods return iterators over a value's fields or methods, respectively. Each iteration yields the type information (StructField or Method) of a field or method, along with the field or method Value. * runtime/metrics: Several new scheduler metrics have been added, including counts of goroutines in various states (waiting, runnable, etc.) under the /sched/goroutines prefix, the number of OS threads the runtime is aware of with /sched/threads:threads, and the total number of goroutines created by the program with /sched/goroutines-created:goroutines. * testing: The new methods T.ArtifactDir, B.ArtifactDir, and F.ArtifactDir return a directory in which to write test output files (artifacts). * testing: When the -artifacts flag is provided to go test, this directory will be located under the output directory (specified with -outputdir, or the current directory by default). Otherwise, artifacts are stored in a temporary directory which is removed after the test completes. * testing: The first call to ArtifactDir when -artifacts is provided writes the location of the directory to the test log. * testing: The B.Loop method no longer prevents inlining in the loop body, which could lead to unanticipated allocation and slower benchmarks. With this fix, we expect that all benchmarks can be converted from the old B.N style to the new B.Loop style with no ill effects. Within the body of a for b.Loop() { ... } loop, function call parameters, results, and assigned variables are still kept alive, preventing the compiler from optimizing away entire parts of the benchmark. * testing/cryptotest: The new SetGlobalRandom function configures a global, deterministic cryptographic randomness source for the duration of the test. It affects crypto/rand, and all implicit sources of cryptographic randomness in the crypto/... packages. * time: The asynctimerchan GODEBUG setting introduced in Go 1.23 will be removed in the next major Go release. Starting in Go 1.27, the time package will always use unbuffered (synchronous) channels for timers regardless of GODEBUG setting or go.mod language version. * Ports: Darwin: Go 1.26 is the last release that will run on macOS 12 Monterey. Go 1.27 will require macOS 13 Ventura or later. * Ports: FreeBSD: The freebsd/riscv64 port (GOOS=freebsd GOARCH=riscv64) has been marked broken. See issue 76475 for details. * Ports: Windows: As announced in the Go 1.25 release notes, the broken 32-bit windows/arm port (GOOS=windows GOARCH=arm) has been removed. * Ports: PowerPC: Go 1.26 is the last release that supports the ELFv1 ABI on the big-endian 64-bit PowerPC port on Linux (GOOS=linux GOARCH=ppc64). It will switch to the ELFv2 ABI in Go 1.27. As the port does not currently support linking against other ELF objects, we expect this change to be transparent to users. * Ports: RISC-V: The linux/riscv64 port now supports the race detector. * Ports: S390X: The s390x port now supports passing function arguments and results using registers. * Ports: WebAssembly: The compiler now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions. These features have been standardized since at least Wasm 2.0. The corresponding GOWASM settings, signext and satconv, are now ignored. * Ports: WebAssembly: For WebAssembly applications, the runtime now manages chunks of heap memory in much smaller increments, leading to significantly reduced memory usage for applications with heaps less than around 16 MiB in size. * go1.26rc3 (released 2026-02-04) is a release candidate version of go1.26 cut from the master branch at the revision tagged go1.26rc3. * go1.26rc2 (released 2026-01-15) is a release candidate version of go1.26rc2. * go1.26 requires go1.24.6 or later for bootstrap. * go1.26rc1 (released 2025-12-16) is a release candidate version of go1.26rc1. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-560=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-560=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * go1.26-openssl-1.26.1-160000.1.1 * go1.26-openssl-doc-1.26.1-160000.1.1 * go1.26-openssl-race-1.26.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * go1.26-openssl-1.26.1-160000.1.1 * go1.26-openssl-doc-1.26.1-160000.1.1 * go1.26-openssl-race-1.26.1-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25679.html * https://www.suse.com/security/cve/CVE-2026-27137.html * https://www.suse.com/security/cve/CVE-2026-27138.html * https://www.suse.com/security/cve/CVE-2026-27139.html * https://www.suse.com/security/cve/CVE-2026-27142.html * https://bugzilla.suse.com/show_bug.cgi?id=1255111 * https://bugzilla.suse.com/show_bug.cgi?id=1259264 * https://bugzilla.suse.com/show_bug.cgi?id=1259265 * https://bugzilla.suse.com/show_bug.cgi?id=1259266 * https://bugzilla.suse.com/show_bug.cgi?id=1259267 * https://bugzilla.suse.com/show_bug.cgi?id=1259268 * https://jira.suse.com/browse/SLE-18320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:31 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:36:31 -0000 Subject: SUSE-SU-2026:21164-1: important: Security update for glibc Message-ID: <177677499198.7580.15801091447456237218@5a8be24cc32b> # Security update for glibc Announcement ID: SUSE-SU-2026:21164-1 Release Date: 2026-04-10T06:36:43Z Rating: important References: * bsc#1258319 * bsc#1260078 * bsc#1260082 Cross-References: * CVE-2026-4437 * CVE-2026-4438 CVSS scores: * CVE-2026-4437 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4437 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4437 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4438 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4438 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2026-4438 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for glibc fixes the following issues: Security fixes: * CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078). * CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082). Other fixes: * nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-516=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-516=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * glibc-devel-debuginfo-2.40-160000.4.1 * glibc-locale-2.40-160000.4.1 * glibc-locale-base-2.40-160000.4.1 * glibc-utils-2.40-160000.4.1 * glibc-utils-debuginfo-2.40-160000.4.1 * glibc-extra-2.40-160000.4.1 * glibc-utils-src-debugsource-2.40-160000.4.1 * glibc-devel-static-2.40-160000.4.1 * glibc-gconv-modules-extra-debuginfo-2.40-160000.4.1 * glibc-profile-2.40-160000.4.1 * glibc-debuginfo-2.40-160000.4.1 * glibc-extra-debuginfo-2.40-160000.4.1 * glibc-debugsource-2.40-160000.4.1 * glibc-devel-2.40-160000.4.1 * glibc-gconv-modules-extra-2.40-160000.4.1 * glibc-2.40-160000.4.1 * SUSE Linux Enterprise Server 16.0 (noarch) * glibc-lang-2.40-160000.4.1 * glibc-i18ndata-2.40-160000.4.1 * glibc-html-2.40-160000.4.1 * glibc-info-2.40-160000.4.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * glibc-devel-debuginfo-2.40-160000.4.1 * glibc-locale-2.40-160000.4.1 * glibc-locale-base-2.40-160000.4.1 * glibc-utils-2.40-160000.4.1 * glibc-utils-debuginfo-2.40-160000.4.1 * glibc-extra-2.40-160000.4.1 * glibc-utils-src-debugsource-2.40-160000.4.1 * glibc-devel-static-2.40-160000.4.1 * glibc-gconv-modules-extra-debuginfo-2.40-160000.4.1 * glibc-profile-2.40-160000.4.1 * glibc-debuginfo-2.40-160000.4.1 * glibc-extra-debuginfo-2.40-160000.4.1 * glibc-debugsource-2.40-160000.4.1 * glibc-devel-2.40-160000.4.1 * glibc-gconv-modules-extra-2.40-160000.4.1 * glibc-2.40-160000.4.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * glibc-lang-2.40-160000.4.1 * glibc-i18ndata-2.40-160000.4.1 * glibc-html-2.40-160000.4.1 * glibc-info-2.40-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-4437.html * https://www.suse.com/security/cve/CVE-2026-4438.html * https://bugzilla.suse.com/show_bug.cgi?id=1258319 * https://bugzilla.suse.com/show_bug.cgi?id=1260078 * https://bugzilla.suse.com/show_bug.cgi?id=1260082 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:35:59 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:35:59 -0000 Subject: SUSE-SU-2026:21172-1: moderate: Security update for pcre2 Message-ID: <177677495952.7580.2327829779264372821@5a8be24cc32b> # Security update for pcre2 Announcement ID: SUSE-SU-2026:21172-1 Release Date: 2026-04-10T18:29:30Z Rating: moderate References: * bsc#1248842 Cross-References: * CVE-2025-58050 CVSS scores: * CVE-2025-58050 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-58050 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2025-58050 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-58050 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for pcre2 fixes the following issue: * CVE-2025-58050: integer overflow leads to heap buffer overread in match_ref due to missing boundary restoration in SCS (bsc#1248842). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-528=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-528=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libpcre2-8-0-10.45-160000.3.1 * pcre2-tools-debuginfo-10.45-160000.3.1 * libpcre2-32-0-10.45-160000.3.1 * libpcre2-posix3-debuginfo-10.45-160000.3.1 * libpcre2-16-0-10.45-160000.3.1 * libpcre2-32-0-debuginfo-10.45-160000.3.1 * pcre2-devel-10.45-160000.3.1 * libpcre2-8-0-debuginfo-10.45-160000.3.1 * pcre2-debugsource-10.45-160000.3.1 * libpcre2-16-0-debuginfo-10.45-160000.3.1 * libpcre2-posix3-10.45-160000.3.1 * pcre2-devel-static-10.45-160000.3.1 * pcre2-tools-10.45-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * pcre2-doc-10.45-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libpcre2-8-0-10.45-160000.3.1 * pcre2-tools-debuginfo-10.45-160000.3.1 * libpcre2-32-0-10.45-160000.3.1 * libpcre2-posix3-debuginfo-10.45-160000.3.1 * libpcre2-16-0-10.45-160000.3.1 * libpcre2-32-0-debuginfo-10.45-160000.3.1 * pcre2-devel-10.45-160000.3.1 * libpcre2-8-0-debuginfo-10.45-160000.3.1 * pcre2-debugsource-10.45-160000.3.1 * libpcre2-16-0-debuginfo-10.45-160000.3.1 * libpcre2-posix3-10.45-160000.3.1 * pcre2-devel-static-10.45-160000.3.1 * pcre2-tools-10.45-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * pcre2-doc-10.45-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-58050.html * https://bugzilla.suse.com/show_bug.cgi?id=1248842 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:15 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:36:15 -0000 Subject: SUSE-SU-2026:21167-1: important: Security update for cockpit-podman Message-ID: <177677497558.7580.1885443432426051107@5a8be24cc32b> # Security update for cockpit-podman Announcement ID: SUSE-SU-2026:21167-1 Release Date: 2026-04-10T11:48:27Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit-podman fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-518=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-518=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * cockpit-podman-117-160000.2.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * cockpit-podman-117-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:10 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:36:10 -0000 Subject: SUSE-SU-2026:21168-1: important: Security update for cockpit-machines Message-ID: <177677497021.7580.18629735215087747@5a8be24cc32b> # Security update for cockpit-machines Announcement ID: SUSE-SU-2026:21168-1 Release Date: 2026-04-10T11:48:27Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit-machines fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character that doesn't appear in the test string can lead to ReDoS (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-519=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-519=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * cockpit-machines-346-160000.2.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * cockpit-machines-346-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:19 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:36:19 -0000 Subject: SUSE-SU-2026:21166-1: important: Security update for cockpit Message-ID: <177677497994.7580.13154074094149826122@5a8be24cc32b> # Security update for cockpit Announcement ID: SUSE-SU-2026:21166-1 Release Date: 2026-04-10T11:36:09Z Rating: important References: * bsc#1257836 * bsc#1258641 Cross-References: * CVE-2026-25547 * CVE-2026-26996 CVSS scores: * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for cockpit fixes the following issues: * CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process (bsc#1257836). * CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character that doesn't appear in the test string can lead to ReDoS (bsc#1258641). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-520=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-520=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * cockpit-debugsource-354-160000.2.1 * cockpit-ws-debuginfo-354-160000.2.1 * cockpit-354-160000.2.1 * cockpit-ws-354-160000.2.1 * cockpit-devel-354-160000.2.1 * cockpit-ws-selinux-354-160000.2.1 * SUSE Linux Enterprise Server 16.0 (noarch) * cockpit-bridge-354-160000.2.1 * cockpit-packagekit-354-160000.2.1 * cockpit-kdump-354-160000.2.1 * cockpit-doc-354-160000.2.1 * cockpit-storaged-354-160000.2.1 * cockpit-networkmanager-354-160000.2.1 * cockpit-firewalld-354-160000.2.1 * cockpit-selinux-354-160000.2.1 * cockpit-system-354-160000.2.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * cockpit-debugsource-354-160000.2.1 * cockpit-ws-debuginfo-354-160000.2.1 * cockpit-354-160000.2.1 * cockpit-ws-354-160000.2.1 * cockpit-devel-354-160000.2.1 * cockpit-ws-selinux-354-160000.2.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * cockpit-bridge-354-160000.2.1 * cockpit-packagekit-354-160000.2.1 * cockpit-kdump-354-160000.2.1 * cockpit-doc-354-160000.2.1 * cockpit-storaged-354-160000.2.1 * cockpit-networkmanager-354-160000.2.1 * cockpit-firewalld-354-160000.2.1 * cockpit-selinux-354-160000.2.1 * cockpit-system-354-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1257836 * https://bugzilla.suse.com/show_bug.cgi?id=1258641 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:36:06 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:36:06 -0000 Subject: SUSE-RU-2026:21169-1: moderate: Recommended update for nvidia-open-driver-G07-signed Message-ID: <177677496602.7580.3552511355883066077@5a8be24cc32b> # Recommended update for nvidia-open-driver-G07-signed Announcement ID: SUSE-RU-2026:21169-1 Release Date: 2026-04-10T11:56:28Z Rating: moderate References: * bsc#1259719 * bsc#1260044 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has two fixes can now be installed. ## Description: This update for nvidia-open-driver-G07-signed fixes the following issues: * adding 'ExcludeArch: %ix86 s390x ppc64le' to no longer get autoclines by buildservice hoping that this wont't break RPM descriptions for -cuda variant again * update CUDA variant to 595.58.03 * update non-CUDA version to 595.58.03 (bsc#1260044) * do not set ExclusiveArch in order to fix RPM description for -cuda variant (bsc#1259719) * improved RPM description for -cuda and non-cuda variant * add 'Provides: open-driver-non-cuda-variant = %version' for non-CUDA variant to be able: * to distinguish between both variants; * to be used by nvidia-open-driver-G07-signed-kmp-meta for TW ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-523=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-523=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64) * nvidia-open-driver-G07-signed-kmp-64kb-debuginfo-595.58.03_k6.12.0_160000.27-160000.1.1 * nvidia-open-driver-G07-signed-kmp-64kb-595.58.03_k6.12.0_160000.27-160000.1.1 * nvidia-open-driver-G07-signed-64kb-devel-595.58.03-160000.1.1 * nvidia-open-driver-G07-signed-cuda-64kb-devel-595.58.03-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * nvidia-open-driver-G07-signed-cuda-default-devel-595.58.03-160000.1.1 * nvidia-open-driver-G07-signed-cuda-debugsource-595.58.03-160000.1.1 * nvidia-open-driver-G07-signed-debugsource-595.58.03-160000.1.1 * nvidia-open-driver-G07-signed-default-devel-595.58.03-160000.1.1 * nvidia-open-driver-G07-signed-kmp-default-debuginfo-595.58.03_k6.12.0_160000.27-160000.1.1 * nvidia-open-driver-G07-signed-cuda-kmp-default-595.58.03_k6.12.0_160000.27-160000.1.1 * nvidia-open-driver-G07-signed-cuda-kmp-default-debuginfo-595.58.03_k6.12.0_160000.27-160000.1.1 * nvidia-open-driver-G07-signed-kmp-default-595.58.03_k6.12.0_160000.27-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * nvidia-open-driver-G07-signed-cuda-default-devel-595.58.03-160000.1.1 * nvidia-open-driver-G07-signed-cuda-debugsource-595.58.03-160000.1.1 * nvidia-open-driver-G07-signed-debugsource-595.58.03-160000.1.1 * nvidia-open-driver-G07-signed-default-devel-595.58.03-160000.1.1 * nvidia-open-driver-G07-signed-kmp-default-debuginfo-595.58.03_k6.12.0_160000.27-160000.1.1 * nvidia-open-driver-G07-signed-cuda-kmp-default-595.58.03_k6.12.0_160000.27-160000.1.1 * nvidia-open-driver-G07-signed-cuda-kmp-default-debuginfo-595.58.03_k6.12.0_160000.27-160000.1.1 * nvidia-open-driver-G07-signed-kmp-default-595.58.03_k6.12.0_160000.27-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1259719 * https://bugzilla.suse.com/show_bug.cgi?id=1260044 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:40 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:33:40 -0000 Subject: SUSE-RU-2026:21193-1: moderate: Recommended update for eglexternalplatform Message-ID: <177677482039.7580.15773726647387103432@5a8be24cc32b> # Recommended update for eglexternalplatform Announcement ID: SUSE-RU-2026:21193-1 Release Date: 2026-04-14T14:48:51Z Rating: moderate References: Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that can now be installed. ## Description: This update for eglexternalplatform fixes the following issues: Changes in eglexternalplatform: * update to release 1.2.1 * Override the installation directory of the pkg-config file to put it in the correct arch-independent directory. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-557=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-557=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * eglexternalplatform-devel-1.2.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * eglexternalplatform-devel-1.2.1-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:39 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:33:39 -0000 Subject: SUSE-SU-2026:21194-1: important: Security update for plexus-utils Message-ID: <177677481903.7580.4526045070182736483@5a8be24cc32b> # Security update for plexus-utils Announcement ID: SUSE-SU-2026:21194-1 Release Date: 2026-04-14T15:02:17Z Rating: important References: * bsc#1260588 Cross-References: * CVE-2025-67030 CVSS scores: * CVE-2025-67030 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-67030 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-67030 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-67030 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for plexus-utils fixes the following issue: * CVE-2025-67030: directory traversal via the `extractFile` method of `org.codehaus.plexus.util.Expand` (bsc#1260588). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-558=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-558=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * plexus-utils-javadoc-4.0.2-160000.3.1 * plexus-utils-4.0.2-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * plexus-utils-javadoc-4.0.2-160000.3.1 * plexus-utils-4.0.2-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67030.html * https://bugzilla.suse.com/show_bug.cgi?id=1260588 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:34:38 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:34:38 -0000 Subject: SUSE-SU-2026:21181-1: important: Security update for nodejs24 Message-ID: <177677487858.7580.14129905063610537029@5a8be24cc32b> # Security update for nodejs24 Announcement ID: SUSE-SU-2026:21181-1 Release Date: 2026-04-13T12:29:51Z Rating: important References: * bsc#1256572 * bsc#1256576 * bsc#1260455 * bsc#1260460 * bsc#1260462 * bsc#1260463 * bsc#1260480 * bsc#1260482 * bsc#1260494 Cross-References: * CVE-2025-59464 * CVE-2026-21637 * CVE-2026-21710 * CVE-2026-21712 * CVE-2026-21713 * CVE-2026-21714 * CVE-2026-21715 * CVE-2026-21716 * CVE-2026-21717 CVSS scores: * CVE-2025-59464 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-59464 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-59464 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59464 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-21637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21712 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21712 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-21712 ( NVD ): 5.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2026-21713 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21714 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21715 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21716 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21716 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21717 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves nine vulnerabilities can now be installed. ## Description: This update for nodejs24 fixes the following issues: Update to version 24.14.1. Security issues fixed: * CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request (bsc#1260494). * CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file permissions and ownership on already-open file descriptors (bsc#1260462). * CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482). * CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480). * CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and potential MAC forgery (bsc#1260463). * CVE-2026-21712: assertion error caused by flaw in URL processing allows for a process crash via a URL with a malformed IDN (bsc#1260460). * CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455). * CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576). * CVE-2025-59464: memory leak allows for remote denial of service against applications processing TLS client certificates (bsc#1256572). Other updates and bugfixes: * Version 24.14.0: * async_hooks: add trackPromises option to createHook() * build,deps: replace cjs-module-lexer with merve * deps: add LIEF as a dependency * events: repurpose events.listenerCount() to accept EventTargets * fs: add ignore option to fs.watch * http: add http.setGlobalProxyFromEnv() * module: allow subpath imports that start with #/ * process: preserve AsyncLocalStorage in queueMicrotask only when needed * sea: split sea binary manipulation code * sqlite: enable defensive mode by default * sqlite: add sqlite prepare options args * src: add initial support for ESM in embedder API * stream: add bytes() method to node:stream/consumers * stream: do not pass readable.compose() output via Readable.from() * test: use fixture directories for sea tests * test_runner: add env option to run function * test_runner: support expecting a test-case to fail * util: add convertProcessSignalToExitCode utility * For details, see https://nodejs.org/en/blog/release/v24.14.0 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-541=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-541=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * nodejs24-debugsource-24.14.1-160000.1.1 * corepack24-24.14.1-160000.1.1 * npm24-24.14.1-160000.1.1 * nodejs24-24.14.1-160000.1.1 * nodejs24-debuginfo-24.14.1-160000.1.1 * nodejs24-devel-24.14.1-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * nodejs24-docs-24.14.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * nodejs24-debugsource-24.14.1-160000.1.1 * corepack24-24.14.1-160000.1.1 * npm24-24.14.1-160000.1.1 * nodejs24-24.14.1-160000.1.1 * nodejs24-debuginfo-24.14.1-160000.1.1 * nodejs24-devel-24.14.1-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * nodejs24-docs-24.14.1-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-59464.html * https://www.suse.com/security/cve/CVE-2026-21637.html * https://www.suse.com/security/cve/CVE-2026-21710.html * https://www.suse.com/security/cve/CVE-2026-21712.html * https://www.suse.com/security/cve/CVE-2026-21713.html * https://www.suse.com/security/cve/CVE-2026-21714.html * https://www.suse.com/security/cve/CVE-2026-21715.html * https://www.suse.com/security/cve/CVE-2026-21716.html * https://www.suse.com/security/cve/CVE-2026-21717.html * https://bugzilla.suse.com/show_bug.cgi?id=1256572 * https://bugzilla.suse.com/show_bug.cgi?id=1256576 * https://bugzilla.suse.com/show_bug.cgi?id=1260455 * https://bugzilla.suse.com/show_bug.cgi?id=1260460 * https://bugzilla.suse.com/show_bug.cgi?id=1260462 * https://bugzilla.suse.com/show_bug.cgi?id=1260463 * https://bugzilla.suse.com/show_bug.cgi?id=1260480 * https://bugzilla.suse.com/show_bug.cgi?id=1260482 * https://bugzilla.suse.com/show_bug.cgi?id=1260494 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:53 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:33:53 -0000 Subject: SUSE-RU-2026:21188-1: moderate: Recommended update for linuxptp Message-ID: <177677483344.7580.5203775197570439754@5a8be24cc32b> # Recommended update for linuxptp Announcement ID: SUSE-RU-2026:21188-1 Release Date: 2026-04-14T11:33:34Z Rating: moderate References: * bsc#1256059 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for linuxptp fixes the following issues: * Move to DevicePolicy=closed instead of -PrivateDevices=true to allow access to devices (bsc#1256059) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-552=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-552=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * linuxptp-4.4-160000.3.1 * linuxptp-debugsource-4.4-160000.3.1 * linuxptp-debuginfo-4.4-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * linuxptp-4.4-160000.3.1 * linuxptp-debugsource-4.4-160000.3.1 * linuxptp-debuginfo-4.4-160000.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1256059 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:34:24 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:34:24 -0000 Subject: SUSE-RU-2026:21182-1: moderate: Recommended update for rsyslog Message-ID: <177677486400.7580.4730192473621511214@5a8be24cc32b> # Recommended update for rsyslog Announcement ID: SUSE-RU-2026:21182-1 Release Date: 2026-04-13T12:55:40Z Rating: moderate References: * bsc#1253261 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for rsyslog fixes the following issues: * Fix SELinux context of rsyslog run directory (bsc#1253261) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-543=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-543=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * rsyslog-module-gssapi-8.2502.0-160000.3.1 * rsyslog-module-mmnormalize-debuginfo-8.2502.0-160000.3.1 * rsyslog-module-ossl-debuginfo-8.2502.0-160000.3.1 * rsyslog-module-relp-debuginfo-8.2502.0-160000.3.1 * rsyslog-debuginfo-8.2502.0-160000.3.1 * rsyslog-module-gtls-debuginfo-8.2502.0-160000.3.1 * rsyslog-module-relp-8.2502.0-160000.3.1 * rsyslog-module-mmnormalize-8.2502.0-160000.3.1 * rsyslog-module-ossl-8.2502.0-160000.3.1 * rsyslog-8.2502.0-160000.3.1 * rsyslog-module-gtls-8.2502.0-160000.3.1 * rsyslog-debugsource-8.2502.0-160000.3.1 * rsyslog-module-gssapi-debuginfo-8.2502.0-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * rsyslog-module-gssapi-8.2502.0-160000.3.1 * rsyslog-module-mmnormalize-debuginfo-8.2502.0-160000.3.1 * rsyslog-module-ossl-debuginfo-8.2502.0-160000.3.1 * rsyslog-module-relp-debuginfo-8.2502.0-160000.3.1 * rsyslog-debuginfo-8.2502.0-160000.3.1 * rsyslog-module-gtls-debuginfo-8.2502.0-160000.3.1 * rsyslog-module-relp-8.2502.0-160000.3.1 * rsyslog-module-mmnormalize-8.2502.0-160000.3.1 * rsyslog-module-ossl-8.2502.0-160000.3.1 * rsyslog-8.2502.0-160000.3.1 * rsyslog-module-gtls-8.2502.0-160000.3.1 * rsyslog-debugsource-8.2502.0-160000.3.1 * rsyslog-module-gssapi-debuginfo-8.2502.0-160000.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1253261 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:34:21 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:34:21 -0000 Subject: SUSE-RU-2026:21183-1: moderate: Recommended update for crypto-policies Message-ID: <177677486102.7580.5061910722131933337@5a8be24cc32b> # Recommended update for crypto-policies Announcement ID: SUSE-RU-2026:21183-1 Release Date: 2026-04-13T13:10:32Z Rating: moderate References: * bsc#1252696 * bsc#1253025 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has two fixes can now be installed. ## Description: This update for crypto-policies fixes the following issues: * Fix the testsuite: * Port all the policy changes to the config files in the test suite. * Use the newly introduced SKIP_LINTING=1 option. * Adapt the manpages to SUSE/openSUSE: * Add crypto policies SUSE manpages * Compress all the man pages for update-crypto-policies.8.gz, crypto-policies.7.gz, fips-finish-install.8.gz and fips-mode-setup.8.gz into man-crypto-policies.tar.xz * Update to version 20250714.cd6043a: (bsc#1253025, bsc#1252696) * gnutls: enable ML-DSA, for both secure-sig and secure-sig-for-cert * python, policies, tests: alias X25519-MLKEM768 to MLKEM768-X25519 * FIPS: disable MLKEM768-X25519 for openssh (no-op) * FIPS: deprioritize X25519-MLKEM768 over P256-MLKEM768 for openssl... * TEST-PQ: be more careful with the ordering * openssl: send one PQ and one classic key_share; prioritize PQ groups * sequoia: Generate AEAD policy * Do not include EdDSA in FIPS policy * sequoia: Add PQC algorithm * sequoia: Run tests against PQC capable policy-config-check * Revert "openssl, policies: implement group_key_share option" * openssl, policies: implement group_key_share option * FIPS: enable hybrid ML-KEM (TLS only) and pure ML-DSA * python/build-crypto-policies: output diffs on --test mismatches * sequoia, rpm-sequoia: use ignore_invalid with sha3, x25519, ... * policies, alg_lists, openssl: remove KYBER from allowed values * openssl: stricter enabling of Ciphersuites * openssl: make use of -CBC and -AESGCM keywords * openssl: add TLS 1.3 Brainpool identifiers * fix warning on using experimental key_exchanges * update-crypto-policies: don't output FIPS warning in fips mode * openssh: map mlkem768x25519-sha256 to KEM-ECDH and MLKEM768-X25519 and SHA2-256 * openssh, libssh: refactor kx maps to use tuples * alg_lists: mark MLKEM768/SNTRUP kex experimental * nss: revert enabling mlkem768secp256r1 * nss: add mlkem768x25519 and mlkem768secp256r1, remove xyber * gnutls: add GROUP-X25519-MLKEM768 and GROUP-SECP256R1-MLKEM768 * openssl: use both names for SecP256r1MLKEM768 / X25519MLKEM768 * openssh, TEST-PQ: rename MLKEM key_exchange to MLKEM768 * openssh: add support for sntrup761x25519-sha512 and mlkem768x25519-sha256 * LEGACY: enable 192-bit ciphers for nss pkcs12/smime * openssl: map NULL to TLS_SHA256_SHA256:TLS_SHA384_SHA384... * nss: be stricter with new purposes * python/update-crypto-policies: pacify pylint * fips-mode-setup: tolerate fips dracut module presence w/o FIPS * fips-mode-setup: small Argon2 detection fix * SHA1: add __openssl_block_sha1_signatures = 0 * fips-mode-setup: block if LUKS devices using Argon2 are detected * update-crypto-policies: skip warning on --set=FIPS if bootc * fips-setup-helper: skip warning, BTW * fips-mode-setup: force --no-bootcfg when UKI is detected * fips-crypto-policy-overlay: automount FIPS policy * nss: rewrite backend for 3.101 * cryptopolicies: parent scopes for dumping purposes * policygenerators: move scoping inside generators * openssh: make dss no longer enableble, support is dropped * gnutls: wire GROUP-X25519-KYBER768 to X25519-KYBER768 * TEST-PQ: disable pure Kyber768 * DEFAULT: switch to rh-allow-sha1-signatures = no... * java: drop unused javasystem backend * java: stop specifying jdk.tls.namedGroups in javasystem * ec_min_size: introduce and use in java, default to 256 * java: use and include jdk.disabled.namedCurves * BSI: Update BSI policy for new 2024 minimum recommendations * fips-mode-setup: flashy ticking warning upon use * fips-mode-setup: add another scary "unsupported" * BSI: switch to 3072 minimum RSA key size * java: make hash, mac and sign more orthogonal * java: specify jdk.tls.namedGroups system property * java: respect more key size restrictions * java: disable anon ciphersuites, tying them to NULL... * java: start controlling / disable DTLSv1.0 * nss: wire KYBER768 to XYBER768D00 * Update to version 20250425.9267dee: * openssl: fix mistakes in integrity-only cipher definitions * NO-PQ, cryptopolicies: add experimental value suppression * nss: add mlkem768x25519 and mlkem768secp256r1 * gnutls: 'allow-rsa-pkcs1-encrypt = false' everywhere but in LEGACY * TEST-PQ, openssh: add support for MLKEM768 key_exchange * LEGACY: drop cipher at pkcs12 = SEED-CBC * fips-crypto-policy-overlay: automount FIPS policy, follow-up fixes * nss: TLS-REQUIRE-EMS in FIPS * DEFAULT: disable RSA key exchange * LEGACY: disable sign = *-SHA1 * nss: wire XYBER768D00 to X25519-KYBER768, not KYBER768 * Add the FIPS scripts fips-finish-install and fips-mode-setup as sources in the spec file as they have been removed upstream. * We will maintain these scripts downstream. * Update the man pages for update-crypto-policies.8.gz * Add crypto policies FIPS output * Add man pages in text file in compressed form in the file man-fips-scripts.tar.xz and add them to the Makefile. * Update to version 20250324.3714354: * NO-PQ: introduce * LEGACY/DEFAULT/FUTURE: enable hybrid ML-KEM and pure ML-DSA * _openssl_block_sha1_signatures: flip the default to 1 * sequoia: add sha3, x25519, ed25519, x448, ed448, but not for rpm-sequoia * sequoia: refactor a bit * openssl: specify default key size for req * gnutls: support P384-MLKEM1024 * openssl: stop generating `openssl` in favour of `opensslcnf` * gnutls: drop kyber (switching to leancrypto took it away) * openssl: use both names for P384-MLKEM1024 * Detect the presence of nss-policy-check * Don't use hardcoded python3 path * Make xsltproc settable as XSLTPROC * python/cryptopolicies/validation/scope.py: fix new ruff rule RUF021 * Update the info in the README.SUSE file * Remove the FEDORA policies and directories ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-544=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-544=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * crypto-policies-scripts-20250714.cd6043a-160000.1.1 * crypto-policies-20250714.cd6043a-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * crypto-policies-scripts-20250714.cd6043a-160000.1.1 * crypto-policies-20250714.cd6043a-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1252696 * https://bugzilla.suse.com/show_bug.cgi?id=1253025 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:32:19 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:32:19 -0000 Subject: SUSE-SU-2026:21209-1: important: Security update for gdk-pixbuf Message-ID: <177677473969.7580.1181965804695626734@5a8be24cc32b> # Security update for gdk-pixbuf Announcement ID: SUSE-SU-2026:21209-1 Release Date: 2026-04-17T07:53:37Z Rating: important References: * bsc#1261210 Cross-References: * CVE-2026-5201 CVSS scores: * CVE-2026-5201 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-5201 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5201 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for gdk-pixbuf fixes the following issue: * CVE-2026-5201: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (bsc#1261210). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-581=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-581=1 ## Package List: * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libgdk_pixbuf-2_0-0-2.42.12-160000.4.1 * gdk-pixbuf-query-loaders-2.42.12-160000.4.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-160000.4.1 * gdk-pixbuf-debugsource-2.42.12-160000.4.1 * gdk-pixbuf-devel-2.42.12-160000.4.1 * gdk-pixbuf-query-loaders-debuginfo-2.42.12-160000.4.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-160000.4.1 * gdk-pixbuf-devel-debuginfo-2.42.12-160000.4.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-160000.4.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-160000.4.1 * gdk-pixbuf-thumbnailer-2.42.12-160000.4.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * gdk-pixbuf-lang-2.42.12-160000.4.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libgdk_pixbuf-2_0-0-2.42.12-160000.4.1 * gdk-pixbuf-query-loaders-2.42.12-160000.4.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-160000.4.1 * gdk-pixbuf-debugsource-2.42.12-160000.4.1 * gdk-pixbuf-devel-2.42.12-160000.4.1 * gdk-pixbuf-query-loaders-debuginfo-2.42.12-160000.4.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-160000.4.1 * gdk-pixbuf-devel-debuginfo-2.42.12-160000.4.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-160000.4.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-160000.4.1 * gdk-pixbuf-thumbnailer-2.42.12-160000.4.1 * SUSE Linux Enterprise Server 16.0 (noarch) * gdk-pixbuf-lang-2.42.12-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5201.html * https://bugzilla.suse.com/show_bug.cgi?id=1261210 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:03 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:33:03 -0000 Subject: SUSE-RU-2026:21201-1: moderate: Recommended update for x3270 Message-ID: <177677478311.7580.9991272363806325480@5a8be24cc32b> # Recommended update for x3270 Announcement ID: SUSE-RU-2026:21201-1 Release Date: 2026-04-16T08:15:42Z Rating: moderate References: * jsc#PED-15247 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that contains one feature can now be installed. ## Description: This update for x3270 fixes the following issues: * Upgrade x3270 to version 4.5ga5: * 4.5ga5: * wc3270 now turns off Quick Edit mode at run-time, so it is no longer necessary to turn it off in the Console Properties. * The wc3270 OIA is the now same color (host color Blue) as the other emulators. * wc3270 now runs in a very limited way in a Windows Terminal window. * Mouse double-clicks in wc3270 are no longer confused by DBCS characters. * 4.5beta4: * PF keys 1 through 4 now work properly when running a curses-based application as a local process. * 4.5alpha3: * The X Inhibit state, which was never part of the behavior of a real 3270, has been removed. * The KeyboardLockDetail and ReplyMode queries have been added. * PrintText(html) has been enhanced to render APL underlined alphabetics accurately. * All APL characters are always returned to the host with a Graphic Escape (GE), regardless of the reply mode. * In a Read Modified reply sent to the host in character reply mode, extended field character set attributes are reported with a Set Attribute order. * Support for Ukrainian code pages (1123 and 1158) has been added. * c3270 support for 256-color terminals has been added. * c3270 fixed screen elements (menus, OIA) no longer use separate curses colors. * The c3270 CursesColorForProtectedIntensified, CursesColorForProtected, CursesColorForIntensified and CursesColorForDefault resources have been deprecated. * The program name is no longer duplicated in trace file headers. * APL characters are now displayed correctly by the emulators and returned correctly by Ascii1(), Ascii(), PrintText() and ReadBuffer() when they occur inside APL extended fields * Non-APL characters are no longer accepted as input in APL extended fields. * APL underlined alphabetic characters are now displayed correctly by all of the emulators and returned correctly by Ascii1(), Ascii(), PrintText() and ReadBuffer(). * Untranslatable characters are no longer returned incorrectly by ReadBuffer(ascii). * Wrapped DBCS characters and the text that follows them are no longer displayed incorrectly by x3270. * A buffer overrun bug in processing the Set Reply Mode structured field has been fixed. * DBCS operator error state is now displayed in the OIA by c3270 and wc3270. * x3270 no longer corrupts the screen display when a DBCS character is replaced with an SBCS character by keyboard input. * The c3270 and wc3270 on-screen keypad is no longer corrupted when DBCS text is on the screen. * The EraseEOF() action no longer clears the character set extended attributes in a field when the emulator is in field or extended field reply mode. * 4.5alpha2: * The build system has been overhauled for Windows cross-compilation. * Trace messages now have category headings. * x3270if now builds on BSD-based systems. * The SOURCE_DATA_EPOCH environment variable is now supported correctly by the build process. * 4.5alpha1: * Support for DBCS code pages 933 (korean) and 1364 has been added. * PageUp() and PageDown() actions have been added, and NVT-mode behaviors have been added to Home() and FieldEnd(). * A -nomargin option has been added to the PasteString(), Paste() and insert-selection() actions, to disable automatic margin wrapping for a single operation. * x3270 now supports background color. * Removed obsolete patches * Amended the .spec file (jsc#PED-15247) * Removed the update-desktop-files dependencies * Removed the 'x3270.desktop' file ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-568=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-568=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * x3270-debugsource-4.5-160000.1.1 * x3270-4.5-160000.1.1 * x3270-debuginfo-4.5-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * x3270-debugsource-4.5-160000.1.1 * x3270-4.5-160000.1.1 * x3270-debuginfo-4.5-160000.1.1 ## References: * https://jira.suse.com/browse/PED-15247 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:10 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:33:10 -0000 Subject: SUSE-SU-2026:21200-1: moderate: Security update for go1.25 Message-ID: <177677479057.7580.13090670270527289538@5a8be24cc32b> # Security update for go1.25 Announcement ID: SUSE-SU-2026:21200-1 Release Date: 2026-04-16T07:24:09Z Rating: moderate References: * bsc#1244485 * bsc#1259264 * bsc#1259265 * bsc#1259268 Cross-References: * CVE-2026-25679 * CVE-2026-27139 * CVE-2026-27142 CVSS scores: * CVE-2026-25679 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-25679 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2026-25679 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27139 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-27139 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-27139 ( NVD ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-27142 ( SUSE ): 5.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-27142 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2026-27142 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves three vulnerabilities and has one fix can now be installed. ## Description: This update for go1.25 fixes the following issues: Update to go1.25.8 (bsc#1244485): * CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264). * CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268). * CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265). Changelog: * go#77253 cmd/compile: miscompile of global array initialization * go#77406 os: Go 1.25.x regression on RemoveAll for windows * go#77413 runtime: netpollinit() incorrectly prints the error from linux.Eventfd * go#77438 cmd/go: CGO compilation fails after upgrading from Go 1.25.5 to 1.25.6 due to --define-variable flag in pkg-config * go#77531 net/smtp: expiry date of localhostCert for testing is too short ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-511=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-511=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * go1.25-doc-1.25.8-160000.1.1 * go1.25-1.25.8-160000.1.1 * go1.25-race-1.25.8-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 x86_64) * go1.25-libstd-debuginfo-1.25.8-160000.1.1 * go1.25-debuginfo-1.25.8-160000.1.1 * go1.25-libstd-1.25.8-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * go1.25-doc-1.25.8-160000.1.1 * go1.25-1.25.8-160000.1.1 * go1.25-race-1.25.8-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * go1.25-libstd-debuginfo-1.25.8-160000.1.1 * go1.25-debuginfo-1.25.8-160000.1.1 * go1.25-libstd-1.25.8-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-25679.html * https://www.suse.com/security/cve/CVE-2026-27139.html * https://www.suse.com/security/cve/CVE-2026-27142.html * https://bugzilla.suse.com/show_bug.cgi?id=1244485 * https://bugzilla.suse.com/show_bug.cgi?id=1259264 * https://bugzilla.suse.com/show_bug.cgi?id=1259265 * https://bugzilla.suse.com/show_bug.cgi?id=1259268 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:14 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:33:14 -0000 Subject: SUSE-RU-2026:21199-1: important: Recommended update for cloud-netconfig Message-ID: <177677479487.7580.8708692639587876185@5a8be24cc32b> # Recommended update for cloud-netconfig Announcement ID: SUSE-RU-2026:21199-1 Release Date: 2026-04-15T15:00:19Z Rating: important References: * bsc#1258406 * bsc#1258730 * jsc#PED-15774 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that contains one feature and has two fixes can now be installed. ## Description: This update for cloud-netconfig fixes the following issues: * Update to version 1.20: * Fix %suse_version use in spec file (jsc#PED-15774) * Update to version 1.19: * Make sure IPADDR variable is stripped of netmask * Update to version 1.18: * Fix issue with link-local address routing (bsc#1258730) * Update to version 1.17: * Do not set broadcast address explicitly (bsc#1258406) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-566=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-566=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * cloud-netconfig-azure-1.20-160000.1.1 * cloud-netconfig-ec2-1.20-160000.1.1 * cloud-netconfig-gce-1.20-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * cloud-netconfig-azure-1.20-160000.1.1 * cloud-netconfig-ec2-1.20-160000.1.1 * cloud-netconfig-gce-1.20-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1258406 * https://bugzilla.suse.com/show_bug.cgi?id=1258730 * https://jira.suse.com/browse/PED-15774 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:32:58 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:32:58 -0000 Subject: SUSE-SU-2026:21203-1: important: Security update for strongswan Message-ID: <177677477890.7580.9595106416980945899@5a8be24cc32b> # Security update for strongswan Announcement ID: SUSE-SU-2026:21203-1 Release Date: 2026-04-16T09:06:50Z Rating: important References: * bsc#1257359 * bsc#1259472 Cross-References: * CVE-2025-9615 * CVE-2026-25075 CVSS scores: * CVE-2025-9615 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-9615 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-25075 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25075 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25075 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25075 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for strongswan fixes the following issues: Update to strongswan 6.0.4: * CVE-2025-9615: NetworkManager File Access (bsc#1257359). * CVE-2026-25075: Integer Underflow When Handling EAP-TTLS AVP (bsc#1259472). Changes for strongswan: * Fixed a vulnerability in the NetworkManager plugin that potentially allows using credentials of other local users. This vulnerability has been registered as CVE-2025-9615. * The maximum supported length for section names in swanctl.conf has been increased to the upper limit of 256 characters that's enforced by VICI. * Prevent a crash if a confused peer rekeys a Child SA twice before sending a delete. * Fixed a memory leak if a peer's self-signed certificate is untrusted. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-570=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-570=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * strongswan-sqlite-6.0.4-160000.1.1 * strongswan-fips-6.0.4-160000.1.1 * strongswan-6.0.4-160000.1.1 * strongswan-ipsec-debuginfo-6.0.4-160000.1.1 * strongswan-mysql-6.0.4-160000.1.1 * strongswan-nm-6.0.4-160000.1.1 * strongswan-ipsec-6.0.4-160000.1.1 * strongswan-nm-debuginfo-6.0.4-160000.1.1 * strongswan-sqlite-debuginfo-6.0.4-160000.1.1 * strongswan-mysql-debuginfo-6.0.4-160000.1.1 * strongswan-debugsource-6.0.4-160000.1.1 * strongswan-debuginfo-6.0.4-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * strongswan-doc-6.0.4-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * strongswan-sqlite-6.0.4-160000.1.1 * strongswan-fips-6.0.4-160000.1.1 * strongswan-6.0.4-160000.1.1 * strongswan-ipsec-debuginfo-6.0.4-160000.1.1 * strongswan-mysql-6.0.4-160000.1.1 * strongswan-nm-6.0.4-160000.1.1 * strongswan-ipsec-6.0.4-160000.1.1 * strongswan-nm-debuginfo-6.0.4-160000.1.1 * strongswan-sqlite-debuginfo-6.0.4-160000.1.1 * strongswan-mysql-debuginfo-6.0.4-160000.1.1 * strongswan-debugsource-6.0.4-160000.1.1 * strongswan-debuginfo-6.0.4-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * strongswan-doc-6.0.4-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-9615.html * https://www.suse.com/security/cve/CVE-2026-25075.html * https://bugzilla.suse.com/show_bug.cgi?id=1257359 * https://bugzilla.suse.com/show_bug.cgi?id=1259472 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:17 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:33:17 -0000 Subject: SUSE-RU-2026:21198-1: moderate: Recommended update for php8 Message-ID: <177677479788.7580.16042053200448286146@5a8be24cc32b> # Recommended update for php8 Announcement ID: SUSE-RU-2026:21198-1 Release Date: 2026-04-15T09:51:08Z Rating: moderate References: * bsc#1256905 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for php8 fixes the following issues: * Fix: phar.phar not working (bsc#1256905) * remove incorrect patch ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-564=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-564=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * php8-ldap-debuginfo-8.4.16-160000.2.1 * php8-sqlite-8.4.16-160000.2.1 * php8-ffi-debuginfo-8.4.16-160000.2.1 * php8-xmlwriter-debuginfo-8.4.16-160000.2.1 * php8-calendar-8.4.16-160000.2.1 * php8-gmp-debuginfo-8.4.16-160000.2.1 * php8-dom-debuginfo-8.4.16-160000.2.1 * php8-fpm-debuginfo-8.4.16-160000.2.1 * php8-enchant-8.4.16-160000.2.1 * php8-pcntl-debuginfo-8.4.16-160000.2.1 * php8-fpm-debugsource-8.4.16-160000.2.1 * php8-soap-debuginfo-8.4.16-160000.2.1 * php8-readline-8.4.16-160000.2.1 * php8-bcmath-8.4.16-160000.2.1 * php8-snmp-debuginfo-8.4.16-160000.2.1 * php8-gd-debuginfo-8.4.16-160000.2.1 * php8-sysvsem-debuginfo-8.4.16-160000.2.1 * php8-ffi-8.4.16-160000.2.1 * php8-sodium-8.4.16-160000.2.1 * php8-zlib-8.4.16-160000.2.1 * apache2-mod_php8-debugsource-8.4.16-160000.2.1 * php8-readline-debuginfo-8.4.16-160000.2.1 * php8-enchant-debuginfo-8.4.16-160000.2.1 * php8-sodium-debuginfo-8.4.16-160000.2.1 * php8-sysvshm-debuginfo-8.4.16-160000.2.1 * php8-opcache-8.4.16-160000.2.1 * php8-xmlreader-debuginfo-8.4.16-160000.2.1 * php8-opcache-debuginfo-8.4.16-160000.2.1 * php8-ctype-debuginfo-8.4.16-160000.2.1 * php8-shmop-debuginfo-8.4.16-160000.2.1 * php8-sysvsem-8.4.16-160000.2.1 * php8-sqlite-debuginfo-8.4.16-160000.2.1 * php8-xsl-debuginfo-8.4.16-160000.2.1 * php8-snmp-8.4.16-160000.2.1 * php8-curl-debuginfo-8.4.16-160000.2.1 * php8-mysql-8.4.16-160000.2.1 * php8-debuginfo-8.4.16-160000.2.1 * php8-ldap-8.4.16-160000.2.1 * php8-tokenizer-8.4.16-160000.2.1 * php8-soap-8.4.16-160000.2.1 * php8-sysvmsg-8.4.16-160000.2.1 * php8-ctype-8.4.16-160000.2.1 * php8-fileinfo-8.4.16-160000.2.1 * php8-ftp-debuginfo-8.4.16-160000.2.1 * php8-curl-8.4.16-160000.2.1 * php8-ftp-8.4.16-160000.2.1 * php8-odbc-8.4.16-160000.2.1 * php8-tokenizer-debuginfo-8.4.16-160000.2.1 * apache2-mod_php8-debuginfo-8.4.16-160000.2.1 * php8-bz2-8.4.16-160000.2.1 * php8-dba-8.4.16-160000.2.1 * php8-shmop-8.4.16-160000.2.1 * php8-gettext-8.4.16-160000.2.1 * php8-tidy-8.4.16-160000.2.1 * php8-pdo-8.4.16-160000.2.1 * php8-iconv-8.4.16-160000.2.1 * php8-gd-8.4.16-160000.2.1 * php8-xsl-8.4.16-160000.2.1 * php8-zlib-debuginfo-8.4.16-160000.2.1 * php8-openssl-debuginfo-8.4.16-160000.2.1 * php8-posix-debuginfo-8.4.16-160000.2.1 * php8-tidy-debuginfo-8.4.16-160000.2.1 * apache2-mod_php8-8.4.16-160000.2.1 * php8-intl-8.4.16-160000.2.1 * php8-cli-debuginfo-8.4.16-160000.2.1 * php8-sysvshm-8.4.16-160000.2.1 * php8-openssl-8.4.16-160000.2.1 * php8-exif-8.4.16-160000.2.1 * php8-calendar-debuginfo-8.4.16-160000.2.1 * php8-sockets-debuginfo-8.4.16-160000.2.1 * php8-embed-debugsource-8.4.16-160000.2.1 * php8-fpm-8.4.16-160000.2.1 * php8-mbstring-8.4.16-160000.2.1 * php8-phar-8.4.16-160000.2.1 * php8-odbc-debuginfo-8.4.16-160000.2.1 * php8-sysvmsg-debuginfo-8.4.16-160000.2.1 * php8-pgsql-8.4.16-160000.2.1 * php8-gettext-debuginfo-8.4.16-160000.2.1 * php8-posix-8.4.16-160000.2.1 * php8-bcmath-debuginfo-8.4.16-160000.2.1 * php8-embed-8.4.16-160000.2.1 * php8-fastcgi-8.4.16-160000.2.1 * php8-iconv-debuginfo-8.4.16-160000.2.1 * php8-xmlwriter-8.4.16-160000.2.1 * php8-dba-debuginfo-8.4.16-160000.2.1 * php8-8.4.16-160000.2.1 * php8-devel-8.4.16-160000.2.1 * php8-pgsql-debuginfo-8.4.16-160000.2.1 * php8-pdo-debuginfo-8.4.16-160000.2.1 * php8-debugsource-8.4.16-160000.2.1 * php8-fastcgi-debuginfo-8.4.16-160000.2.1 * php8-mbstring-debuginfo-8.4.16-160000.2.1 * php8-fastcgi-debugsource-8.4.16-160000.2.1 * php8-cli-8.4.16-160000.2.1 * php8-gmp-8.4.16-160000.2.1 * php8-pcntl-8.4.16-160000.2.1 * php8-intl-debuginfo-8.4.16-160000.2.1 * php8-zip-8.4.16-160000.2.1 * php8-fileinfo-debuginfo-8.4.16-160000.2.1 * php8-embed-debuginfo-8.4.16-160000.2.1 * php8-zip-debuginfo-8.4.16-160000.2.1 * php8-mysql-debuginfo-8.4.16-160000.2.1 * php8-phar-debuginfo-8.4.16-160000.2.1 * php8-exif-debuginfo-8.4.16-160000.2.1 * php8-xmlreader-8.4.16-160000.2.1 * php8-dom-8.4.16-160000.2.1 * php8-sockets-8.4.16-160000.2.1 * php8-bz2-debuginfo-8.4.16-160000.2.1 * SUSE Linux Enterprise Server 16.0 (noarch) * php8-fpm-apache-8.4.16-160000.2.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * php8-ldap-debuginfo-8.4.16-160000.2.1 * php8-sqlite-8.4.16-160000.2.1 * php8-ffi-debuginfo-8.4.16-160000.2.1 * php8-xmlwriter-debuginfo-8.4.16-160000.2.1 * php8-calendar-8.4.16-160000.2.1 * php8-gmp-debuginfo-8.4.16-160000.2.1 * php8-dom-debuginfo-8.4.16-160000.2.1 * php8-fpm-debuginfo-8.4.16-160000.2.1 * php8-enchant-8.4.16-160000.2.1 * php8-pcntl-debuginfo-8.4.16-160000.2.1 * php8-fpm-debugsource-8.4.16-160000.2.1 * php8-soap-debuginfo-8.4.16-160000.2.1 * php8-readline-8.4.16-160000.2.1 * php8-bcmath-8.4.16-160000.2.1 * php8-snmp-debuginfo-8.4.16-160000.2.1 * php8-gd-debuginfo-8.4.16-160000.2.1 * php8-sysvsem-debuginfo-8.4.16-160000.2.1 * php8-ffi-8.4.16-160000.2.1 * php8-sodium-8.4.16-160000.2.1 * php8-zlib-8.4.16-160000.2.1 * apache2-mod_php8-debugsource-8.4.16-160000.2.1 * php8-readline-debuginfo-8.4.16-160000.2.1 * php8-enchant-debuginfo-8.4.16-160000.2.1 * php8-sodium-debuginfo-8.4.16-160000.2.1 * php8-sysvshm-debuginfo-8.4.16-160000.2.1 * php8-opcache-8.4.16-160000.2.1 * php8-xmlreader-debuginfo-8.4.16-160000.2.1 * php8-opcache-debuginfo-8.4.16-160000.2.1 * php8-ctype-debuginfo-8.4.16-160000.2.1 * php8-shmop-debuginfo-8.4.16-160000.2.1 * php8-sysvsem-8.4.16-160000.2.1 * php8-sqlite-debuginfo-8.4.16-160000.2.1 * php8-xsl-debuginfo-8.4.16-160000.2.1 * php8-snmp-8.4.16-160000.2.1 * php8-curl-debuginfo-8.4.16-160000.2.1 * php8-mysql-8.4.16-160000.2.1 * php8-debuginfo-8.4.16-160000.2.1 * php8-ldap-8.4.16-160000.2.1 * php8-tokenizer-8.4.16-160000.2.1 * php8-soap-8.4.16-160000.2.1 * php8-sysvmsg-8.4.16-160000.2.1 * php8-ctype-8.4.16-160000.2.1 * php8-fileinfo-8.4.16-160000.2.1 * php8-ftp-debuginfo-8.4.16-160000.2.1 * php8-curl-8.4.16-160000.2.1 * php8-ftp-8.4.16-160000.2.1 * php8-odbc-8.4.16-160000.2.1 * php8-tokenizer-debuginfo-8.4.16-160000.2.1 * apache2-mod_php8-debuginfo-8.4.16-160000.2.1 * php8-bz2-8.4.16-160000.2.1 * php8-dba-8.4.16-160000.2.1 * php8-shmop-8.4.16-160000.2.1 * php8-gettext-8.4.16-160000.2.1 * php8-tidy-8.4.16-160000.2.1 * php8-pdo-8.4.16-160000.2.1 * php8-iconv-8.4.16-160000.2.1 * php8-gd-8.4.16-160000.2.1 * php8-xsl-8.4.16-160000.2.1 * php8-zlib-debuginfo-8.4.16-160000.2.1 * php8-openssl-debuginfo-8.4.16-160000.2.1 * php8-posix-debuginfo-8.4.16-160000.2.1 * php8-tidy-debuginfo-8.4.16-160000.2.1 * apache2-mod_php8-8.4.16-160000.2.1 * php8-intl-8.4.16-160000.2.1 * php8-cli-debuginfo-8.4.16-160000.2.1 * php8-sysvshm-8.4.16-160000.2.1 * php8-openssl-8.4.16-160000.2.1 * php8-exif-8.4.16-160000.2.1 * php8-calendar-debuginfo-8.4.16-160000.2.1 * php8-sockets-debuginfo-8.4.16-160000.2.1 * php8-embed-debugsource-8.4.16-160000.2.1 * php8-fpm-8.4.16-160000.2.1 * php8-mbstring-8.4.16-160000.2.1 * php8-phar-8.4.16-160000.2.1 * php8-odbc-debuginfo-8.4.16-160000.2.1 * php8-sysvmsg-debuginfo-8.4.16-160000.2.1 * php8-pgsql-8.4.16-160000.2.1 * php8-gettext-debuginfo-8.4.16-160000.2.1 * php8-posix-8.4.16-160000.2.1 * php8-bcmath-debuginfo-8.4.16-160000.2.1 * php8-embed-8.4.16-160000.2.1 * php8-fastcgi-8.4.16-160000.2.1 * php8-iconv-debuginfo-8.4.16-160000.2.1 * php8-xmlwriter-8.4.16-160000.2.1 * php8-dba-debuginfo-8.4.16-160000.2.1 * php8-8.4.16-160000.2.1 * php8-devel-8.4.16-160000.2.1 * php8-pgsql-debuginfo-8.4.16-160000.2.1 * php8-pdo-debuginfo-8.4.16-160000.2.1 * php8-debugsource-8.4.16-160000.2.1 * php8-fastcgi-debuginfo-8.4.16-160000.2.1 * php8-mbstring-debuginfo-8.4.16-160000.2.1 * php8-fastcgi-debugsource-8.4.16-160000.2.1 * php8-cli-8.4.16-160000.2.1 * php8-gmp-8.4.16-160000.2.1 * php8-pcntl-8.4.16-160000.2.1 * php8-intl-debuginfo-8.4.16-160000.2.1 * php8-zip-8.4.16-160000.2.1 * php8-fileinfo-debuginfo-8.4.16-160000.2.1 * php8-embed-debuginfo-8.4.16-160000.2.1 * php8-zip-debuginfo-8.4.16-160000.2.1 * php8-mysql-debuginfo-8.4.16-160000.2.1 * php8-phar-debuginfo-8.4.16-160000.2.1 * php8-exif-debuginfo-8.4.16-160000.2.1 * php8-xmlreader-8.4.16-160000.2.1 * php8-dom-8.4.16-160000.2.1 * php8-sockets-8.4.16-160000.2.1 * php8-bz2-debuginfo-8.4.16-160000.2.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * php8-fpm-apache-8.4.16-160000.2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1256905 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:02 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:33:02 -0000 Subject: SUSE-RU-2026:21202-1: moderate: Recommended update for AppStream Message-ID: <177677478200.7580.9604932784685372899@5a8be24cc32b> # Recommended update for AppStream Announcement ID: SUSE-RU-2026:21202-1 Release Date: 2026-04-16T08:36:38Z Rating: moderate References: * bsc#1239941 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that has one fix can now be installed. ## Description: This update for AppStream fixes the following issues: Changes in AppStream: * Make qt6 the default qt flavor and qt5 the flavor built separately and disable the qt5 flavor in SLE16 where we don't want to have Qt5 libraries. Update to 1.0.5: Features: * qt: Expose markup conversion utils * desktop-styles: Add android and iOS * validator: Check for xml:lang="en" being used on description template elements * validator: Flag cases of raw text in "description" elements * metadata: Add more known extensions into as_metadata_file_guess_style() Specification: * docs: Clarify that the style segment of a screenshot environment is optional * docs: Explain consequences of defining an icon for desktop-app metainfo * docs: Clarify that description content must be in p/li elements Bugfixes: * validator: mark as_validator_issue_tag_list static * docs: Add workaround for gi-docgen misnaming devhelp files * compose: Do not permit SVG images as screenshots * compose: Don't "forget" to scan remaining paths when re-encountering a dir * pool: Try explicit singular term match if we only have low-quality tokens * utils: Provide compatibility with Fedora icon tarballs when installing them * utils: Remove leftover g_chmod() * zstd-decompressor: Pass output/written data when decompression finished * utils: Expect a dash in icons file name * utils: Recognize .yml _and .yaml_ file extension variants, and .zst extension * utils: Rename the appstream file when re-saving it on install ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-569=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-569=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libappstream5-debuginfo-1.0.5-160000.1.1 * AppStream-debuginfo-1.0.5-160000.1.1 * libappstream5-1.0.5-160000.1.1 * AppStream-debugsource-1.0.5-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * AppStream-doc-1.0.5-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * libappstream5-debuginfo-1.0.5-160000.1.1 * AppStream-debuginfo-1.0.5-160000.1.1 * libappstream5-1.0.5-160000.1.1 * AppStream-debugsource-1.0.5-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * AppStream-doc-1.0.5-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1239941 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:33:46 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:33:46 -0000 Subject: SUSE-SU-2026:21191-1: important: Security update for cockpit-subscriptions Message-ID: <177677482644.7580.5224525822833766820@5a8be24cc32b> # Security update for cockpit-subscriptions Announcement ID: SUSE-SU-2026:21191-1 Release Date: 2026-04-14T12:10:22Z Rating: important References: * bsc#1258637 Cross-References: * CVE-2026-26996 CVSS scores: * CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-26996 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26996 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for cockpit-subscriptions fixes the following issue: * CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258637). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-555=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-555=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * cockpit-subscriptions-12.1-160000.3.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (noarch) * cockpit-subscriptions-12.1-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-26996.html * https://bugzilla.suse.com/show_bug.cgi?id=1258637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:31:36 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:31:36 -0000 Subject: SUSE-SU-2026:21217-1: important: Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Message-ID: <177677469670.7580.11360299748300614673@5a8be24cc32b> # Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:21217-1 Release Date: 2026-04-11T07:40:52Z Rating: important References: * bsc#1252036 * bsc#1252689 * bsc#1253404 * bsc#1256780 * bsc#1257238 * bsc#1258051 * bsc#1258183 * bsc#1258784 Cross-References: * CVE-2025-39973 * CVE-2025-40018 * CVE-2025-40159 * CVE-2025-71120 * CVE-2026-22999 * CVE-2026-23074 * CVE-2026-23111 * CVE-2026-23209 CVSS scores: * CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40159 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40159 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-71120 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-71120 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-71120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves eight vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: * CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036). * CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689). * CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404). * CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780). * CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051). * CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183). * CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-530=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-530=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_5-default-debuginfo-9-160000.4.3 * kernel-livepatch-SLE16_Update_0-debugsource-9-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-9-160000.4.3 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-6_12_0-160000_5-default-debuginfo-9-160000.4.3 * kernel-livepatch-SLE16_Update_0-debugsource-9-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-9-160000.4.3 ## References: * https://www.suse.com/security/cve/CVE-2025-39973.html * https://www.suse.com/security/cve/CVE-2025-40018.html * https://www.suse.com/security/cve/CVE-2025-40159.html * https://www.suse.com/security/cve/CVE-2025-71120.html * https://www.suse.com/security/cve/CVE-2026-22999.html * https://www.suse.com/security/cve/CVE-2026-23074.html * https://www.suse.com/security/cve/CVE-2026-23111.html * https://www.suse.com/security/cve/CVE-2026-23209.html * https://bugzilla.suse.com/show_bug.cgi?id=1252036 * https://bugzilla.suse.com/show_bug.cgi?id=1252689 * https://bugzilla.suse.com/show_bug.cgi?id=1253404 * https://bugzilla.suse.com/show_bug.cgi?id=1256780 * https://bugzilla.suse.com/show_bug.cgi?id=1257238 * https://bugzilla.suse.com/show_bug.cgi?id=1258051 * https://bugzilla.suse.com/show_bug.cgi?id=1258183 * https://bugzilla.suse.com/show_bug.cgi?id=1258784 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 12:31:47 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 12:31:47 -0000 Subject: SUSE-SU-2026:21215-1: moderate: Security update for patterns-glibc-hwcaps Message-ID: <177677470755.7580.10657609046586596154@5a8be24cc32b> # Security update for patterns-glibc-hwcaps Announcement ID: SUSE-SU-2026:21215-1 Release Date: 2026-04-09T08:56:02Z Rating: moderate References: Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that can now be installed. ## Description: This update for patterns-glibc-hwcaps fixes the following issues: The pattern is moved from PackageHub to regular SLES. It requires packages for the x86_64 v3 architecture and is automatically pulled in when this architecture is present. These packages are optimized for the x86_64 v3 architecture to increase performance. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-494=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-494=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (x86_64) * patterns-glibc-hwcaps-x86_64_v3-20230201-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64) * patterns-glibc-hwcaps-x86_64_v3-20230201-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:30:33 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 16:30:33 -0000 Subject: SUSE-SU-2026:21228-1: important: Security update 5.1.3 for Multi-Linux Manager Client Tools and Salt Bundle Message-ID: <177678903304.35.3629530013735513173@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Client Tools and Salt Bundle Announcement ID: SUSE-SU-2026:21228-1 Release Date: 2026-04-21T07:59:37Z Rating: important References: * bsc#1250367 * bsc#1252548 * bsc#1252964 * bsc#1254154 * bsc#1254619 * bsc#1254629 * bsc#1257447 * bsc#1257660 * bsc#1257831 * bsc#1257941 * bsc#1258015 * bsc#1258418 * bsc#1258927 * bsc#1258957 * bsc#1259208 * bsc#1259553 * bsc#1259554 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SLE 16 An update that solves one vulnerability and has 16 fixes can now be installed. ## Description: This update fixes the following issues: Implementation of Grafana and Prometheus observability packages: * golang-github-QubitProducts-exporter_exporter * golang-github-boynux-squid_exporter * golang-github-lusitaniae-apache_exporter * golang-github-prometheus-alertmanager * golang-github-prometheus-node_exporter * golang-github-prometheus-prometheus * golang-github-prometheus-promu * grafana * prometheus-blackbox_exporter * prometheus-postgres_exporter * system-user-grafana * system-user-prometheus spacecmd: * Version 5.1.13-0 * Update translation strings uyuni-tools: * Version 5.1.26-0 * Fixed applying PTF with images from RPMs (bsc#1252548) * Fixed Ssl Key file that can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fixed default value for helm registry (bsc#1258927). * Removed hub register command * Optimized postgres migration disk space usage (bsc#1257447) * Added continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) * Version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) venv-salt-minion: * Security issues fixed: * CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing (bsc#1259554) * Added x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fixed ansible.playbooks extra-vars quoting (bsc#1257831) * Fixed virtualenv call in test helper to use proper python version * Fixed the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fixed the typo causing buiding EL9 bundle without binary dependencies ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE 16 zypper in -t patch Multi-Linux-ManagerTools-SLE-16-3=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE 16 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-prometheus-debuginfo-3.5.0-160002.1.1 * golang-github-boynux-squid_exporter-1.13.0-160002.1.1 * prometheus-blackbox_exporter-debuginfo-0.26.0-160002.1.1 * golang-github-lusitaniae-apache_exporter-1.0.10-160002.1.1 * golang-github-lusitaniae-apache_exporter-debuginfo-1.0.10-160002.1.1 * golang-github-QubitProducts-exporter_exporter-debuginfo-0.4.0-160002.2.1 * grafana-debuginfo-11.6.14+security01-160002.1.1 * golang-github-QubitProducts-exporter_exporter-0.4.0-160002.2.1 * golang-github-prometheus-alertmanager-debuginfo-0.28.1-160002.1.1 * prometheus-postgres_exporter-0.10.1-160002.1.1 * mgrctl-5.1.26-160002.1.1 * prometheus-postgres_exporter-debuginfo-0.10.1-160002.1.1 * golang-github-prometheus-node_exporter-debuginfo-1.9.1-160002.1.1 * grafana-11.6.14+security01-160002.1.1 * golang-github-prometheus-prometheus-3.5.0-160002.1.1 * mgrctl-debuginfo-5.1.26-160002.1.1 * venv-salt-minion-3006.0-160002.5.1 * prometheus-blackbox_exporter-0.26.0-160002.1.1 * golang-github-boynux-squid_exporter-debuginfo-1.13.0-160002.1.1 * golang-github-prometheus-alertmanager-0.28.1-160002.1.1 * golang-github-prometheus-node_exporter-1.9.1-160002.1.1 * SUSE Multi-Linux Manager Client Tools for SLE 16 (noarch) * mgrctl-lang-5.1.26-160002.1.1 * system-user-grafana-1.0.0-160002.1.1 * mgrctl-zsh-completion-5.1.26-160002.1.1 * system-user-prometheus-1.0.0-160002.1.1 * spacecmd-5.1.13-160002.1.1 * mgrctl-bash-completion-5.1.26-160002.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1250367 * https://bugzilla.suse.com/show_bug.cgi?id=1252548 * https://bugzilla.suse.com/show_bug.cgi?id=1252964 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254619 * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257447 * https://bugzilla.suse.com/show_bug.cgi?id=1257660 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1257941 * https://bugzilla.suse.com/show_bug.cgi?id=1258015 * https://bugzilla.suse.com/show_bug.cgi?id=1258418 * https://bugzilla.suse.com/show_bug.cgi?id=1258927 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259208 * https://bugzilla.suse.com/show_bug.cgi?id=1259553 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:30:40 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 16:30:40 -0000 Subject: SUSE-SU-2026:1513-1: important: Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise 15 SP6) Message-ID: <177678904034.35.5178923402149089448@46b3146b979a> # Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1513-1 Release Date: 2026-04-21T08:04:23Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.73 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1513=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1513=1 ## Package List: * openSUSE Leap 15.6 (x86_64) * kernel-livepatch-SLE15-SP6_Update_16-debugsource-6-150600.2.1 * kernel-livepatch-6_4_0-150600_23_73-default-6-150600.2.1 * kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-6-150600.2.1 * openSUSE Leap 15.6 (ppc64le s390x) * kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-6-150600.2.2 * kernel-livepatch-6_4_0-150600_23_73-default-6-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_16-debugsource-6-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x) * kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-6-150600.2.2 * kernel-livepatch-6_4_0-150600_23_73-default-6-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_16-debugsource-6-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-SLE15-SP6_Update_16-debugsource-6-150600.2.1 * kernel-livepatch-6_4_0-150600_23_73-default-6-150600.2.1 * kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-6-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:30:36 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 16:30:36 -0000 Subject: SUSE-SU-2026:1527-1: important: Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6) Message-ID: <177678903612.35.8387137524190982874@46b3146b979a> # Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1527-1 Release Date: 2026-04-21T10:34:38Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.84 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1527=1 SUSE-2026-1528=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1527=1 SUSE-SLE- Module-Live-Patching-15-SP6-2026-1528=1 ## Package List: * openSUSE Leap 15.6 (x86_64) * kernel-livepatch-SLE15-SP6_Update_18-debugsource-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_81-default-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_84-default-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-4-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_19-debugsource-4-150600.2.1 * openSUSE Leap 15.6 (ppc64le s390x) * kernel-livepatch-SLE15-SP6_Update_19-debugsource-4-150600.2.2 * kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-4-150600.2.2 * kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-4-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_18-debugsource-4-150600.2.2 * kernel-livepatch-6_4_0-150600_23_84-default-4-150600.2.2 * kernel-livepatch-6_4_0-150600_23_81-default-4-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x) * kernel-livepatch-SLE15-SP6_Update_19-debugsource-4-150600.2.2 * kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-4-150600.2.2 * kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-4-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_18-debugsource-4-150600.2.2 * kernel-livepatch-6_4_0-150600_23_84-default-4-150600.2.2 * kernel-livepatch-6_4_0-150600_23_81-default-4-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-SLE15-SP6_Update_18-debugsource-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_81-default-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_84-default-4-150600.2.1 * kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-4-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_19-debugsource-4-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:30:49 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 16:30:49 -0000 Subject: SUSE-SU-2026:1530-1: important: Security update for python311 Message-ID: <177678904907.35.8500811138264641706@46b3146b979a> # Security update for python311 Announcement ID: SUSE-SU-2026:1530-1 Release Date: 2026-04-21T11:04:59Z Rating: important References: * bsc#1259611 * bsc#1259734 * bsc#1259735 * bsc#1259989 * bsc#1260026 Cross-References: * CVE-2025-13462 * CVE-2026-3479 * CVE-2026-3644 * CVE-2026-4224 * CVE-2026-4519 CVSS scores: * CVE-2025-13462 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-13462 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-13462 ( NVD ): 2.0 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3479 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3479 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-3479 ( NVD ): 0.0 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-3644 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-3644 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-3644 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4224 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-4224 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-4224 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N * CVE-2026-4519 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N * CVE-2026-4519 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4519 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves five vulnerabilities can now be installed. ## Description: This update for python311 fixes the following issues: * CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611). * CVE-2026-3479: python: improper resource argument validation can allow path traversal (bsc#1259989). * CVE-2026-3644: incomplete control character validation in http.cookies (bsc#1259734). * CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735). * CVE-2026-4519: leading dashes in URLs are accepted by the `webbrowser.open()` API and allow for web browser command line option injection (bsc#1260026). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1530=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1530=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1530=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1530=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1530=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1530=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1530=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1530=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1530=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1530=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * python311-base-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-3.11.15-150400.9.85.1 * python311-curses-3.11.15-150400.9.85.1 * python311-idle-3.11.15-150400.9.85.1 * python311-debugsource-3.11.15-150400.9.85.1 * python311-devel-3.11.15-150400.9.85.1 * python311-core-debugsource-3.11.15-150400.9.85.1 * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-curses-debuginfo-3.11.15-150400.9.85.1 * python311-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-debuginfo-3.11.15-150400.9.85.1 * python311-doc-3.11.15-150400.9.85.1 * python311-doc-devhelp-3.11.15-150400.9.85.1 * python311-tk-3.11.15-150400.9.85.1 * python311-tk-debuginfo-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 * python311-tools-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * python311-base-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-3.11.15-150400.9.85.1 * python311-curses-3.11.15-150400.9.85.1 * python311-idle-3.11.15-150400.9.85.1 * python311-debugsource-3.11.15-150400.9.85.1 * python311-devel-3.11.15-150400.9.85.1 * python311-core-debugsource-3.11.15-150400.9.85.1 * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-curses-debuginfo-3.11.15-150400.9.85.1 * python311-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-debuginfo-3.11.15-150400.9.85.1 * python311-doc-3.11.15-150400.9.85.1 * python311-doc-devhelp-3.11.15-150400.9.85.1 * python311-tk-3.11.15-150400.9.85.1 * python311-tk-debuginfo-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 * python311-tools-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * python311-base-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-3.11.15-150400.9.85.1 * python311-curses-3.11.15-150400.9.85.1 * python311-idle-3.11.15-150400.9.85.1 * python311-debugsource-3.11.15-150400.9.85.1 * python311-devel-3.11.15-150400.9.85.1 * python311-core-debugsource-3.11.15-150400.9.85.1 * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-curses-debuginfo-3.11.15-150400.9.85.1 * python311-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-debuginfo-3.11.15-150400.9.85.1 * python311-doc-3.11.15-150400.9.85.1 * python311-doc-devhelp-3.11.15-150400.9.85.1 * python311-tk-3.11.15-150400.9.85.1 * python311-tk-debuginfo-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 * python311-tools-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * python311-base-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-3.11.15-150400.9.85.1 * python311-curses-3.11.15-150400.9.85.1 * python311-idle-3.11.15-150400.9.85.1 * python311-debugsource-3.11.15-150400.9.85.1 * python311-devel-3.11.15-150400.9.85.1 * python311-core-debugsource-3.11.15-150400.9.85.1 * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-curses-debuginfo-3.11.15-150400.9.85.1 * python311-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-debuginfo-3.11.15-150400.9.85.1 * python311-doc-3.11.15-150400.9.85.1 * python311-doc-devhelp-3.11.15-150400.9.85.1 * python311-tk-3.11.15-150400.9.85.1 * python311-tk-debuginfo-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 * python311-tools-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * python311-base-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-3.11.15-150400.9.85.1 * python311-curses-3.11.15-150400.9.85.1 * python311-idle-3.11.15-150400.9.85.1 * python311-debugsource-3.11.15-150400.9.85.1 * python311-devel-3.11.15-150400.9.85.1 * python311-core-debugsource-3.11.15-150400.9.85.1 * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-curses-debuginfo-3.11.15-150400.9.85.1 * python311-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-debuginfo-3.11.15-150400.9.85.1 * python311-doc-3.11.15-150400.9.85.1 * python311-doc-devhelp-3.11.15-150400.9.85.1 * python311-tk-3.11.15-150400.9.85.1 * python311-tk-debuginfo-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 * python311-tools-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * python311-base-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-3.11.15-150400.9.85.1 * python311-curses-3.11.15-150400.9.85.1 * python311-idle-3.11.15-150400.9.85.1 * python311-debugsource-3.11.15-150400.9.85.1 * python311-devel-3.11.15-150400.9.85.1 * python311-core-debugsource-3.11.15-150400.9.85.1 * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-curses-debuginfo-3.11.15-150400.9.85.1 * python311-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-debuginfo-3.11.15-150400.9.85.1 * python311-doc-3.11.15-150400.9.85.1 * python311-doc-devhelp-3.11.15-150400.9.85.1 * python311-tk-3.11.15-150400.9.85.1 * python311-tk-debuginfo-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 * python311-tools-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * python311-base-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-3.11.15-150400.9.85.1 * python311-curses-3.11.15-150400.9.85.1 * python311-idle-3.11.15-150400.9.85.1 * python311-debugsource-3.11.15-150400.9.85.1 * python311-devel-3.11.15-150400.9.85.1 * python311-core-debugsource-3.11.15-150400.9.85.1 * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-curses-debuginfo-3.11.15-150400.9.85.1 * python311-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-debuginfo-3.11.15-150400.9.85.1 * python311-doc-3.11.15-150400.9.85.1 * python311-doc-devhelp-3.11.15-150400.9.85.1 * python311-tk-3.11.15-150400.9.85.1 * python311-tk-debuginfo-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 * python311-tools-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * python311-base-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-3.11.15-150400.9.85.1 * python311-curses-3.11.15-150400.9.85.1 * python311-idle-3.11.15-150400.9.85.1 * python311-debugsource-3.11.15-150400.9.85.1 * python311-devel-3.11.15-150400.9.85.1 * python311-core-debugsource-3.11.15-150400.9.85.1 * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-curses-debuginfo-3.11.15-150400.9.85.1 * python311-debuginfo-3.11.15-150400.9.85.1 * python311-dbm-debuginfo-3.11.15-150400.9.85.1 * python311-doc-3.11.15-150400.9.85.1 * python311-doc-devhelp-3.11.15-150400.9.85.1 * python311-tk-3.11.15-150400.9.85.1 * python311-tk-debuginfo-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 * python311-tools-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * python311-curses-3.11.15-150400.9.85.1 * python311-core-debugsource-3.11.15-150400.9.85.1 * python311-dbm-3.11.15-150400.9.85.1 * python311-curses-debuginfo-3.11.15-150400.9.85.1 * python311-testsuite-debuginfo-3.11.15-150400.9.85.1 * python311-idle-3.11.15-150400.9.85.1 * python311-testsuite-3.11.15-150400.9.85.1 * python311-dbm-debuginfo-3.11.15-150400.9.85.1 * python311-tk-3.11.15-150400.9.85.1 * python311-doc-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * libpython3_11-1_0-debuginfo-3.11.15-150400.9.85.1 * python311-base-debuginfo-3.11.15-150400.9.85.1 * python311-debugsource-3.11.15-150400.9.85.1 * python311-devel-3.11.15-150400.9.85.1 * python311-tk-debuginfo-3.11.15-150400.9.85.1 * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-debuginfo-3.11.15-150400.9.85.1 * python311-tools-3.11.15-150400.9.85.1 * python311-doc-devhelp-3.11.15-150400.9.85.1 * openSUSE Leap 15.4 (x86_64) * libpython3_11-1_0-32bit-debuginfo-3.11.15-150400.9.85.1 * python311-32bit-debuginfo-3.11.15-150400.9.85.1 * python311-base-32bit-debuginfo-3.11.15-150400.9.85.1 * python311-32bit-3.11.15-150400.9.85.1 * python311-base-32bit-3.11.15-150400.9.85.1 * libpython3_11-1_0-32bit-3.11.15-150400.9.85.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libpython3_11-1_0-64bit-3.11.15-150400.9.85.1 * python311-base-64bit-3.11.15-150400.9.85.1 * libpython3_11-1_0-64bit-debuginfo-3.11.15-150400.9.85.1 * python311-64bit-3.11.15-150400.9.85.1 * python311-base-64bit-debuginfo-3.11.15-150400.9.85.1 * python311-64bit-debuginfo-3.11.15-150400.9.85.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpython3_11-1_0-3.11.15-150400.9.85.1 * python311-3.11.15-150400.9.85.1 * python311-base-3.11.15-150400.9.85.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13462.html * https://www.suse.com/security/cve/CVE-2026-3479.html * https://www.suse.com/security/cve/CVE-2026-3644.html * https://www.suse.com/security/cve/CVE-2026-4224.html * https://www.suse.com/security/cve/CVE-2026-4519.html * https://bugzilla.suse.com/show_bug.cgi?id=1259611 * https://bugzilla.suse.com/show_bug.cgi?id=1259734 * https://bugzilla.suse.com/show_bug.cgi?id=1259735 * https://bugzilla.suse.com/show_bug.cgi?id=1259989 * https://bugzilla.suse.com/show_bug.cgi?id=1260026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:30:54 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 16:30:54 -0000 Subject: SUSE-OU-2026:1529-1: low: Optional update for glfw Message-ID: <177678905466.35.10890530621451362734@46b3146b979a> # Optional update for glfw Announcement ID: SUSE-OU-2026:1529-1 Release Date: 2026-04-21T10:52:52Z Rating: low References: * bsc#1259828 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP7 An update that has one fix can now be installed. ## Description: This update for glfw fixes the following issue: * Ship libglfw3 to SLE-Module-Packagehub_15-SP7 (bsc#1259828) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1529=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1529=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libglfw3-wayland-3.3.9-150600.3.4.1 * libglfw3-3.3.9-150600.3.4.1 * libglfw-devel-3.3.9-150600.3.4.1 * glfw-debugsource-3.3.9-150600.3.4.1 * libglfw3-wayland-debuginfo-3.3.9-150600.3.4.1 * glfw-wayland-debugsource-3.3.9-150600.3.4.1 * libglfw3-debuginfo-3.3.9-150600.3.4.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * libglfw3-3.3.9-150600.3.4.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1259828 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:32:30 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 16:32:30 -0000 Subject: SUSE-RU-2026:1526-1: moderate: Maintenance update for Multi-Linux Manager 5.1: Server, Proxy and Retail Branch Server Message-ID: <177678915052.35.10799764563413185657@46b3146b979a> # Maintenance update for Multi-Linux Manager 5.1: Server, Proxy and Retail Branch Server Announcement ID: SUSE-RU-2026:1526-1 Release Date: 2026-04-21T09:28:41Z Rating: moderate References: * bsc#1240895 * bsc#1244321 * bsc#1246315 * bsc#1249675 * bsc#1250367 * bsc#1250557 * bsc#1251821 * bsc#1251865 * bsc#1252098 * bsc#1252548 * bsc#1252638 * bsc#1252793 * bsc#1252867 * bsc#1252927 * bsc#1252964 * bsc#1253034 * bsc#1253144 * bsc#1253712 * bsc#1254154 * bsc#1254259 * bsc#1254585 * bsc#1254619 * bsc#1254629 * bsc#1255743 * bsc#1256044 * bsc#1256392 * bsc#1256422 * bsc#1256493 * bsc#1256512 * bsc#1256583 * bsc#1256590 * bsc#1256791 * bsc#1257022 * bsc#1257447 * bsc#1257621 * bsc#1257647 * bsc#1257660 * bsc#1257674 * bsc#1257760 * bsc#1257823 * bsc#1257941 * bsc#1257950 * bsc#1257967 * bsc#1258015 * bsc#1258017 * bsc#1258106 * bsc#1258168 * bsc#1258378 * bsc#1258382 * bsc#1258796 * bsc#1258927 * bsc#1259057 * bsc#1259127 * bsc#1259137 * bsc#1259208 * bsc#1259230 * bsc#1259243 * bsc#1259287 * bsc#1259316 * bsc#1259416 * bsc#1259471 * bsc#1259519 * bsc#1259590 * bsc#1262136 * jsc#MSQA-1048 Affected Products: * SUSE Linux Enterprise Server 15 SP7 * SUSE Multi-Linux Manager Proxy 5.1 Extension for SLE * SUSE Multi-Linux Manager Retail Branch Server 5.1 Extension for SLE * SUSE Multi-Linux Manager Server 5.1 Extension for SLE An update that contains one feature and has 64 fixes can now be installed. ## Recommended update 5.1.3 for Multi-Linux Manager Proxy ### Description: This update fixes the following issues: proxy-httpd-image: * Version 5.1.14 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 proxy-salt-broker-image: * Version 5.1.13 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 proxy-squid-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 proxy-ssh-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 proxy-tftpd-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 uyuni-tools: * Version 5.1.26-0 * Fix applying PTF with images from RPMs (bsc#1252548) * Ssl Key file can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fix default value for helm registry (bsc#1258927). * Remove hub register command * Optimize postgres migration disk space usage (bsc#1257447) * Add continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) The following packages are underlying build dependencies and system components used by the containers: billing-data-service: * Version 5.1.4-0 * Fix billing-data-service crashing (bsc#1252927) hub-xmlrpc-api: * Update to v0.8 * Use peripheral_server entitlement * Use sync.hub.listPeripheralServers API call inter-server-sync: * Version 0.3.11-0 * Add missing name sanitization for cobbler entries (bsc#1259137) * Skip cobbler entries refresh if there are no images (bsc#1257950) saltboot-formula: * Update to version 1.0.0 * Always send branch id as a string (bsc#1258382) spacecmd: * Version 5.1.13-0 * Update translation strings spacewalk-admin: * Version 5.1.8-0 * Update uyuni_roster conf when running spacewalk-hostname-rename spacewalk-backend: * Version 5.1.16-0 * Use configured email sender instead of auto detected hostname (bsc#1256583) * Optimize reposync memory requirements (bsc#1256512) * Avoid package duplicates with reposync on synchronization the same package with custom and vendored repositories (bsc#1251821, bsc#1252793) * Prevent accidental errata deletion from custom channels, including the cases of using Hub online synchronization (bsc#1259287) spacewalk-certs-tools: * Version 5.1.11-0 * Fix bootstrap script failure with SL Micro 6.2 during first execution (bsc#1258796) spacewalk-java: * Version 5.1.24-0 * Removed the expensive diff column (bsc#1256044) * Add Action ID info to the Systems event history page * Knowledgebase menu updated to point to new URL. (bsc#1250557) * Fix updating "modified" column in TaskoRun and TaskoSchedule (bsc#1258378) * Fix SSO metadata response in XML format * Fix SQL grammar for rescheduling actions (bsc#1257022) * Add OpenID Connect login endpoint for MCP security integration * Block multiple versions of the same package from being locked (bsc#1246315) * Use PackageEvr instead of string for fix_version (bsc#1252638) * Commit DB changes before refreshing pillar for SSH push minions (bsc#1253712) * Fix return type for sync.content.listProducts (bsc#1256422) * Fix SCC cache lookup when username have special chars * Use Hub URL for SCC lookup when server is a HUB and Peripheral at same time * Do not load additional repos in peripheral server (bsc#1257967) * Fix Debian repos sync in peripheral (bsc#1257647) * Fix API docs for several hub endpoints (bsc#1256493) * Fix permission check when assigning system groups to a user (bsc#1257674) * Remove hub register API method * Improve performance by using lazy fetch for ImageDetails and related classes (bsc#1252548) * Allow @ for user name on bootstrapping with web UI (bsc#1254629) * Optimize schedule queries for performance (bsc#1257621, bsc#1259127) * Add RBAC endpoint mappings (bsc#1257760) * Add support for Debian 13 * Allow read-only users to call logout (bsc#1259471) * Fix migration of peripheral servers to ISSv3 * Add listPeripheralServers API method * Add all vendor repo channels to hub access token(bsc#1259230) spacewalk-utils: * Version 5.1.9-0 * Add bootstrap repo definition and spacewalk-common-channels for RHEL10 clones * Add Debian 13 and Raspberry Pi OS 13 repositories spacewalk-web: * Version 5.1.19-0 * Refined UI spacing and alignment in password policy form * Improved form alerts auto-scroll to top on submit * CLM filter page UI improvement (bsc#1253034) * Fix inconsistent YAML HTML rendering and add ID to generated textarea (bsc#1258168) * Enable editing of null variables in Ansible WebUI (bsc#1258017) subscription-matcher: * Version 0.43 * Add new SKU (874-008422) missing in subscription matching (bsc#1259243) * Version 0.42 * Fix unsupported part number in promotional subscriptions (bsc#1256392) * Version 0.41 * keep mvel version 2.2.6 for MLM 5.1 and below susemanager: * Version 5.1.15-0 * Fix wrong Raspberry Pi OS 12 bootstrap repo creation (bsc#1252867) * Add OES25.4 support (bsc#1249675) * Add bootstrap repo definition and spacewalk-common-channels for RHEL10 clones * Add bootstrap repositories for Debian 13 and Raspberry Pi OS 13 susemanager-docs_en: * Added Red Hat Linux Enterprise 10 support including RHEL 10 clones * Extensive update to the client features tables in the Client Configuration Guide * Added warning for the proxy key creation and limitations around assigning cloned channels (bsc#1257823) * Fixed typo in EOL Clients partial * Fixed disk space management instructions in Administration Guide (bsc#1253144) * Corrected commands for repository meta data (bsc#1259316) * Fixed command for replacing self-signed certificates (bsc#1258106) * Added admonition to network requirements about network management not working without wicked (bsc#1240895) * Removed port 25151 from the network requirements in Installation and Upgrade Guide * Added instructions for migrating Server and Proxy from 5.1 to 5.2 product version to Installation and Upgrade Guide * Added instructions for migrating Server and Proxy from 5.0 to 5.2 * Documented Debian 13 * Reformatted storage-scripts table to use plain paragraphs instead of bullet lists to fix po4a extraction issue causing missing bullets in CJK translations * Removed Ubuntu 20.04 for SUSE Multi-Linux Manager from the list of supported clients in Client Configuration Guide * Added a warning for all instances where mgradm upgrade podman is used. * Changed the order of reboot/mgrxpy stop instructions during proxy migration in Installation and Upgrade Guide * Added section about container-based Kiwi image build support to Administration guide (bsc#1251865) * Fixed Proxy Migration 5.0 > 5.1 inconsistencies * Added 4.3 proxy and branch server migrations * Included global GPG decryption for pillar data in specialized guide (bsc#1255743) * Added separate procedure for reenabling router advertisements (bsc#1254259) * Changed instructions from provate to public key in Admintration Guide (bsc#1254585) * Update and clarify Retail formulas page * Document formula images on air-gapped systems susemanager-schema: * Version 5.1.16-0 * Re-apply missing schema update scripts (bsc#1259590) * Version 5.1.15-0 * Add RBAC mappings for affected systems link in SSM patches page (bsc#1256590) * Add OpenID Connect login endpoint for MCP security integration * Refactor oval related tables (bsc#1252638) * Add hubsync endpoints to repo-sync Debian repos in peripheral (bsc#1257647) * Remove hub register API method * Endpoint table cleanup * Remove truncated invalid errata (bsc#1259057) * Fix schema migration for (bsc#1244321) * Add indexes to improve schedule queries performance (bsc#1257621, bsc#1259127) * Add RBAC endpoint mappings (bsc#1257760) * Restrict software management access only to channel admin (bsc#1259416) * Add missing SSM-related RBAC endpoints (bsc#1259519) susemanager-sls: * Version 5.1.24-0 * Make mgr_events salt engine non-blocking on reading events * Avoid losing the events on DB connection issues (bsc#1252098) susemanager-sync-data: * Version 5.1.8-0 * Add OES25.4 support (bsc#1249675) * Add Debian 13 support How to apply this update: 1. Log in as root user to the SUSE Multi-Linux Manager Proxy. 2. Upgrade mgrpxy. 3. If you are in a disconnected environment, upgrade the image packages. 4. Reboot the system. 5. Run `mgrpxy upgrade podman` which will use the default image tags. ## Recommended update 5.1.3 for Multi-Linux Manager Retail Branch Server ### Description: This update fixes the following issues: proxy-httpd-image: * Version 5.1.14 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 proxy-salt-broker-image: * Version 5.1.13 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 proxy-squid-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 proxy-ssh-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 proxy-tftpd-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 uyuni-tools: * Version 5.1.26-0 * Fix applying PTF with images from RPMs (bsc#1252548) * Ssl Key file can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fix default value for helm registry (bsc#1258927). * Remove hub register command * Optimize postgres migration disk space usage (bsc#1257447) * Add continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) The following packages are underlying build dependencies and system components used by the containers: billing-data-service: * Version 5.1.4-0 * Fix billing-data-service crashing (bsc#1252927) hub-xmlrpc-api: * Update to v0.8 * Use peripheral_server entitlement * Use sync.hub.listPeripheralServers API call inter-server-sync: * Version 0.3.11-0 * Add missing name sanitization for cobbler entries (bsc#1259137) * Skip cobbler entries refresh if there are no images (bsc#1257950) saltboot-formula: * Update to version 1.0.0 * Always send branch id as a string (bsc#1258382) spacecmd: * Version 5.1.13-0 * Update translation strings spacewalk-admin: * Version 5.1.8-0 * Update uyuni_roster conf when running spacewalk-hostname-rename spacewalk-backend: * Version 5.1.16-0 * Use configured email sender instead of auto detected hostname (bsc#1256583) * Optimize reposync memory requirements (bsc#1256512) * Avoid package duplicates with reposync on synchronization the same package with custom and vendored repositories (bsc#1251821, bsc#1252793) * Prevent accidental errata deletion from custom channels, including the cases of using Hub online synchronization (bsc#1259287) spacewalk-certs-tools: * Version 5.1.11-0 * Fix bootstrap script failure with SL Micro 6.2 during first execution (bsc#1258796) spacewalk-java: * Version 5.1.24-0 * Removed the expensive diff column (bsc#1256044) * Add Action ID info to the Systems event history page * Knowledgebase menu updated to point to new URL. (bsc#1250557) * Fix updating "modified" column in TaskoRun and TaskoSchedule (bsc#1258378) * Fix SSO metadata response in XML format * Fix SQL grammar for rescheduling actions (bsc#1257022) * Add OpenID Connect login endpoint for MCP security integration * Block multiple versions of the same package from being locked (bsc#1246315) * Use PackageEvr instead of string for fix_version (bsc#1252638) * Commit DB changes before refreshing pillar for SSH push minions (bsc#1253712) * Fix return type for sync.content.listProducts (bsc#1256422) * Fix SCC cache lookup when username have special chars * Use Hub URL for SCC lookup when server is a HUB and Peripheral at same time * Do not load additional repos in peripheral server (bsc#1257967) * Fix Debian repos sync in peripheral (bsc#1257647) * Fix API docs for several hub endpoints (bsc#1256493) * Fix permission check when assigning system groups to a user (bsc#1257674) * Remove hub register API method * Improve performance by using lazy fetch for ImageDetails and related classes (bsc#1252548) * Allow @ for user name on bootstrapping with web UI (bsc#1254629) * Optimize schedule queries for performance (bsc#1257621, bsc#1259127) * Add RBAC endpoint mappings (bsc#1257760) * Add support for Debian 13 * Allow read-only users to call logout (bsc#1259471) * Fix migration of peripheral servers to ISSv3 * Add listPeripheralServers API method * Add all vendor repo channels to hub access token(bsc#1259230) spacewalk-utils: * Version 5.1.9-0 * Add bootstrap repo definition and spacewalk-common-channels for RHEL10 clones * Add Debian 13 and Raspberry Pi OS 13 repositories spacewalk-web: * Version 5.1.19-0 * Refined UI spacing and alignment in password policy form * Improved form alerts auto-scroll to top on submit * CLM filter page UI improvement (bsc#1253034) * Fix inconsistent YAML HTML rendering and add ID to generated textarea (bsc#1258168) * Enable editing of null variables in Ansible WebUI (bsc#1258017) subscription-matcher: * Version 0.43 * Add new SKU (874-008422) missing in subscription matching (bsc#1259243) * Version 0.42 * Fix unsupported part number in promotional subscriptions (bsc#1256392) * Version 0.41 * keep mvel version 2.2.6 for MLM 5.1 and below susemanager: * Version 5.1.15-0 * Fix wrong Raspberry Pi OS 12 bootstrap repo creation (bsc#1252867) * Add OES25.4 support (bsc#1249675) * Add bootstrap repo definition and spacewalk-common-channels for RHEL10 clones * Add bootstrap repositories for Debian 13 and Raspberry Pi OS 13 susemanager-docs_en: * Added Red Hat Linux Enterprise 10 support including RHEL 10 clones * Extensive update to the client features tables in the Client Configuration Guide * Added warning for the proxy key creation and limitations around assigning cloned channels (bsc#1257823) * Fixed typo in EOL Clients partial * Fixed disk space management instructions in Administration Guide (bsc#1253144) * Corrected commands for repository meta data (bsc#1259316) * Fixed command for replacing self-signed certificates (bsc#1258106) * Added admonition to network requirements about network management not working without wicked (bsc#1240895) * Removed port 25151 from the network requirements in Installation and Upgrade Guide * Added instructions for migrating Server and Proxy from 5.1 to 5.2 product version to Installation and Upgrade Guide * Added instructions for migrating Server and Proxy from 5.0 to 5.2 * Documented Debian 13 * Reformatted storage-scripts table to use plain paragraphs instead of bullet lists to fix po4a extraction issue causing missing bullets in CJK translations * Removed Ubuntu 20.04 for SUSE Multi-Linux Manager from the list of supported clients in Client Configuration Guide * Added a warning for all instances where mgradm upgrade podman is used. * Changed the order of reboot/mgrxpy stop instructions during proxy migration in Installation and Upgrade Guide * Added section about container-based Kiwi image build support to Administration guide (bsc#1251865) * Fixed Proxy Migration 5.0 > 5.1 inconsistencies * Added 4.3 proxy and branch server migrations * Included global GPG decryption for pillar data in specialized guide (bsc#1255743) * Added separate procedure for reenabling router advertisements (bsc#1254259) * Changed instructions from provate to public key in Admintration Guide (bsc#1254585) * Update and clarify Retail formulas page * Document formula images on air-gapped systems susemanager-schema: * Version 5.1.16-0 * Re-apply missing schema update scripts (bsc#1259590) * Version 5.1.15-0 * Add RBAC mappings for affected systems link in SSM patches page (bsc#1256590) * Add OpenID Connect login endpoint for MCP security integration * Refactor oval related tables (bsc#1252638) * Add hubsync endpoints to repo-sync Debian repos in peripheral (bsc#1257647) * Remove hub register API method * Endpoint table cleanup * Remove truncated invalid errata (bsc#1259057) * Fix schema migration for (bsc#1244321) * Add indexes to improve schedule queries performance (bsc#1257621, bsc#1259127) * Add RBAC endpoint mappings (bsc#1257760) * Restrict software management access only to channel admin (bsc#1259416) * Add missing SSM-related RBAC endpoints (bsc#1259519) susemanager-sls: * Version 5.1.24-0 * Make mgr_events salt engine non-blocking on reading events * Avoid losing the events on DB connection issues (bsc#1252098) susemanager-sync-data: * Version 5.1.8-0 * Add OES25.4 support (bsc#1249675) * Add Debian 13 support How to apply this update: 1. Log in as root user to the SUSE Multi-Linux Manager Retail Branch Server. 2. Upgrade mgrpxy. 3. If you are in a disconnected environment, upgrade the image packages. 4. Reboot the system. 5. Run `mgrpxy upgrade podman` which will use the default image tags. ## Recommended update 5.1.3 for Multi-Linux Manager Server ### Description: This update fixes the following issues: server-attestation-image: * Version 5.1.13 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 server-hub-xmlrpc-api-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 server-image: * Version 5.1.13 * Allow LDAP users that are not visible to pam_unix (bsc#1256791) server-migration-14-16-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 server-postgresql-image: * Version 5.1.11 * Correctly install pg_trgm extension to absolute path (bsc#1262136) * Version 5.1.10 * Include tar, gzip and smdba-pgarchive command to the database image (bsc#1250367) * Trust local user access server-saline-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 uyuni-tools: * Version 5.1.26-0 * Fix applying PTF with images from RPMs (bsc#1252548) * Ssl Key file can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fix default value for helm registry (bsc#1258927). * Remove hub register command * Optimize postgres migration disk space usage (bsc#1257447) * Add continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) The following packages are underlying build dependencies and system components used by the containers: billing-data-service: * Version 5.1.4-0 * Fix billing-data-service crashing (bsc#1252927) hub-xmlrpc-api: * Update to v0.8 * Use peripheral_server entitlement * Use sync.hub.listPeripheralServers API call inter-server-sync: * Version 0.3.11-0 * Add missing name sanitization for cobbler entries (bsc#1259137) * Skip cobbler entries refresh if there are no images (bsc#1257950) saltboot-formula: * Update to version 1.0.0 * Always send branch id as a string (bsc#1258382) spacecmd: * Version 5.1.13-0 * Update translation strings spacewalk-admin: * Version 5.1.8-0 * Update uyuni_roster conf when running spacewalk-hostname-rename spacewalk-backend: * Version 5.1.16-0 * Use configured email sender instead of auto detected hostname (bsc#1256583) * Optimize reposync memory requirements (bsc#1256512) * Avoid package duplicates with reposync on synchronization the same package with custom and vendored repositories (bsc#1251821, bsc#1252793) * Prevent accidental errata deletion from custom channels, including the cases of using Hub online synchronization (bsc#1259287) spacewalk-certs-tools: * Version 5.1.11-0 * Fix bootstrap script failure with SL Micro 6.2 during first execution (bsc#1258796) spacewalk-java: * Version 5.1.24-0 * Removed the expensive diff column (bsc#1256044) * Add Action ID info to the Systems event history page * Knowledgebase menu updated to point to new URL. (bsc#1250557) * Fix updating "modified" column in TaskoRun and TaskoSchedule (bsc#1258378) * Fix SSO metadata response in XML format * Fix SQL grammar for rescheduling actions (bsc#1257022) * Add OpenID Connect login endpoint for MCP security integration * Block multiple versions of the same package from being locked (bsc#1246315) * Use PackageEvr instead of string for fix_version (bsc#1252638) * Commit DB changes before refreshing pillar for SSH push minions (bsc#1253712) * Fix return type for sync.content.listProducts (bsc#1256422) * Fix SCC cache lookup when username have special chars * Use Hub URL for SCC lookup when server is a HUB and Peripheral at same time * Do not load additional repos in peripheral server (bsc#1257967) * Fix Debian repos sync in peripheral (bsc#1257647) * Fix API docs for several hub endpoints (bsc#1256493) * Fix permission check when assigning system groups to a user (bsc#1257674) * Remove hub register API method * Improve performance by using lazy fetch for ImageDetails and related classes (bsc#1252548) * Allow @ for user name on bootstrapping with web UI (bsc#1254629) * Optimize schedule queries for performance (bsc#1257621, bsc#1259127) * Add RBAC endpoint mappings (bsc#1257760) * Add support for Debian 13 * Allow read-only users to call logout (bsc#1259471) * Fix migration of peripheral servers to ISSv3 * Add listPeripheralServers API method * Add all vendor repo channels to hub access token(bsc#1259230) spacewalk-utils: * Version 5.1.9-0 * Add bootstrap repo definition and spacewalk-common-channels for RHEL10 clones * Add Debian 13 and Raspberry Pi OS 13 repositories spacewalk-web: * Version 5.1.19-0 * Refined UI spacing and alignment in password policy form * Improved form alerts auto-scroll to top on submit * CLM filter page UI improvement (bsc#1253034) * Fix inconsistent YAML HTML rendering and add ID to generated textarea (bsc#1258168) * Enable editing of null variables in Ansible WebUI (bsc#1258017) subscription-matcher: * Version 0.43 * Add new SKU (874-008422) missing in subscription matching (bsc#1259243) * Version 0.42 * Fix unsupported part number in promotional subscriptions (bsc#1256392) * Version 0.41 * keep mvel version 2.2.6 for MLM 5.1 and below susemanager: * Version 5.1.15-0 * Fix wrong Raspberry Pi OS 12 bootstrap repo creation (bsc#1252867) * Add OES25.4 support (bsc#1249675) * Add bootstrap repo definition and spacewalk-common-channels for RHEL10 clones * Add bootstrap repositories for Debian 13 and Raspberry Pi OS 13 susemanager-build-keys: * Added AlmaLinux 10 and Rocky Linux 10 GPG keys susemanager-docs_en: * Added Red Hat Linux Enterprise 10 support including RHEL 10 clones * Extensive update to the client features tables in the Client Configuration Guide * Added warning for the proxy key creation and limitations around assigning cloned channels (bsc#1257823) * Fixed typo in EOL Clients partial * Fixed disk space management instructions in Administration Guide (bsc#1253144) * Corrected commands for repository meta data (bsc#1259316) * Fixed command for replacing self-signed certificates (bsc#1258106) * Added admonition to network requirements about network management not working without wicked (bsc#1240895) * Removed port 25151 from the network requirements in Installation and Upgrade Guide * Added instructions for migrating Server and Proxy from 5.1 to 5.2 product version to Installation and Upgrade Guide * Added instructions for migrating Server and Proxy from 5.0 to 5.2 * Documented Debian 13 * Reformatted storage-scripts table to use plain paragraphs instead of bullet lists to fix po4a extraction issue causing missing bullets in CJK translations * Removed Ubuntu 20.04 for SUSE Multi-Linux Manager from the list of supported clients in Client Configuration Guide * Added a warning for all instances where mgradm upgrade podman is used. * Changed the order of reboot/mgrxpy stop instructions during proxy migration in Installation and Upgrade Guide * Added section about container-based Kiwi image build support to Administration guide (bsc#1251865) * Fixed Proxy Migration 5.0 > 5.1 inconsistencies * Added 4.3 proxy and branch server migrations * Included global GPG decryption for pillar data in specialized guide (bsc#1255743) * Added separate procedure for reenabling router advertisements (bsc#1254259) * Changed instructions from provate to public key in Admintration Guide (bsc#1254585) * Update and clarify Retail formulas page * Document formula images on air-gapped systems susemanager-schema: * Version 5.1.17-0 * Re-apply some RBAC migrations that were not properly applied (bsc#1262136) * Version 5.1.16-0 * Re-apply missing schema update scripts (bsc#1259590) * Version 5.1.15-0 * Add RBAC mappings for affected systems link in SSM patches page (bsc#1256590) * Add OpenID Connect login endpoint for MCP security integration * Refactor oval related tables (bsc#1252638) * Add hubsync endpoints to repo-sync Debian repos in peripheral (bsc#1257647) * Remove hub register API method * Endpoint table cleanup * Remove truncated invalid errata (bsc#1259057) * Fix schema migration for (bsc#1244321) * Add indexes to improve schedule queries performance (bsc#1257621, bsc#1259127) * Add RBAC endpoint mappings (bsc#1257760) * Restrict software management access only to channel admin (bsc#1259416) * Add missing SSM-related RBAC endpoints (bsc#1259519) susemanager-sls: * Version 5.1.24-0 * Make mgr_events salt engine non-blocking on reading events * Avoid losing the events on DB connection issues (bsc#1252098) susemanager-sync-data: * Version 5.1.8-0 * Add OES25.4 support (bsc#1249675) * Add Debian 13 support How to apply this update: 1. Log in as root user to the SUSE Multi-Linux Manager Server. 2. Upgrade mgradm and mgrctl. 3. If you are in a disconnected environment, upgrade the image packages. 4. Reboot the system. 5. Run `mgradm upgrade podman` which will use the default image tags. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Proxy 5.1 Extension for SLE zypper in -t patch SUSE-Multi-Linux-Manager-Proxy-SLE-5.1-2026-1526=1 * SUSE Multi-Linux Manager Retail Branch Server 5.1 Extension for SLE zypper in -t patch SUSE-Multi-Linux-Manager-Retail-Branch-Server- SLE-5.1-2026-1526=1 * SUSE Multi-Linux Manager Server 5.1 Extension for SLE zypper in -t patch SUSE-Multi-Linux-Manager-Server-SLE-5.1-2026-1526=1 ## Package List: * SUSE Multi-Linux Manager Proxy 5.1 Extension for SLE (aarch64 ppc64le s390x x86_64) * mgrpxy-5.1.26-150700.3.18.2 * mgrpxy-debuginfo-5.1.26-150700.3.18.2 * SUSE Multi-Linux Manager Proxy 5.1 Extension for SLE (noarch) * mgrpxy-zsh-completion-5.1.26-150700.3.18.2 * mgrpxy-bash-completion-5.1.26-150700.3.18.2 * mgrpxy-lang-5.1.26-150700.3.18.2 * SUSE Multi-Linux Manager Proxy 5.1 Extension for SLE (aarch64) * suse-multi-linux-manager-5.1-aarch64-proxy-ssh-image-5.1.3-8.14.9 * suse-multi-linux-manager-5.1-aarch64-proxy-squid-image-5.1.3-8.14.7 * suse-multi-linux-manager-5.1-aarch64-proxy-salt-broker-image-5.1.3-9.14.16 * suse-multi-linux-manager-5.1-aarch64-proxy-tftpd-image-5.1.3-8.14.7 * suse-multi-linux-manager-5.1-aarch64-proxy-httpd-image-5.1.3-8.16.18 * SUSE Multi-Linux Manager Proxy 5.1 Extension for SLE (ppc64le) * suse-multi-linux-manager-5.1-ppc64le-proxy-tftpd-image-5.1.3-8.14.7 * suse-multi-linux-manager-5.1-ppc64le-proxy-squid-image-5.1.3-8.14.7 * suse-multi-linux-manager-5.1-ppc64le-proxy-salt-broker-image-5.1.3-9.14.16 * suse-multi-linux-manager-5.1-ppc64le-proxy-ssh-image-5.1.3-8.14.9 * suse-multi-linux-manager-5.1-ppc64le-proxy-httpd-image-5.1.3-8.16.18 * SUSE Multi-Linux Manager Proxy 5.1 Extension for SLE (s390x) * suse-multi-linux-manager-5.1-s390x-proxy-httpd-image-5.1.3-8.16.18 * suse-multi-linux-manager-5.1-s390x-proxy-ssh-image-5.1.3-8.14.9 * suse-multi-linux-manager-5.1-s390x-proxy-salt-broker-image-5.1.3-9.14.16 * suse-multi-linux-manager-5.1-s390x-proxy-squid-image-5.1.3-8.14.7 * suse-multi-linux-manager-5.1-s390x-proxy-tftpd-image-5.1.3-8.14.7 * SUSE Multi-Linux Manager Proxy 5.1 Extension for SLE (x86_64) * suse-multi-linux-manager-5.1-x86_64-proxy-ssh-image-5.1.3-8.14.9 * suse-multi-linux-manager-5.1-x86_64-proxy-tftpd-image-5.1.3-8.14.7 * suse-multi-linux-manager-5.1-x86_64-proxy-httpd-image-5.1.3-8.16.18 * suse-multi-linux-manager-5.1-x86_64-proxy-squid-image-5.1.3-8.14.7 * suse-multi-linux-manager-5.1-x86_64-proxy-salt-broker-image-5.1.3-9.14.16 * SUSE Multi-Linux Manager Retail Branch Server 5.1 Extension for SLE (aarch64 ppc64le s390x x86_64) * mgrpxy-5.1.26-150700.3.18.2 * mgrpxy-debuginfo-5.1.26-150700.3.18.2 * SUSE Multi-Linux Manager Retail Branch Server 5.1 Extension for SLE (noarch) * mgrpxy-zsh-completion-5.1.26-150700.3.18.2 * mgrpxy-bash-completion-5.1.26-150700.3.18.2 * mgrpxy-lang-5.1.26-150700.3.18.2 * SUSE Multi-Linux Manager Retail Branch Server 5.1 Extension for SLE (aarch64) * suse-multi-linux-manager-5.1-aarch64-proxy-ssh-image-5.1.3-8.14.9 * suse-multi-linux-manager-5.1-aarch64-proxy-squid-image-5.1.3-8.14.7 * suse-multi-linux-manager-5.1-aarch64-proxy-salt-broker-image-5.1.3-9.14.16 * suse-multi-linux-manager-5.1-aarch64-proxy-tftpd-image-5.1.3-8.14.7 * suse-multi-linux-manager-5.1-aarch64-proxy-httpd-image-5.1.3-8.16.18 * SUSE Multi-Linux Manager Retail Branch Server 5.1 Extension for SLE (ppc64le) * suse-multi-linux-manager-5.1-ppc64le-proxy-tftpd-image-5.1.3-8.14.7 * suse-multi-linux-manager-5.1-ppc64le-proxy-squid-image-5.1.3-8.14.7 * suse-multi-linux-manager-5.1-ppc64le-proxy-salt-broker-image-5.1.3-9.14.16 * suse-multi-linux-manager-5.1-ppc64le-proxy-ssh-image-5.1.3-8.14.9 * suse-multi-linux-manager-5.1-ppc64le-proxy-httpd-image-5.1.3-8.16.18 * SUSE Multi-Linux Manager Retail Branch Server 5.1 Extension for SLE (s390x) * suse-multi-linux-manager-5.1-s390x-proxy-httpd-image-5.1.3-8.16.18 * suse-multi-linux-manager-5.1-s390x-proxy-ssh-image-5.1.3-8.14.9 * suse-multi-linux-manager-5.1-s390x-proxy-salt-broker-image-5.1.3-9.14.16 * suse-multi-linux-manager-5.1-s390x-proxy-squid-image-5.1.3-8.14.7 * suse-multi-linux-manager-5.1-s390x-proxy-tftpd-image-5.1.3-8.14.7 * SUSE Multi-Linux Manager Retail Branch Server 5.1 Extension for SLE (x86_64) * suse-multi-linux-manager-5.1-x86_64-proxy-ssh-image-5.1.3-8.14.9 * suse-multi-linux-manager-5.1-x86_64-proxy-tftpd-image-5.1.3-8.14.7 * suse-multi-linux-manager-5.1-x86_64-proxy-httpd-image-5.1.3-8.16.18 * suse-multi-linux-manager-5.1-x86_64-proxy-squid-image-5.1.3-8.14.7 * suse-multi-linux-manager-5.1-x86_64-proxy-salt-broker-image-5.1.3-9.14.16 * SUSE Multi-Linux Manager Server 5.1 Extension for SLE (aarch64 ppc64le s390x x86_64) * mgradm-debuginfo-5.1.26-150700.3.18.2 * mgrctl-debuginfo-5.1.26-150700.3.18.2 * mgrctl-5.1.26-150700.3.18.2 * mgradm-5.1.26-150700.3.18.2 * SUSE Multi-Linux Manager Server 5.1 Extension for SLE (noarch) * mgrctl-lang-5.1.26-150700.3.18.2 * mgrctl-bash-completion-5.1.26-150700.3.18.2 * mgradm-zsh-completion-5.1.26-150700.3.18.2 * mgradm-bash-completion-5.1.26-150700.3.18.2 * mgradm-lang-5.1.26-150700.3.18.2 * mgrctl-zsh-completion-5.1.26-150700.3.18.2 * SUSE Multi-Linux Manager Server 5.1 Extension for SLE (aarch64) * suse-multi-linux-manager-5.1-aarch64-server-migration-14-16-image-5.1.3-8.14.8 * suse-multi-linux-manager-5.1-aarch64-server-image-5.1.3-8.14.18 * suse-multi-linux-manager-5.1-aarch64-server-attestation-image-5.1.3-8.16.7 * suse-multi-linux-manager-5.1-aarch64-server-hub-xmlrpc-api-image-5.1.3-8.14.9 * suse-multi-linux-manager-5.1-aarch64-server-saline-image-5.1.3-9.14.13 * suse-multi-linux-manager-5.1-aarch64-server-postgresql-image-5.1.3-6.16.2 * SUSE Multi-Linux Manager Server 5.1 Extension for SLE (ppc64le) * suse-multi-linux-manager-5.1-ppc64le-server-hub-xmlrpc-api-image-5.1.3-8.14.9 * suse-multi-linux-manager-5.1-ppc64le-server-image-5.1.3-8.14.18 * suse-multi-linux-manager-5.1-ppc64le-server-saline-image-5.1.3-9.14.13 * suse-multi-linux-manager-5.1-ppc64le-server-migration-14-16-image-5.1.3-8.14.8 * suse-multi-linux-manager-5.1-ppc64le-server-attestation-image-5.1.3-8.16.7 * suse-multi-linux-manager-5.1-ppc64le-server-postgresql-image-5.1.3-6.16.2 * SUSE Multi-Linux Manager Server 5.1 Extension for SLE (s390x) * suse-multi-linux-manager-5.1-s390x-server-hub-xmlrpc-api-image-5.1.3-8.14.9 * suse-multi-linux-manager-5.1-s390x-server-saline-image-5.1.3-9.14.13 * suse-multi-linux-manager-5.1-s390x-server-image-5.1.3-8.14.18 * suse-multi-linux-manager-5.1-s390x-server-postgresql-image-5.1.3-6.16.2 * suse-multi-linux-manager-5.1-s390x-server-attestation-image-5.1.3-8.16.7 * suse-multi-linux-manager-5.1-s390x-server-migration-14-16-image-5.1.3-8.14.8 * SUSE Multi-Linux Manager Server 5.1 Extension for SLE (x86_64) * suse-multi-linux-manager-5.1-x86_64-server-migration-14-16-image-5.1.3-8.14.8 * suse-multi-linux-manager-5.1-x86_64-server-hub-xmlrpc-api-image-5.1.3-8.14.9 * suse-multi-linux-manager-5.1-x86_64-server-saline-image-5.1.3-9.14.13 * suse-multi-linux-manager-5.1-x86_64-server-image-5.1.3-8.14.18 * suse-multi-linux-manager-5.1-x86_64-server-attestation-image-5.1.3-8.16.7 * suse-multi-linux-manager-5.1-x86_64-server-postgresql-image-5.1.3-6.16.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1240895 * https://bugzilla.suse.com/show_bug.cgi?id=1244321 * https://bugzilla.suse.com/show_bug.cgi?id=1246315 * https://bugzilla.suse.com/show_bug.cgi?id=1249675 * https://bugzilla.suse.com/show_bug.cgi?id=1250367 * https://bugzilla.suse.com/show_bug.cgi?id=1250557 * https://bugzilla.suse.com/show_bug.cgi?id=1251821 * https://bugzilla.suse.com/show_bug.cgi?id=1251865 * https://bugzilla.suse.com/show_bug.cgi?id=1252098 * https://bugzilla.suse.com/show_bug.cgi?id=1252548 * https://bugzilla.suse.com/show_bug.cgi?id=1252638 * https://bugzilla.suse.com/show_bug.cgi?id=1252793 * https://bugzilla.suse.com/show_bug.cgi?id=1252867 * https://bugzilla.suse.com/show_bug.cgi?id=1252927 * https://bugzilla.suse.com/show_bug.cgi?id=1252964 * https://bugzilla.suse.com/show_bug.cgi?id=1253034 * https://bugzilla.suse.com/show_bug.cgi?id=1253144 * https://bugzilla.suse.com/show_bug.cgi?id=1253712 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254259 * https://bugzilla.suse.com/show_bug.cgi?id=1254585 * https://bugzilla.suse.com/show_bug.cgi?id=1254619 * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1255743 * https://bugzilla.suse.com/show_bug.cgi?id=1256044 * https://bugzilla.suse.com/show_bug.cgi?id=1256392 * https://bugzilla.suse.com/show_bug.cgi?id=1256422 * https://bugzilla.suse.com/show_bug.cgi?id=1256493 * https://bugzilla.suse.com/show_bug.cgi?id=1256512 * https://bugzilla.suse.com/show_bug.cgi?id=1256583 * https://bugzilla.suse.com/show_bug.cgi?id=1256590 * https://bugzilla.suse.com/show_bug.cgi?id=1256791 * https://bugzilla.suse.com/show_bug.cgi?id=1257022 * https://bugzilla.suse.com/show_bug.cgi?id=1257447 * https://bugzilla.suse.com/show_bug.cgi?id=1257621 * https://bugzilla.suse.com/show_bug.cgi?id=1257647 * https://bugzilla.suse.com/show_bug.cgi?id=1257660 * https://bugzilla.suse.com/show_bug.cgi?id=1257674 * https://bugzilla.suse.com/show_bug.cgi?id=1257760 * https://bugzilla.suse.com/show_bug.cgi?id=1257823 * https://bugzilla.suse.com/show_bug.cgi?id=1257941 * https://bugzilla.suse.com/show_bug.cgi?id=1257950 * https://bugzilla.suse.com/show_bug.cgi?id=1257967 * https://bugzilla.suse.com/show_bug.cgi?id=1258015 * https://bugzilla.suse.com/show_bug.cgi?id=1258017 * https://bugzilla.suse.com/show_bug.cgi?id=1258106 * https://bugzilla.suse.com/show_bug.cgi?id=1258168 * https://bugzilla.suse.com/show_bug.cgi?id=1258378 * https://bugzilla.suse.com/show_bug.cgi?id=1258382 * https://bugzilla.suse.com/show_bug.cgi?id=1258796 * https://bugzilla.suse.com/show_bug.cgi?id=1258927 * https://bugzilla.suse.com/show_bug.cgi?id=1259057 * https://bugzilla.suse.com/show_bug.cgi?id=1259127 * https://bugzilla.suse.com/show_bug.cgi?id=1259137 * https://bugzilla.suse.com/show_bug.cgi?id=1259208 * https://bugzilla.suse.com/show_bug.cgi?id=1259230 * https://bugzilla.suse.com/show_bug.cgi?id=1259243 * https://bugzilla.suse.com/show_bug.cgi?id=1259287 * https://bugzilla.suse.com/show_bug.cgi?id=1259316 * https://bugzilla.suse.com/show_bug.cgi?id=1259416 * https://bugzilla.suse.com/show_bug.cgi?id=1259471 * https://bugzilla.suse.com/show_bug.cgi?id=1259519 * https://bugzilla.suse.com/show_bug.cgi?id=1259590 * https://bugzilla.suse.com/show_bug.cgi?id=1262136 * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:32:39 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 16:32:39 -0000 Subject: SUSE-SU-2026:1525-1: important: Security update 5.1.3 for Multi-Linux Manager Salt Bundle Message-ID: <177678915983.35.92667869580583202@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Salt Bundle Announcement ID: SUSE-SU-2026:1525-1 Release Date: 2026-04-21T09:26:33Z Rating: important References: * bsc#1254629 * bsc#1257831 * bsc#1258957 * bsc#1259554 * jsc#MSQA-1048 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SLE 15 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 An update that solves one vulnerability, contains one feature and has three security fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Security issues fixed: * CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing (bsc#1259554) * Added x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fixed ansible.playbooks extra-vars quoting (bsc#1257831) * Fixed virtualenv call in test helper to use proper python version * Fixed the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fixed the typo causing buiding EL9 bundle without binary dependencies ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-Micro-5-2026-1525=1 * SUSE Multi-Linux Manager Client Tools for SLE 15 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-15-2026-1525=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150002.5.12.2 * SUSE Multi-Linux Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150002.5.12.2 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:33:26 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 16:33:26 -0000 Subject: SUSE-SU-2026:1524-1: critical: Security update 5.1.3 for Multi-Linux Manager Client Tools Message-ID: <177678920643.35.160875189444968269@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:1524-1 Release Date: 2026-04-21T09:26:10Z Rating: critical References: * bsc#1245302 * bsc#1250367 * bsc#1252548 * bsc#1252964 * bsc#1254154 * bsc#1254619 * bsc#1257329 * bsc#1257337 * bsc#1257349 * bsc#1257442 * bsc#1257447 * bsc#1257660 * bsc#1257841 * bsc#1257897 * bsc#1257941 * bsc#1258015 * bsc#1258136 * bsc#1258418 * bsc#1258595 * bsc#1258873 * bsc#1258893 * bsc#1258927 * bsc#1259208 * bsc#1260263 * bsc#1260267 * bsc#1260878 * bsc#1261025 * bsc#1261026 * bsc#1261027 * bsc#1261029 * jsc#MSQA-1048 * jsc#PED-15474 Cross-References: * CVE-2025-13465 * CVE-2025-3415 * CVE-2025-61140 * CVE-2026-1615 * CVE-2026-21720 * CVE-2026-21721 * CVE-2026-21722 * CVE-2026-21724 * CVE-2026-21725 * CVE-2026-25547 * CVE-2026-26958 * CVE-2026-27606 * CVE-2026-27876 * CVE-2026-27877 * CVE-2026-27879 * CVE-2026-28375 * CVE-2026-33186 CVSS scores: * CVE-2025-13465 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-13465 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2025-13465 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13465 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2025-3415 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-3415 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-3415 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2025-61140 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-61140 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-61140 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-1615 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-1615 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-1615 ( NVD ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-1615 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-21720 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21720 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21721 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21721 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21721 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21722 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21722 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21722 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21724 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21725 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21725 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L * CVE-2026-21725 ( NVD ): 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2026-21725 ( NVD ): 2.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N * CVE-2026-25547 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25547 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25547 ( NVD ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-26958 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-26958 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L * CVE-2026-26958 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27606 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-27606 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-27606 ( NVD ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-27606 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-27876 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-27876 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-27876 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-27877 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-27877 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-27877 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-27877 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-27879 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-27879 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-27879 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28375 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-28375 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-28375 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Multi-Linux Manager Client Tools for SLE 15 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 An update that solves 17 vulnerabilities, contains two features and has 13 security fixes can now be installed. ## Description: This update fixes the following issues: golang-github-lusitaniae-apache_exporter: * Internal changes to fix build issues with no impact for customers golang-github-prometheus-prometheus: * Security issues fixed: * CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup (bsc#1258893) * Bumped rollup to version 4.59.0 * CVE-2026-25547: Fixed unbounded brace range expansion leading to excessive CPU and memory consumption (bsc#1257841) * Bumped brace-expansion to version 5.0.2 * CVE-2026-1615, CVE-2025-61140 The old web UI is no longer built due to security issues (bsc#1257897, bsc#1257442) * CVE-2025-13465: Bumped lodash package to version 4.17.23 to fix prototype pollution vulnerability (bsc#1257329) * CVE-2026-33186: Fixed authorization bypass due to improper validation of the HTTP/2 :path pseudo-header (bsc#1260267) * Bumped google.golang.org/grpc to version 1.79.3 grafana: * Security issues fixed: * CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled (bsc#1258136) * CVE-2026-21721: Fixed access control by the dashboard permissions API (bsc#1257337) * CVE-2026-21720: Fixed unauthenticated DoS (bsc#1257349) * CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer level users (bsc#1245302) * CVE-2026-26958: Bumped filippo.io/edwards25519 to version 1.1.1 (bsc#1258595) * CVE-2026-21725: Fixed missing UID when deleting datasource by name (bsc#1258873) * CVE-2026-21725: Fixed missing UID when deleting datasource by name (bsc#1258873) * CVE-2026-27876: Fixed remote arbitrary code execution via chained SQL Expressions (bsc#1261025) * CVE-2026-27877: Fixed information disclosure of data-source passwords via public dashboards (bsc#1261026) * CVE-2026-28375: Fixed denial of service via testdata data-source (bsc#1261029) * CVE-2026-27879: Fixed denial of service via resample query (bsc#1261027) * CVE-2026-33186: Fixed authorization bypass due to improper validation of the HTTP/2 :path pseudo-header (bsc#1260263) * CVE-2026-21724: Fixed authorization bypass allows modification of protected webhook URLs (bsc#1260878) * Version update from 11.5.10 to 11.6.14+security01 with the following highlighted changes and fixes: * Public Dashboards: Wired the public dashboard service to the HTTP server to ensure proper connectivity and availability * Authentication: Refined the redirect logic to ensure consistent behavior during login and logout sequences * Dashboard Reliability: Resolved a bug preventing single panels from rendering correctly when dashboard variables are referenced * Performance Boost: Introduced WebGL-powered geomaps for smoother map visualizations and removed blurred backgrounds from UI overlays to speed up the interface * One-Click Actions: Visualizations now support faster navigation via one- click links and actions * Alerting History: Added version history for alert rules, allowing you to track changes over time * Service Accounts: Automated the migration of old API keys to more secure Service Accounts upon startup * Cron Support: Annotations now support Cron syntax for more flexible scheduling * Identity and Auth: Hardened the Avatar feature (now requires sign-in) and fixed several login redirection issues when Grafana is hosted on a subpath * Data Source Support: Added support for Cloud Partner Prometheus data sources and improved Azure legend formatting * Alerting Limits: Added size limits for expanded notification templates to prevent system strain * RBAC: Integrated Role-Based Access Control (RBAC) into the Alertmanager via the reqAction field * Data Consistency: Fixed several issues with Graphite and InfluxDB regarding how variables are handled in repeated rows or nested queries * Dashboard Reliability: * Fixed bugs involving row repeats and "self-referencing" data links * Fixed a bug preventing single panels from rendering correctly when dashboard variables are referenced * Alerting Fixes: Patched a critical "panic" (crash) caused by a race condition in alert rules and fixed issues where contact points weren't working correctly * URL Handling: Fixed a bug where "true" values in URL parameters weren't being read correctly prometheus-blackbox_exporter: * Internal changes to fix build issues with no impact for customers spacecmd: * Version 5.1.13-0 * Update translation strings uyuni-tools: * Version 5.1.26-0 * Fixed applying PTF with images from RPMs (bsc#1252548) * Ssl Key file can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fixed default value for helm registry (bsc#1258927). * Remove hub register command * Optimize postgres migration disk space usage (bsc#1257447) * Added continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) * Version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE 15 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-15-2026-1524=1 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-Micro-5-2026-1524=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * mgrctl-5.1.26-150002.3.12.1 * grafana-11.6.14+security01-150002.4.14.1 * golang-github-prometheus-prometheus-3.5.0-150002.3.8.1 * prometheus-blackbox_exporter-0.26.0-150002.3.6.1 * firewalld-prometheus-config-0.1-150002.3.8.1 * mgrctl-debuginfo-5.1.26-150002.3.12.1 * golang-github-lusitaniae-apache_exporter-debuginfo-1.0.10-150002.3.6.1 * golang-github-lusitaniae-apache_exporter-1.0.10-150002.3.6.1 * grafana-debuginfo-11.6.14+security01-150002.4.14.1 * golang-github-prometheus-prometheus-debuginfo-3.5.0-150002.3.8.1 * SUSE Multi-Linux Manager Client Tools for SLE 15 (noarch) * mgrctl-bash-completion-5.1.26-150002.3.12.1 * mgrctl-zsh-completion-5.1.26-150002.3.12.1 * mgrctl-lang-5.1.26-150002.3.12.1 * spacecmd-5.1.13-150002.3.9.3 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (aarch64 ppc64le s390x x86_64) * mgrctl-5.1.26-150002.3.12.1 * mgrctl-debuginfo-5.1.26-150002.3.12.1 * prometheus-blackbox_exporter-0.26.0-150002.3.6.1 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (noarch) * mgrctl-bash-completion-5.1.26-150002.3.12.1 * mgrctl-zsh-completion-5.1.26-150002.3.12.1 * mgrctl-lang-5.1.26-150002.3.12.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13465.html * https://www.suse.com/security/cve/CVE-2025-3415.html * https://www.suse.com/security/cve/CVE-2025-61140.html * https://www.suse.com/security/cve/CVE-2026-1615.html * https://www.suse.com/security/cve/CVE-2026-21720.html * https://www.suse.com/security/cve/CVE-2026-21721.html * https://www.suse.com/security/cve/CVE-2026-21722.html * https://www.suse.com/security/cve/CVE-2026-21724.html * https://www.suse.com/security/cve/CVE-2026-21725.html * https://www.suse.com/security/cve/CVE-2026-25547.html * https://www.suse.com/security/cve/CVE-2026-26958.html * https://www.suse.com/security/cve/CVE-2026-27606.html * https://www.suse.com/security/cve/CVE-2026-27876.html * https://www.suse.com/security/cve/CVE-2026-27877.html * https://www.suse.com/security/cve/CVE-2026-27879.html * https://www.suse.com/security/cve/CVE-2026-28375.html * https://www.suse.com/security/cve/CVE-2026-33186.html * https://bugzilla.suse.com/show_bug.cgi?id=1245302 * https://bugzilla.suse.com/show_bug.cgi?id=1250367 * https://bugzilla.suse.com/show_bug.cgi?id=1252548 * https://bugzilla.suse.com/show_bug.cgi?id=1252964 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254619 * https://bugzilla.suse.com/show_bug.cgi?id=1257329 * https://bugzilla.suse.com/show_bug.cgi?id=1257337 * https://bugzilla.suse.com/show_bug.cgi?id=1257349 * https://bugzilla.suse.com/show_bug.cgi?id=1257442 * https://bugzilla.suse.com/show_bug.cgi?id=1257447 * https://bugzilla.suse.com/show_bug.cgi?id=1257660 * https://bugzilla.suse.com/show_bug.cgi?id=1257841 * https://bugzilla.suse.com/show_bug.cgi?id=1257897 * https://bugzilla.suse.com/show_bug.cgi?id=1257941 * https://bugzilla.suse.com/show_bug.cgi?id=1258015 * https://bugzilla.suse.com/show_bug.cgi?id=1258136 * https://bugzilla.suse.com/show_bug.cgi?id=1258418 * https://bugzilla.suse.com/show_bug.cgi?id=1258595 * https://bugzilla.suse.com/show_bug.cgi?id=1258873 * https://bugzilla.suse.com/show_bug.cgi?id=1258893 * https://bugzilla.suse.com/show_bug.cgi?id=1258927 * https://bugzilla.suse.com/show_bug.cgi?id=1259208 * https://bugzilla.suse.com/show_bug.cgi?id=1260263 * https://bugzilla.suse.com/show_bug.cgi?id=1260267 * https://bugzilla.suse.com/show_bug.cgi?id=1260878 * https://bugzilla.suse.com/show_bug.cgi?id=1261025 * https://bugzilla.suse.com/show_bug.cgi?id=1261026 * https://bugzilla.suse.com/show_bug.cgi?id=1261027 * https://bugzilla.suse.com/show_bug.cgi?id=1261029 * https://jira.suse.com/browse/MSQA-1048 * https://jira.suse.com/browse/PED-15474 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:33:34 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 16:33:34 -0000 Subject: SUSE-SU-2026:1523-1: important: Security update 5.1.3 for Multi-Linux Manager Salt Bundle Message-ID: <177678921460.35.10465676735953975670@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Salt Bundle Announcement ID: SUSE-SU-2026:1523-1 Release Date: 2026-04-21T09:25:44Z Rating: important References: * bsc#1254629 * bsc#1257831 * bsc#1258957 * bsc#1259554 * jsc#MSQA-1048 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SLE 12 An update that solves one vulnerability, contains one feature and has three security fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Backport security patch for Salt vendored tornado (bsc#1259554): * CVE-2026-31958: Add limits on multipart form data parsing * Add x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fix ansible.playbooks extra-vars quoting (bsc#1257831) * Fix virtualenv call in test helper to use proper python version * Fix the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fix the typo causing buiding EL9 bundle without binary dependencies ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE 12 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-12-2026-1523=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-120002.5.12.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:33:56 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 16:33:56 -0000 Subject: SUSE-RU-2026:1522-1: moderate: Recommended update 5.1.3 for Multi-Linux Manager Client Tools Message-ID: <177678923603.35.11243196406398706549@46b3146b979a> # Recommended update 5.1.3 for Multi-Linux Manager Client Tools Announcement ID: SUSE-RU-2026:1522-1 Release Date: 2026-04-21T09:25:26Z Rating: moderate References: * bsc#1250367 * bsc#1252548 * bsc#1252964 * bsc#1254154 * bsc#1254619 * bsc#1257447 * bsc#1257660 * bsc#1257941 * bsc#1258015 * bsc#1258418 * bsc#1258927 * bsc#1259208 * jsc#MSQA-1048 Affected Products: * SUSE Multi-Linux Manager Client Tools for SLE 12 An update that contains one feature and has 12 fixes can now be installed. ## Description: This update fixes the following issues: golang-github-lusitaniae-apache_exporter: * Internal changes to fix build issues with no impact for customers spacecmd: * Version 5.1.13-0 * Update translation strings uyuni-tools: * Version 5.1.26-0 * Fix applying PTF with images from RPMs (bsc#1252548) * Ssl Key file can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fix default value for helm registry (bsc#1258927). * Remove hub register command * Optimize postgres migration disk space usage (bsc#1257447) * Add continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) * Version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE 12 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-12-2026-1522=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * mgrctl-5.1.26-120002.3.12.1 * golang-github-lusitaniae-apache_exporter-1.0.10-120002.3.6.1 * golang-github-lusitaniae-apache_exporter-debuginfo-1.0.10-120002.3.6.1 * SUSE Multi-Linux Manager Client Tools for SLE 12 (noarch) * mgrctl-bash-completion-5.1.26-120002.3.12.1 * mgrctl-zsh-completion-5.1.26-120002.3.12.1 * spacecmd-5.1.13-120002.3.9.1 * mgrctl-lang-5.1.26-120002.3.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1250367 * https://bugzilla.suse.com/show_bug.cgi?id=1252548 * https://bugzilla.suse.com/show_bug.cgi?id=1252964 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254619 * https://bugzilla.suse.com/show_bug.cgi?id=1257447 * https://bugzilla.suse.com/show_bug.cgi?id=1257660 * https://bugzilla.suse.com/show_bug.cgi?id=1257941 * https://bugzilla.suse.com/show_bug.cgi?id=1258015 * https://bugzilla.suse.com/show_bug.cgi?id=1258418 * https://bugzilla.suse.com/show_bug.cgi?id=1258927 * https://bugzilla.suse.com/show_bug.cgi?id=1259208 * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:34:04 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 16:34:04 -0000 Subject: SUSE-SU-2026:1521-1: important: Security update 5.1.3 for Multi-Linux Manager Client Tools Message-ID: <177678924413.35.4905516705727910175@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:1521-1 Release Date: 2026-04-21T09:25:11Z Rating: important References: * bsc#1254629 * bsc#1257831 * bsc#1258957 * bsc#1259554 * jsc#MSQA-1048 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 7, RHEL and clones An update that solves one vulnerability, contains one feature and has three security fixes can now be installed. ## Description: This update fixes the following issues: golang-github-lusitaniae-apache_exporter: * Internal changes to fix build issues with no impact for customers spacecmd: * Version 5.1.13-0 * Updated translation strings venv-salt-minion: * Security issues fixed: * CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing (bsc#1259554) * Added x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fixed ansible.playbooks extra-vars quoting (bsc#1257831) * Fixed virtualenv call in test helper to use proper python version * Fixed the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fixed the typo causing buiding EL9 bundle without binary dependencies ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 7, RHEL and clones zypper in -t patch SUSE-MultiLinuxManagerTools-RES-7-2026-1521=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 7, RHEL and clones (aarch64 ppc64le x86_64) * venv-salt-minion-3006.0-70002.5.12.1 * golang-github-lusitaniae-apache_exporter-1.0.10-70002.3.6.1 * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 7, RHEL and clones (noarch) * spacecmd-5.1.13-70002.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:34:30 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 16:34:30 -0000 Subject: SUSE-SU-2026:1520-1: important: Security update 5.1.3 for Multi-Linux Manager Client Tools Message-ID: <177678927012.35.3488201491296231982@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:1520-1 Release Date: 2026-04-21T09:24:50Z Rating: important References: * bsc#1250367 * bsc#1252548 * bsc#1252964 * bsc#1254154 * bsc#1254619 * bsc#1254629 * bsc#1257447 * bsc#1257660 * bsc#1257831 * bsc#1257941 * bsc#1258015 * bsc#1258418 * bsc#1258927 * bsc#1258957 * bsc#1259208 * bsc#1259554 * jsc#MSQA-1048 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 8, RHEL and clones An update that solves one vulnerability, contains one feature and has 15 security fixes can now be installed. ## Description: This update fixes the following issues: golang-github-lusitaniae-apache_exporter: * Internal changes to fix build issues with no impact for customers spacecmd: * Version 5.1.13-0 * Updated translation strings uyuni-tools: * Version 5.1.26-0 * Fixed applying PTF with images from RPMs (bsc#1252548) * Ssl Key file can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fixed default value for helm registry (bsc#1258927). * Removed hub register command * Optimized postgres migration disk space usage (bsc#1257447) * Added continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) * Version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) venv-salt-minion: * Security issues fixed: * CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing (bsc#1259554) * Added x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fixed ansible.playbooks extra-vars quoting (bsc#1257831) * Fixed virtualenv call in test helper to use proper python version * Fixed the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fixed the typo causing buiding EL9 bundle without binary dependencies ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 8, RHEL and clones zypper in -t patch SUSE-MultiLinuxManagerTools-EL-8-2026-1520=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 8, RHEL and clones (aarch64 ppc64le x86_64) * venv-salt-minion-3006.0-80002.5.12.3 * mgrctl-5.1.26-80002.3.9.2 * golang-github-lusitaniae-apache_exporter-1.0.10-80002.3.6.2 * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 8, RHEL and clones (noarch) * mgrctl-bash-completion-5.1.26-80002.3.9.2 * mgrctl-zsh-completion-5.1.26-80002.3.9.2 * spacecmd-5.1.13-80002.3.9.2 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1250367 * https://bugzilla.suse.com/show_bug.cgi?id=1252548 * https://bugzilla.suse.com/show_bug.cgi?id=1252964 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254619 * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257447 * https://bugzilla.suse.com/show_bug.cgi?id=1257660 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1257941 * https://bugzilla.suse.com/show_bug.cgi?id=1258015 * https://bugzilla.suse.com/show_bug.cgi?id=1258418 * https://bugzilla.suse.com/show_bug.cgi?id=1258927 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259208 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:34:56 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 16:34:56 -0000 Subject: SUSE-SU-2026:1519-1: important: Security update 5.1.3 for Multi-Linux Manager Client Tools Message-ID: <177678929653.35.3671325426842555098@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:1519-1 Release Date: 2026-04-21T09:24:29Z Rating: important References: * bsc#1250367 * bsc#1252548 * bsc#1252964 * bsc#1254154 * bsc#1254619 * bsc#1254629 * bsc#1257447 * bsc#1257660 * bsc#1257831 * bsc#1257941 * bsc#1258015 * bsc#1258418 * bsc#1258927 * bsc#1258957 * bsc#1259208 * bsc#1259554 * jsc#MSQA-1048 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 9, RHEL and clones An update that solves one vulnerability, contains one feature and has 15 security fixes can now be installed. ## Description: This update fixes the following issues: golang-github-lusitaniae-apache_exporter: * Internal changes to fix build issues with no impact for customers spacecmd: * Version 5.1.13-0 * Updated translation strings uyuni-tools: * Version 5.1.26-0 * Fixed applying PTF with images from RPMs (bsc#1252548) * Ssl Key file can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fixed default value for helm registry (bsc#1258927). * Removed hub register command * Optimized postgres migration disk space usage (bsc#1257447) * Added continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) * Version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) venv-salt-minion: * Security issues fixed: * CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing (bsc#1259554) * Added x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fixed ansible.playbooks extra-vars quoting (bsc#1257831) * Fixed virtualenv call in test helper to use proper python version * Fixed the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fixed the typo causing buiding EL9 bundle without binary dependencies ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 9, RHEL and clones zypper in -t patch SUSE-MultiLinuxManagerTools-EL-9-2026-1519=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 9, RHEL and clones (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-90002.5.12.2 * golang-github-lusitaniae-apache_exporter-1.0.10-90002.3.6.1 * mgrctl-5.1.26-90002.3.9.1 * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 9, RHEL and clones (noarch) * mgrctl-bash-completion-5.1.26-90002.3.9.1 * spacecmd-5.1.13-90002.3.9.1 * mgrctl-zsh-completion-5.1.26-90002.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1250367 * https://bugzilla.suse.com/show_bug.cgi?id=1252548 * https://bugzilla.suse.com/show_bug.cgi?id=1252964 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254619 * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257447 * https://bugzilla.suse.com/show_bug.cgi?id=1257660 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1257941 * https://bugzilla.suse.com/show_bug.cgi?id=1258015 * https://bugzilla.suse.com/show_bug.cgi?id=1258418 * https://bugzilla.suse.com/show_bug.cgi?id=1258927 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259208 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:35:22 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 16:35:22 -0000 Subject: SUSE-SU-2026:1517-1: important: Security update 5.1.3 for Multi-Linux Manager Client Tools Message-ID: <177678932279.35.15756441082233342629@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:1517-1 Release Date: 2026-04-21T09:21:20Z Rating: important References: * bsc#1250367 * bsc#1252548 * bsc#1252964 * bsc#1254154 * bsc#1254619 * bsc#1254629 * bsc#1257447 * bsc#1257660 * bsc#1257831 * bsc#1257941 * bsc#1258015 * bsc#1258418 * bsc#1258927 * bsc#1258957 * bsc#1259208 * bsc#1259554 * jsc#MSQA-1048 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for Ubuntu 22.04 2204 An update that solves one vulnerability, contains one feature and has 15 security fixes can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 5.1.13-0 * Updated translation strings uyuni-tools: * Version 5.1.26-0 * Fixed applying PTF with images from RPMs (bsc#1252548) * Ssl Key file can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fixed default value for helm registry (bsc#1258927). * Removed hub register command * Optimized postgres migration disk space usage (bsc#1257447) * Added continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) * Version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) venv-salt-minion: * Security issues fixed: * CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing (bsc#1259554) * Added x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fixed ansible.playbooks extra-vars quoting (bsc#1257831) * Fixed virtualenv call in test helper to use proper python version * Fixed the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fixed the typo causing buiding EL9 bundle without binary dependencies ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for Ubuntu 22.04 2204 zypper in -t patch SUSE-MultiLinuxManagerTools-Ubuntu-22.04-2026-1517=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for Ubuntu 22.04 2204 (all) * spacecmd-5.1.13-220402.3.15.1 * mgrctl-zsh-completion-5.1.26-220402.3.15.1 * mgrctl-bash-completion-5.1.26-220402.3.15.1 * mgrctl-fish-completion-5.1.26-220402.3.15.1 * SUSE Multi-Linux Manager Client Tools for Ubuntu 22.04 2204 (amd64) * venv-salt-minion-3006.0-220402.3.18.1 * mgrctl-5.1.26-220402.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1250367 * https://bugzilla.suse.com/show_bug.cgi?id=1252548 * https://bugzilla.suse.com/show_bug.cgi?id=1252964 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254619 * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257447 * https://bugzilla.suse.com/show_bug.cgi?id=1257660 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1257941 * https://bugzilla.suse.com/show_bug.cgi?id=1258015 * https://bugzilla.suse.com/show_bug.cgi?id=1258418 * https://bugzilla.suse.com/show_bug.cgi?id=1258927 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259208 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:35:48 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 16:35:48 -0000 Subject: SUSE-SU-2026:1516-1: important: Security update 5.1.3 for Multi-Linux Manager Client Tools Message-ID: <177678934810.35.15439050353576319876@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:1516-1 Release Date: 2026-04-21T09:21:03Z Rating: important References: * bsc#1250367 * bsc#1252548 * bsc#1252964 * bsc#1254154 * bsc#1254619 * bsc#1254629 * bsc#1257447 * bsc#1257660 * bsc#1257831 * bsc#1257941 * bsc#1258015 * bsc#1258418 * bsc#1258927 * bsc#1258957 * bsc#1259208 * bsc#1259554 * jsc#MSQA-1048 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for Ubuntu 24.04 2404 An update that solves one vulnerability, contains one feature and has 15 security fixes can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 5.1.13-0 * Updated translation strings uyuni-tools: * Version 5.1.26-0 * Fixed applying PTF with images from RPMs (bsc#1252548) * Ssl Key file can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fixed default value for helm registry (bsc#1258927). * Removed hub register command * Optimized postgres migration disk space usage (bsc#1257447) * Added continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) * Version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) venv-salt-minion: * Security issues fixed: * CVE-2026-31958: Security patch for Salt vendored tornado: Added limits on multipart form data parsing (bsc#1259554) * Added x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fixed ansible.playbooks extra-vars quoting (bsc#1257831) * Fixed virtualenv call in test helper to use proper python version * Fixed the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fixed the typo causing buiding EL9 bundle without binary dependencies ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for Ubuntu 24.04 2404 zypper in -t patch SUSE-MultiLinuxManagerTools-Ubuntu-24.04-2026-1516=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for Ubuntu 24.04 2404 (all) * spacecmd-5.1.13-240402.3.20.1 * mgrctl-zsh-completion-5.1.26-240402.3.15.1 * mgrctl-bash-completion-5.1.26-240402.3.15.1 * mgrctl-fish-completion-5.1.26-240402.3.15.1 * SUSE Multi-Linux Manager Client Tools for Ubuntu 24.04 2404 (amd64) * mgrctl-5.1.26-240402.3.15.1 * venv-salt-minion-3006.0-240402.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1250367 * https://bugzilla.suse.com/show_bug.cgi?id=1252548 * https://bugzilla.suse.com/show_bug.cgi?id=1252964 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254619 * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257447 * https://bugzilla.suse.com/show_bug.cgi?id=1257660 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1257941 * https://bugzilla.suse.com/show_bug.cgi?id=1258015 * https://bugzilla.suse.com/show_bug.cgi?id=1258418 * https://bugzilla.suse.com/show_bug.cgi?id=1258927 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259208 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:36:14 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 16:36:14 -0000 Subject: SUSE-SU-2026:1515-1: important: Security update 5.1.3 for Multi-Linux Manager Client Tools Message-ID: <177678937494.35.18392237286538630173@46b3146b979a> # Security update 5.1.3 for Multi-Linux Manager Client Tools Announcement ID: SUSE-SU-2026:1515-1 Release Date: 2026-04-21T09:20:46Z Rating: important References: * bsc#1250367 * bsc#1252548 * bsc#1252964 * bsc#1254154 * bsc#1254619 * bsc#1254629 * bsc#1257447 * bsc#1257660 * bsc#1257831 * bsc#1257941 * bsc#1258015 * bsc#1258418 * bsc#1258927 * bsc#1258957 * bsc#1259208 * bsc#1259554 * jsc#MSQA-1048 Cross-References: * CVE-2026-31958 CVSS scores: * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Multi-Linux Manager Client Tools for Debian 12 An update that solves one vulnerability, contains one feature and has 15 security fixes can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 5.1.13-0 * Update translation strings uyuni-tools: * Version 5.1.26-0 * Fix applying PTF with images from RPMs (bsc#1252548) * Ssl Key file can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fix default value for helm registry (bsc#1258927). * Remove hub register command * Optimize postgres migration disk space usage (bsc#1257447) * Add continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) * Version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) venv-salt-minion: * Backport security patch for Salt vendored tornado (bsc#1259554): * CVE-2026-31958: Add limits on multipart form data parsing * Add x86_64_v2 as a possible rpm package architecture * Make users with backslash working for salt-ssh (bsc#1254629) * Fix ansible.playbooks extra-vars quoting (bsc#1257831) * Fix virtualenv call in test helper to use proper python version * Fix the issue preventing SELinux profile to be loaded on SLES 16 deployed using cloud images (bsc#1258957) * Fix the typo causing buiding EL9 bundle without binary dependencies ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for Debian 12 zypper in -t patch SUSE-MultiLinuxManagerTools-Debian-12-2026-1515=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for Debian 12 (all) * mgrctl-fish-completion-5.1.26-120002.3.17.1 * mgrctl-bash-completion-5.1.26-120002.3.17.1 * mgrctl-zsh-completion-5.1.26-120002.3.17.1 * spacecmd-5.1.13-120002.3.17.1 * SUSE Multi-Linux Manager Client Tools for Debian 12 (amd64 arm64) * venv-salt-minion-3006.0-120002.3.20.5 * mgrctl-5.1.26-120002.3.17.1 ## References: * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1250367 * https://bugzilla.suse.com/show_bug.cgi?id=1252548 * https://bugzilla.suse.com/show_bug.cgi?id=1252964 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254619 * https://bugzilla.suse.com/show_bug.cgi?id=1254629 * https://bugzilla.suse.com/show_bug.cgi?id=1257447 * https://bugzilla.suse.com/show_bug.cgi?id=1257660 * https://bugzilla.suse.com/show_bug.cgi?id=1257831 * https://bugzilla.suse.com/show_bug.cgi?id=1257941 * https://bugzilla.suse.com/show_bug.cgi?id=1258015 * https://bugzilla.suse.com/show_bug.cgi?id=1258418 * https://bugzilla.suse.com/show_bug.cgi?id=1258927 * https://bugzilla.suse.com/show_bug.cgi?id=1258957 * https://bugzilla.suse.com/show_bug.cgi?id=1259208 * https://bugzilla.suse.com/show_bug.cgi?id=1259554 * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 16:36:16 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 16:36:16 -0000 Subject: SUSE-RU-2026:1514-1: moderate: Recommended update 5.1.3 for Multi-Linux Manager Client Tools Message-ID: <177678937635.35.18069903589535329109@46b3146b979a> # Recommended update 5.1.3 for Multi-Linux Manager Client Tools Announcement ID: SUSE-RU-2026:1514-1 Release Date: 2026-04-21T09:20:24Z Rating: moderate References: * jsc#MSQA-1048 Affected Products: * SUSE Multi-Linux Manager Client Tools for Debian 13 An update that contains one feature can now be installed. ## Description: This update fixes the following issues: spacecmd: * Initial package release uyuni-tools: * Initial package release venv-salt-minion: * Initial package release ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for Debian 13 zypper in -t patch SUSE-MultiLinuxManagerTools-Debian-13-2026-1514=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for Debian 13 (all) * mgrctl-fish-completion-5.1.26-130002.2.3.4 * mgrctl-zsh-completion-5.1.26-130002.2.3.4 * spacecmd-5.1.13-130002.2.3.5 * mgrctl-bash-completion-5.1.26-130002.2.3.4 * SUSE Multi-Linux Manager Client Tools for Debian 13 (amd64 arm64) * mgrctl-5.1.26-130002.2.3.4 * venv-salt-minion-3006.0-130002.2.3.1 ## References: * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 20:30:08 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 20:30:08 -0000 Subject: SUSE-SU-2026:1535-1: important: Security update for the Linux Kernel (Live Patch 68 for SUSE Linux Enterprise 12 SP5) Message-ID: <177680340822.60.2326043793497719426@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 68 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1535-1 Release Date: 2026-04-21T14:34:30Z Rating: important References: * bsc#1258396 * bsc#1259859 Cross-References: * CVE-2026-23191 * CVE-2026-23268 CVSS scores: * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.258 fixes various security issues The following security issues were fixed: * CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1535=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_258-default-14-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23191.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1258396 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 20:30:13 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 20:30:13 -0000 Subject: SUSE-SU-2026:1532-1: important: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7) Message-ID: <177680341397.60.4960917005164804993@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7) Announcement ID: SUSE-SU-2026:1532-1 Release Date: 2026-04-21T12:04:58Z Rating: important References: * bsc#1255066 * bsc#1259859 Cross-References: * CVE-2025-40309 * CVE-2026-23268 CVSS scores: * CVE-2025-40309 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40309 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.3 fixes various security issues The following security issues were fixed: * CVE-2025-40309: Bluetooth: SCO: Fix UAF on sco_conn_free (bsc#1255066). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1532=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x) * kernel-livepatch-6_4_0-150700_53_3-default-debuginfo-14-150700.2.2 * kernel-livepatch-SLE15-SP7_Update_1-debugsource-14-150700.2.2 * kernel-livepatch-6_4_0-150700_53_3-default-14-150700.2.2 * SUSE Linux Enterprise Live Patching 15-SP7 (x86_64) * kernel-livepatch-SLE15-SP7_Update_1-debugsource-14-150700.2.1 * kernel-livepatch-6_4_0-150700_53_3-default-debuginfo-14-150700.2.1 * kernel-livepatch-6_4_0-150700_53_3-default-14-150700.2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-40309.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1255066 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 20:30:16 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 20:30:16 -0000 Subject: SUSE-SU-2026:1531-1: important: Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6) Message-ID: <177680341696.60.5974857870913068506@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6) Announcement ID: SUSE-SU-2026:1531-1 Release Date: 2026-04-21T12:04:50Z Rating: important References: * bsc#1259859 Cross-References: * CVE-2026-23268 CVSS scores: * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Live Patching 15-SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.87 fixes one security issue The following security issue was fixed: * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1531=1 * SUSE Linux Enterprise Live Patching 15-SP6 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1531=1 ## Package List: * openSUSE Leap 15.6 (x86_64) * kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-3-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_20-debugsource-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_87-default-3-150600.2.1 * openSUSE Leap 15.6 (ppc64le s390x) * kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-3-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_20-debugsource-3-150600.2.2 * kernel-livepatch-6_4_0-150600_23_87-default-3-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x) * kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-3-150600.2.2 * kernel-livepatch-SLE15-SP6_Update_20-debugsource-3-150600.2.2 * kernel-livepatch-6_4_0-150600_23_87-default-3-150600.2.2 * SUSE Linux Enterprise Live Patching 15-SP6 (x86_64) * kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-3-150600.2.1 * kernel-livepatch-SLE15-SP6_Update_20-debugsource-3-150600.2.1 * kernel-livepatch-6_4_0-150600_23_87-default-3-150600.2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 20:30:24 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 20:30:24 -0000 Subject: SUSE-RU-2026:1534-1: important: Recommended update for saptune Message-ID: <177680342447.60.10575543023080131874@d4c6dfb45de4> # Recommended update for saptune Announcement ID: SUSE-RU-2026:1534-1 Release Date: 2026-04-21T14:17:53Z Rating: important References: * bsc#1235824 * bsc#1259748 * bsc#1260498 * bsc#1261866 * jsc#PED-15405 Affected Products: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that contains one feature and has four fixes can now be installed. ## Description: This update for saptune fixes the following issues: * update package version of saptune to 3.2.3: * On Azure cloud systems fix a systemd ordering cycle conflict which prevents saptune to run on boot: * The reason for this conflict is an upcoming cloud-init update which will change the order by adding 'After=multi-user.target' to the cloud-final.service. * Since version 3.1.5 saptune has a dependency to cloud-final.service on Azure systems to fix (bsc#1235824). * We will now remove this dependency. (bsc#1260498, jsc#SAPSOL-1050) * Fix systemd service state revert problem. (bsc#1259748) * Fix output of 'saptune verify applied' in case of enabled notes, but nothing is applied. (jsc#SAPSOL-1051) * Add new tag 'kernel' to match the running kernel release. Valid values are extended regular expressions (RE2) that match the output of 'uname -r' (jsc#SAPSOL-810) * Support C-State names for parameter 'force_latency' additional to the already available latency value. (jsc#SAPSOL-806) * Support optional packages in the rpm section. (jsc#SAPSOL-791) * Warn about duplicate Notes/Solutions. (jsc#SAPSOL-948) * Fix kernel regex for HotFix000022286 (bsc#1261866) * Add condition (kernel tag) to HotFix000022286. As the final kernel patch is available for the problem the HotFix will only be active on systems currently not patched to the latest kernel patch. * SLE12/15/16 - deprecate Note 941735 (jsc#SAPSOL-1048) * SAP Note 2684254 updated to Version 27 check that TSX is set to auto on systems running dedicated kernel releases. (jsc#SAPSOL-793) * SAP Note 1656250 updated to Version 71 disable C-states higher than C1 * SAP Note 2578899 updated to Version 55 check for optional sssd package version * SAP Note 1275776 updated to Version 47 * SLE 16 SAP Note 3577842 and 3565382 updated * use versioned Provides/Obsoletes for sapconf * use full path for commands used in pre/post scripts * requires systemd-presets-branding-SLE-SAP (jsc#PED-15405) * update package version of saptune to 3.2.2 - HOTFIX: * ship Note HotFix000022286 and add it to the Solutions 'HANA', 'NETWEAVER+HANA', 'S4HANA-APP+DB' and 'S4HANA-DBSERVER'. * This HotFix addresses a problem described in the TID 22286 * This HotFix is only available for SLES15SP5 to SLES15SP7 on x86_64 architecture. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2026-1534=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * saptune-3.2.3-4.52.1 * saptune-debuginfo-3.2.3-4.52.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1235824 * https://bugzilla.suse.com/show_bug.cgi?id=1259748 * https://bugzilla.suse.com/show_bug.cgi?id=1260498 * https://bugzilla.suse.com/show_bug.cgi?id=1261866 * https://jira.suse.com/browse/PED-15405 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Apr 21 20:30:31 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 21 Apr 2026 20:30:31 -0000 Subject: SUSE-RU-2026:1533-1: important: Recommended update for saptune Message-ID: <177680343143.60.12124631084226312777@d4c6dfb45de4> # Recommended update for saptune Announcement ID: SUSE-RU-2026:1533-1 Release Date: 2026-04-21T14:17:44Z Rating: important References: * bsc#1235824 * bsc#1259748 * bsc#1260498 * bsc#1261866 * jsc#PED-15405 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SAP Applications Module 15-SP4 * SAP Applications Module 15-SP5 * SAP Applications Module 15-SP6 * SAP Applications Module 15-SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that contains one feature and has four fixes can now be installed. ## Description: This update for saptune fixes the following issues: * update package version of saptune to 3.2.3: * On Azure cloud systems fix a systemd ordering cycle conflict which prevents saptune to run on boot: * The reason for this conflict is an upcoming cloud-init update which will change the order by adding 'After=multi-user.target' to the cloud-final.service. * Since version 3.1.5 saptune has a dependency to cloud-final.service on Azure systems to fix (bsc#1235824). * We will now remove this dependency. (bsc#1260498, jsc#SAPSOL-1050) * Fix systemd service state revert problem. (bsc#1259748) * Fix output of 'saptune verify applied' in case of enabled notes, but nothing is applied. (jsc#SAPSOL-1051) * Add new tag 'kernel' to match the running kernel release. Valid values are extended regular expressions (RE2) that match the output of 'uname -r' (jsc#SAPSOL-810) * Support C-State names for parameter 'force_latency' additional to the already available latency value. (jsc#SAPSOL-806) * Support optional packages in the rpm section. (jsc#SAPSOL-791) * Warn about duplicate Notes/Solutions. (jsc#SAPSOL-948) * Fix kernel regex for HotFix000022286 (bsc#1261866) * Add condition (kernel tag) to HotFix000022286. As the final kernel patch is available for the problem the HotFix will only be active on systems currently not patched to the latest kernel patch. * SLE12/15/16 - deprecate Note 941735 (jsc#SAPSOL-1048) * SAP Note 2684254 updated to Version 27 check that TSX is set to auto on systems running dedicated kernel releases. (jsc#SAPSOL-793) * SAP Note 1656250 updated to Version 71 disable C-states higher than C1 * SAP Note 2578899 updated to Version 55 check for optional sssd package version * SAP Note 1275776 updated to Version 47 * SLE 16 SAP Note 3577842 and 3565382 updated * use versioned Provides/Obsoletes for sapconf * use full path for commands used in pre/post scripts * requires systemd-presets-branding-SLE-SAP (jsc#PED-15405) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1533=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-1533=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2026-1533=1 * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2026-1533=1 * SAP Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP6-2026-1533=1 * SAP Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP7-2026-1533=1 ## Package List: * openSUSE Leap 15.4 (ppc64le x86_64) * saptune-3.2.3-150400.15.38.1 * saptune-debuginfo-3.2.3-150400.15.38.1 * openSUSE Leap 15.6 (ppc64le x86_64) * saptune-3.2.3-150400.15.38.1 * saptune-debuginfo-3.2.3-150400.15.38.1 * SAP Applications Module 15-SP4 (ppc64le x86_64) * saptune-3.2.3-150400.15.38.1 * saptune-debuginfo-3.2.3-150400.15.38.1 * SAP Applications Module 15-SP5 (ppc64le x86_64) * saptune-3.2.3-150400.15.38.1 * saptune-debuginfo-3.2.3-150400.15.38.1 * SAP Applications Module 15-SP6 (ppc64le x86_64) * saptune-3.2.3-150400.15.38.1 * saptune-debuginfo-3.2.3-150400.15.38.1 * SAP Applications Module 15-SP7 (ppc64le x86_64) * saptune-3.2.3-150400.15.38.1 * saptune-debuginfo-3.2.3-150400.15.38.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1235824 * https://bugzilla.suse.com/show_bug.cgi?id=1259748 * https://bugzilla.suse.com/show_bug.cgi?id=1260498 * https://bugzilla.suse.com/show_bug.cgi?id=1261866 * https://jira.suse.com/browse/PED-15405 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 08:30:04 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 22 Apr 2026 08:30:04 -0000 Subject: SUSE-RU-2026:1518-1: moderate: Recommended update 5.1.3 for Multi-Linux Manager Client Tools Message-ID: <177684660406.184.6639023096642639250@a649e7bfc190> # Recommended update 5.1.3 for Multi-Linux Manager Client Tools Announcement ID: SUSE-RU-2026:1518-1 Release Date: 2026-04-21T09:24:06Z Rating: moderate References: * jsc#MSQA-1048 Affected Products: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 10, RHEL and clones An update that contains one feature can now be installed. ## Description: This update fixes the following issues: scap-security-guide: * Initial package release spacecmd: * Initial package release uyuni-tools: * Initial package release venv-salt-minion: * Initial package release ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 10, RHEL and clones zypper in -t patch SUSE-MultiLinuxManagerTools-EL-10-2026-1518=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 10, RHEL and clones (aarch64 ppc64le s390x x86_64) * mgrctl-5.1.26-100002.1.3.1 * venv-salt-minion-3006.0-100002.1.3.1 * SUSE Multi-Linux Manager Client Tools for SUSE Liberty Linux 10, RHEL and clones (noarch) * mgrctl-bash-completion-5.1.26-100002.1.3.1 * spacecmd-5.1.13-100002.1.3.1 * mgrctl-zsh-completion-5.1.26-100002.1.3.1 * scap-security-guide-redhat-0.1.79-100002.1.3.2 ## References: * https://jira.suse.com/browse/MSQA-1048 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:30:13 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 22 Apr 2026 12:30:13 -0000 Subject: SUSE-RU-2026:21240-1: important: Recommended update for gdb Message-ID: <177686101391.329.11138141964361238939@d4c6dfb45de4> # Recommended update for gdb Announcement ID: SUSE-RU-2026:21240-1 Release Date: 2026-04-21T10:46:22Z Rating: important References: * bsc#1238724 * bsc#1249147 * bsc#1251213 * bsc#1257111 Affected Products: * SUSE Linux Micro 6.2 * SUSE Linux Micro Extras 6.2 An update that has four fixes can now be installed. ## Description: This update for gdb fixes the following issues: Changes in gdb: * Re-enable ptype /o for flexible array member types (swo#33966, bsc#1249147). * Fix TUI crash when encountering a debuginfod query while entering TUI (swo#31449, swo#33794). * Fix a case on x86_64/-m32 where displaced stepping steps out of the displaced stepping buffer (swo#33997). * Fix generation of core files using gcore for glibc 2.42 (swo#33855). * Fix slow symbol lookup with dwz-compressed debuginfo (swo#33825, bsc#1257111). * Fix failure to list source file with dwz-compressed debuginfo (brc#2403580). * Fix slow symbol table reading with dwz-compressed debuginfo (swo#33777). * Fix heap-use-after-free, reported by TSAN. * Fix backtrace through signal trampoline on s390x (swo#33708). * Work around recursively defined sle_version on openSUSE Leap 16.0 (bsc#1238724). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.2 zypper in -t patch SUSE-SLE-Micro-Extras-6.2-604=1 ## Package List: * SUSE Linux Micro Extras 6.2 (aarch64 ppc64le s390x x86_64) * gdb-debuginfo-16.3-160000.4.1 * gdb-16.3-160000.4.1 * gdb-debugsource-16.3-160000.4.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1238724 * https://bugzilla.suse.com/show_bug.cgi?id=1249147 * https://bugzilla.suse.com/show_bug.cgi?id=1251213 * https://bugzilla.suse.com/show_bug.cgi?id=1257111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:30:16 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 22 Apr 2026 12:30:16 -0000 Subject: SUSE-SU-2026:21239-1: moderate: Security update for libpng16 Message-ID: <177686101668.329.9250396933578421842@d4c6dfb45de4> # Security update for libpng16 Announcement ID: SUSE-SU-2026:21239-1 Release Date: 2026-04-21T10:12:43Z Rating: moderate References: * bsc#1261957 Cross-References: * CVE-2026-34757 CVSS scores: * CVE-2026-34757 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-34757 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-34757 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for libpng16 fixes the following issue: * CVE-2026-34757: libpng: Information disclosure and data corruption via use- after-free vulnerability (bsc#1261957). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-603=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libpng16-16-1.6.44-160000.7.1 * libpng16-debugsource-1.6.44-160000.7.1 * libpng16-16-debuginfo-1.6.44-160000.7.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34757.html * https://bugzilla.suse.com/show_bug.cgi?id=1261957 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:30:19 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 22 Apr 2026 12:30:19 -0000 Subject: SUSE-RU-2026:21238-1: moderate: Recommended update for pcr-oracle Message-ID: <177686101947.329.17453581447833581152@d4c6dfb45de4> # Recommended update for pcr-oracle Announcement ID: SUSE-RU-2026:21238-1 Release Date: 2026-04-20T15:11:07Z Rating: moderate References: * bsc#1258119 Affected Products: * SUSE Linux Micro 6.2 An update that has one fix can now be installed. ## Description: This update for pcr-oracle fixes the following issues: * Update to 0.6.0: * Initial support for CI tests * Fix additional arguments following the PCR index * CI: Shutdown the swtpm instance after tests * Fix stop event check crash for grub-command (bsc#1258119) * Print PCR values during signing or sealing ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-598=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 x86_64) * pcr-oracle-0.6.0-160000.1.1 * pcr-oracle-debugsource-0.6.0-160000.1.1 * pcr-oracle-debuginfo-0.6.0-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1258119 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:32:04 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 22 Apr 2026 12:32:04 -0000 Subject: SUSE-SU-2026:21237-1: important: Security update for the Linux Kernel Message-ID: <177686112453.329.1234290563412486502@d4c6dfb45de4> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21237-1 Release Date: 2026-04-20T15:11:07Z Rating: important References: * bsc#1191256 * bsc#1191270 * bsc#1194778 * bsc#1207184 * bsc#1217845 * bsc#1222768 * bsc#1243208 * bsc#1252073 * bsc#1253129 * bsc#1254214 * bsc#1254306 * bsc#1254307 * bsc#1255084 * bsc#1255687 * bsc#1256647 * bsc#1257183 * bsc#1257511 * bsc#1257708 * bsc#1257773 * bsc#1257777 * bsc#1258175 * bsc#1258280 * bsc#1258293 * bsc#1258301 * bsc#1258305 * bsc#1258330 * bsc#1258337 * bsc#1258340 * bsc#1258414 * bsc#1258447 * bsc#1258476 * bsc#1258849 * bsc#1259188 * bsc#1259461 * bsc#1259484 * bsc#1259485 * bsc#1259580 * bsc#1259707 * bsc#1259759 * bsc#1259795 * bsc#1259797 * bsc#1259870 * bsc#1259886 * bsc#1259891 * bsc#1259955 * bsc#1259997 * bsc#1259998 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260459 * bsc#1260464 * bsc#1260471 * bsc#1260481 * bsc#1260486 * bsc#1260490 * bsc#1260497 * bsc#1260500 * bsc#1260522 * bsc#1260527 * bsc#1260544 * bsc#1260550 * bsc#1260606 * bsc#1260730 * bsc#1260732 * bsc#1260735 * bsc#1260799 * bsc#1261496 * bsc#1261498 * bsc#1261506 * bsc#1261507 * bsc#1261669 * jsc#PED-11175 * jsc#PED-15042 * jsc#PED-15441 * jsc#PED-15986 Cross-References: * CVE-2025-39998 * CVE-2025-40253 * CVE-2025-68794 * CVE-2025-71239 * CVE-2026-23072 * CVE-2026-23103 * CVE-2026-23120 * CVE-2026-23125 * CVE-2026-23138 * CVE-2026-23140 * CVE-2026-23187 * CVE-2026-23193 * CVE-2026-23201 * CVE-2026-23204 * CVE-2026-23215 * CVE-2026-23216 * CVE-2026-23231 * CVE-2026-23239 * CVE-2026-23240 * CVE-2026-23242 * CVE-2026-23243 * CVE-2026-23255 * CVE-2026-23262 * CVE-2026-23270 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23277 * CVE-2026-23278 * CVE-2026-23281 * CVE-2026-23292 * CVE-2026-23293 * CVE-2026-23297 * CVE-2026-23304 * CVE-2026-23319 * CVE-2026-23326 * CVE-2026-23335 * CVE-2026-23343 * CVE-2026-23361 * CVE-2026-23379 * CVE-2026-23381 * CVE-2026-23383 * CVE-2026-23386 * CVE-2026-23393 * CVE-2026-23398 * CVE-2026-23413 * CVE-2026-23414 * CVE-2026-23419 * CVE-2026-23425 * CVE-2026-31788 CVSS scores: * CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68794 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71239 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-71239 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-23072 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23072 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23072 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23138 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23138 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23138 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23187 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23215 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23215 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23215 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23239 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23239 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23240 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23240 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23240 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23242 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23262 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23262 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23281 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23304 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23304 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23319 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23326 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23326 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23335 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23335 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-23343 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23343 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23361 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23393 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23414 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23419 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23425 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23425 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves 49 vulnerabilities, contains four features and has 23 fixes can now be installed. ## Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). * CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). * CVE-2025-71239: audit: add fchmodat2() to change attributes class (bsc#1259759). * CVE-2026-23072: l2tp: Fix memleak in l2tp_udp_encap_recv() (bsc#1257708). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). * CVE-2026-23138: kABI: Preserve values of the trace recursion bits (bsc#1258301). * CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). * CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). * CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). * CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). * CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340). * CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476). * CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). * CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). * CVE-2026-23239: espintcp: Fix race condition in espintcp_close() (bsc#1259485). * CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx() (bsc#1259484). * CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). * CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). * CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23297: nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit() (bsc#1260490). * CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544). * CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735). * CVE-2026-23326: xsk: Fix fragment node deletion to prevent buffer leak (bsc#1260606). * CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550). * CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527). * CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). * CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). * CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion (bsc#1260522). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). * CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507). * CVE-2026-23425: KVM: arm64: Fix ID register initialization for non-protected pKVM guests (bsc#1261506). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non security issues were fixed: * KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). * KVM: x86: synthesize CPUID bits only if CPU capability is set (bsc#1257511). * Revert "drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129)." * Update config files (bsc#1254307). * apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). * apparmor: fix differential encoding verification (bsc#1258849). * apparmor: fix memory leak in verify_header (bsc#1258849). * apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). * apparmor: fix race between freeing data and fs accessing it (bsc#1258849). * apparmor: fix race on rawdata dereference (bsc#1258849). * apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). * apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). * apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). * apparmor: replace recursive profile removal with iterative approach (bsc#1258849). * apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). * bpf, btf: Enforce destructor kfunc type with CFI (bsc#1259955). * bpf: crypto: Use the correct destructor kfunc type (bsc#1259955). * btrfs: only enforce free space tree if v1 cache is required for bs < ps cases (bsc#1260459). * btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). * dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). * drm/amdkfd: Unreserve bo if queue update failed (git-fixes). * drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129). * drm/i915/dsc: Add Selective Update register definitions (stable-fixes). * drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes). * firmware: microchip: fail auto-update probe if no flash found (git-fixes). * kABI: Include trace recursion bits in kABI tracking (bsc#1258301). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208). * nvme: expose active quirks in sysfs (bsc#1243208). * nvme: fix memory leak in quirks_param_set() (bsc#1243208). * powerpc/crash: adjust the elfcorehdr size (jsc#PED-11175 git-fixes). * powerpc/kdump: Fix size calculation for hot-removed memory ranges (jsc#PED-11175 git-fixes). * s390/cio: Update purge function to unregister the unused subchannels (bsc#1254214). * s390/ipl: Clear SBP flag when bootprog is set (bsc#1258175). * s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). * scsi: fnic: Add Cisco hardware model names (jsc#PED-15441). * scsi: fnic: Add and integrate support for FDMI (jsc#PED-15441). * scsi: fnic: Add and integrate support for FIP (jsc#PED-15441). * scsi: fnic: Add functionality in fnic to support FDLS (jsc#PED-15441). * scsi: fnic: Add headers and definitions for FDLS (jsc#PED-15441). * scsi: fnic: Add stats and related functionality (jsc#PED-15441). * scsi: fnic: Add support for fabric based solicited requests and responses (jsc#PED-15441). * scsi: fnic: Add support for target based solicited requests and responses (jsc#PED-15441). * scsi: fnic: Add support for unsolicited requests and responses (jsc#PED-15441). * scsi: fnic: Add support to handle port channel RSCN (jsc#PED-15441). * scsi: fnic: Code cleanup (jsc#PED-15441). * scsi: fnic: Delete incorrect debugfs error handling (jsc#PED-15441). * scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (jsc#PED-15441). * scsi: fnic: Fix indentation and remove unnecessary parenthesis (jsc#PED-15441). * scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (jsc#PED-15441). * scsi: fnic: Fix use of uninitialized value in debug message (jsc#PED-15441). * scsi: fnic: Increment driver version (jsc#PED-15441). * scsi: fnic: Modify IO path to use FDLS (jsc#PED-15441). * scsi: fnic: Modify fnic interfaces to use FDLS (jsc#PED-15441). * scsi: fnic: Propagate SCSI error code from fnic_scsi_drv_init() (jsc#PED-15441). * scsi: fnic: Remove always-true IS_FNIC_FCP_INITIATOR macro (jsc#PED-15441). * scsi: fnic: Remove extern definition from .c files (jsc#PED-15441). * scsi: fnic: Remove unnecessary debug print (jsc#PED-15441). * scsi: fnic: Remove unnecessary else and unnecessary break in FDLS (jsc#PED-15441). * scsi: fnic: Remove unnecessary else to fix warning in FDLS FIP (jsc#PED-15441). * scsi: fnic: Remove unnecessary spinlock locking and unlocking (jsc#PED-15441). * scsi: fnic: Replace fnic->lock_flags with local flags (jsc#PED-15441). * scsi: fnic: Replace shost_printk() with dev_info()/dev_err() (jsc#PED-15441). * scsi: fnic: Replace use of sizeof with standard usage (jsc#PED-15441). * scsi: fnic: Return appropriate error code for mem alloc failure (jsc#PED-15441). * scsi: fnic: Return appropriate error code from failure of scsi drv init (jsc#PED-15441). * scsi: fnic: Test for memory allocation failure and return error code (jsc#PED-15441). * scsi: fnic: Turn off FDMI ACTIVE flags on link down (jsc#PED-15441). * scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687). * scsi: scsi_transport_sas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes). * scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() (git-fixes, jsc#PED-15042). * selftests/bpf: Use the correct destructor kfunc type (bsc#1259955). * selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590). * tg3: Fix race for querying speed/duplex (bsc#1257183). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-596=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * kernel-macros-6.12.0-160000.28.1 * kernel-devel-6.12.0-160000.28.1 * kernel-source-6.12.0-160000.28.1 * SUSE Linux Micro 6.2 (aarch64 ppc64le x86_64) * kernel-default-base-6.12.0-160000.27.1.160000.2.8 * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-6.12.0-160000.28.1 * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-6.12.0-160000.28.1 * kernel-default-extra-6.12.0-160000.28.1 * kernel-default-devel-6.12.0-160000.28.1 * kernel-default-debugsource-6.12.0-160000.28.1 * kernel-default-extra-debuginfo-6.12.0-160000.28.1 * SUSE Linux Micro 6.2 (x86_64) * kernel-rt-devel-debuginfo-6.12.0-160000.28.1 * kernel-rt-livepatch-6.12.0-160000.28.1 * kernel-default-devel-debuginfo-6.12.0-160000.28.1 * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-default-livepatch-6.12.0-160000.28.1 * SUSE Linux Micro 6.2 (aarch64 nosrc x86_64) * kernel-rt-6.12.0-160000.28.1 * SUSE Linux Micro 6.2 (aarch64 x86_64) * kernel-rt-devel-6.12.0-160000.28.1 * kernel-rt-debugsource-6.12.0-160000.28.1 * kernel-rt-debuginfo-6.12.0-160000.28.1 * SUSE Linux Micro 6.2 (aarch64 nosrc) * kernel-64kb-6.12.0-160000.28.1 * SUSE Linux Micro 6.2 (aarch64) * kernel-64kb-debugsource-6.12.0-160000.28.1 * kernel-64kb-devel-6.12.0-160000.28.1 * kernel-64kb-debuginfo-6.12.0-160000.28.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39998.html * https://www.suse.com/security/cve/CVE-2025-40253.html * https://www.suse.com/security/cve/CVE-2025-68794.html * https://www.suse.com/security/cve/CVE-2025-71239.html * https://www.suse.com/security/cve/CVE-2026-23072.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23120.html * https://www.suse.com/security/cve/CVE-2026-23125.html * https://www.suse.com/security/cve/CVE-2026-23138.html * https://www.suse.com/security/cve/CVE-2026-23140.html * https://www.suse.com/security/cve/CVE-2026-23187.html * https://www.suse.com/security/cve/CVE-2026-23193.html * https://www.suse.com/security/cve/CVE-2026-23201.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23215.html * https://www.suse.com/security/cve/CVE-2026-23216.html * https://www.suse.com/security/cve/CVE-2026-23231.html * https://www.suse.com/security/cve/CVE-2026-23239.html * https://www.suse.com/security/cve/CVE-2026-23240.html * https://www.suse.com/security/cve/CVE-2026-23242.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23255.html * https://www.suse.com/security/cve/CVE-2026-23262.html * https://www.suse.com/security/cve/CVE-2026-23270.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23277.html * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-23281.html * https://www.suse.com/security/cve/CVE-2026-23292.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23297.html * https://www.suse.com/security/cve/CVE-2026-23304.html * https://www.suse.com/security/cve/CVE-2026-23319.html * https://www.suse.com/security/cve/CVE-2026-23326.html * https://www.suse.com/security/cve/CVE-2026-23335.html * https://www.suse.com/security/cve/CVE-2026-23343.html * https://www.suse.com/security/cve/CVE-2026-23361.html * https://www.suse.com/security/cve/CVE-2026-23379.html * https://www.suse.com/security/cve/CVE-2026-23381.html * https://www.suse.com/security/cve/CVE-2026-23383.html * https://www.suse.com/security/cve/CVE-2026-23386.html * https://www.suse.com/security/cve/CVE-2026-23393.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://www.suse.com/security/cve/CVE-2026-23413.html * https://www.suse.com/security/cve/CVE-2026-23414.html * https://www.suse.com/security/cve/CVE-2026-23419.html * https://www.suse.com/security/cve/CVE-2026-23425.html * https://www.suse.com/security/cve/CVE-2026-31788.html * https://bugzilla.suse.com/show_bug.cgi?id=1191256 * https://bugzilla.suse.com/show_bug.cgi?id=1191270 * https://bugzilla.suse.com/show_bug.cgi?id=1194778 * https://bugzilla.suse.com/show_bug.cgi?id=1207184 * https://bugzilla.suse.com/show_bug.cgi?id=1217845 * https://bugzilla.suse.com/show_bug.cgi?id=1222768 * https://bugzilla.suse.com/show_bug.cgi?id=1243208 * https://bugzilla.suse.com/show_bug.cgi?id=1252073 * https://bugzilla.suse.com/show_bug.cgi?id=1253129 * https://bugzilla.suse.com/show_bug.cgi?id=1254214 * https://bugzilla.suse.com/show_bug.cgi?id=1254306 * https://bugzilla.suse.com/show_bug.cgi?id=1254307 * https://bugzilla.suse.com/show_bug.cgi?id=1255084 * https://bugzilla.suse.com/show_bug.cgi?id=1255687 * https://bugzilla.suse.com/show_bug.cgi?id=1256647 * https://bugzilla.suse.com/show_bug.cgi?id=1257183 * https://bugzilla.suse.com/show_bug.cgi?id=1257511 * https://bugzilla.suse.com/show_bug.cgi?id=1257708 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1257777 * https://bugzilla.suse.com/show_bug.cgi?id=1258175 * https://bugzilla.suse.com/show_bug.cgi?id=1258280 * https://bugzilla.suse.com/show_bug.cgi?id=1258293 * https://bugzilla.suse.com/show_bug.cgi?id=1258301 * https://bugzilla.suse.com/show_bug.cgi?id=1258305 * https://bugzilla.suse.com/show_bug.cgi?id=1258330 * https://bugzilla.suse.com/show_bug.cgi?id=1258337 * https://bugzilla.suse.com/show_bug.cgi?id=1258340 * https://bugzilla.suse.com/show_bug.cgi?id=1258414 * https://bugzilla.suse.com/show_bug.cgi?id=1258447 * https://bugzilla.suse.com/show_bug.cgi?id=1258476 * https://bugzilla.suse.com/show_bug.cgi?id=1258849 * https://bugzilla.suse.com/show_bug.cgi?id=1259188 * https://bugzilla.suse.com/show_bug.cgi?id=1259461 * https://bugzilla.suse.com/show_bug.cgi?id=1259484 * https://bugzilla.suse.com/show_bug.cgi?id=1259485 * https://bugzilla.suse.com/show_bug.cgi?id=1259580 * https://bugzilla.suse.com/show_bug.cgi?id=1259707 * https://bugzilla.suse.com/show_bug.cgi?id=1259759 * https://bugzilla.suse.com/show_bug.cgi?id=1259795 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259870 * https://bugzilla.suse.com/show_bug.cgi?id=1259886 * https://bugzilla.suse.com/show_bug.cgi?id=1259891 * https://bugzilla.suse.com/show_bug.cgi?id=1259955 * https://bugzilla.suse.com/show_bug.cgi?id=1259997 * https://bugzilla.suse.com/show_bug.cgi?id=1259998 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260459 * https://bugzilla.suse.com/show_bug.cgi?id=1260464 * https://bugzilla.suse.com/show_bug.cgi?id=1260471 * https://bugzilla.suse.com/show_bug.cgi?id=1260481 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260490 * https://bugzilla.suse.com/show_bug.cgi?id=1260497 * https://bugzilla.suse.com/show_bug.cgi?id=1260500 * https://bugzilla.suse.com/show_bug.cgi?id=1260522 * https://bugzilla.suse.com/show_bug.cgi?id=1260527 * https://bugzilla.suse.com/show_bug.cgi?id=1260544 * https://bugzilla.suse.com/show_bug.cgi?id=1260550 * https://bugzilla.suse.com/show_bug.cgi?id=1260606 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1260732 * https://bugzilla.suse.com/show_bug.cgi?id=1260735 * https://bugzilla.suse.com/show_bug.cgi?id=1260799 * https://bugzilla.suse.com/show_bug.cgi?id=1261496 * https://bugzilla.suse.com/show_bug.cgi?id=1261498 * https://bugzilla.suse.com/show_bug.cgi?id=1261506 * https://bugzilla.suse.com/show_bug.cgi?id=1261507 * https://bugzilla.suse.com/show_bug.cgi?id=1261669 * https://jira.suse.com/browse/PED-11175 * https://jira.suse.com/browse/PED-15042 * https://jira.suse.com/browse/PED-15441 * https://jira.suse.com/browse/PED-15986 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:32:06 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 22 Apr 2026 12:32:06 -0000 Subject: SUSE-RU-2026:21236-1: important: Recommended update for the initial kernel livepatch Message-ID: <177686112655.329.4004348580175363206@d4c6dfb45de4> # Recommended update for the initial kernel livepatch Announcement ID: SUSE-RU-2026:21236-1 Release Date: 2026-04-20T15:10:05Z Rating: important References: Affected Products: * SUSE Linux Micro 6.2 An update that can now be installed. ## Description: This update contains initial livepatches for the SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel update. ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-597=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_28-default-debuginfo-1-160000.1.1 * kernel-livepatch-SLE16_Update_7-debugsource-1-160000.1.1 * kernel-livepatch-6_12_0-160000_28-default-1-160000.1.1 * SUSE Linux Micro 6.2 (x86_64) * kernel-livepatch-6_12_0-160000_28-rt-debuginfo-1-160000.1.1 * kernel-livepatch-6_12_0-160000_28-rt-1-160000.1.1 * kernel-livepatch-SLE16-RT_Update_7-debugsource-1-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:32:15 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 22 Apr 2026 12:32:15 -0000 Subject: SUSE-SU-2026:21235-1: important: Security update for qemu Message-ID: <177686113527.329.11092585784183157743@d4c6dfb45de4> # Security update for qemu Announcement ID: SUSE-SU-2026:21235-1 Release Date: 2026-04-20T10:54:30Z Rating: important References: * bsc#1258509 * bsc#1259079 * bsc#1259080 * jsc#PED-13174 Cross-References: * CVE-2026-2243 * CVE-2026-3195 * CVE-2026-3196 CVSS scores: * CVE-2026-2243 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-2243 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2026-2243 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2026-3195 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:H/SI:H/SA:H * CVE-2026-3195 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-3196 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2026-3196 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves three vulnerabilities and contains one feature can now be installed. ## Description: This update for qemu fixes the following issues: Update to version 10.0.9. Security issues fixed: * CVE-2026-3196: unbounded memory allocation and host denial-of-service via PCM_INFO requests sent from the guest (bsc#1259079). * CVE-2026-3195: heap out-of-bounds write when reading input audio in the virtio-snd device input callback (bsc#1259080). * CVE-2026-2243: heap out-of-bounds read and 12-byte information leak when processing specially crafted VMDK files with qemu-img (bsc#1258509). Other updates and bugfixes: * Version 10.0.9: * Full backport list: https://lore.kernel.org/qemu- devel/20260318045608.7E1B513DFF6 at think4mjt.localdomain/ * hyperv/syndbg: check length returned by cpu_physical_memory_map() * fuse: Copy write buffer content before polling * target/loongarch: Avoid recursive PNX exception on CSR_BADI fetch * target/loongarch: Preserve PTE permission bits in LDPTE * hw/net/npcm_gmac: Catch accesses off the end of the register array * linux-user: fix TIOCGSID ioctl * tests/tcg/multiarch/test-mmap: Check mmaps beyond reserved_va * bsd-user: Deal with mmap where start > reserved_va * linux-user: Deal with mmap where start > reserved_va * hw/net/xilinx_ethlite: Check for oversized TX packets * virtio-gpu: Ensure BHs are invoked only from main-loop thread * block/nfs: Do not enter coroutine from CB * block: Never drop BLOCK_IO_ERROR with action=stop for rate limiting * block/throttle-groups: fix deadlock with iolimits and muliple iothreads * mirror: Fix missed dirty bitmap writes during startup * block/curl: fix concurrent completion handling * block/vmdk: fix OOB read in vmdk_read_extent() * hw/net/smc91c111: Don't allow negative-length packets * io: fix cleanup for websock I/O source data on cancellation * io: fix cleanup for TLS I/O source data on cancellation * io: separate freeing of tasks from marking them as complete * target/i386/hvf/x86_mmu: Fix compiler warning * hw/i386/vmmouse: Fix hypercall clobbers * tests/docker: upgrade most non-lcitool debian tests to debian 13 * hw/9pfs: fix missing EOPNOTSUPP on Twstat and Trenameat for fs synth driver * hw/9pfs: fix data race in v9fs_mark_fids_unreclaim() * Add support for AMD-Turn CPUs (jsc#PED-13174) * target/i386: Add support for EPYC-Turin model (jsc#PED-13174) * target/i386: Update EPYC-Genoa for Cache property, perfmon-v2, RAS and SVM feature bits (jsc#PED-13174) * target/i386: Add couple of feature bits in CPUID_Fn80000021_EAX (jsc#PED-13174) * target/i386: Update EPYC-Milan CPU model for Cache property, RAS, SVM feature bits (jsc#PED-13174) * target/i386: Update EPYC-Rome CPU model for Cache property, RAS, SVM feature bits (jsc#PED-13174) * target/i386: Update EPYC CPU model for Cache property, RAS, SVM feature bits (jsc#PED-13174) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-591=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * qemu-block-ssh-debuginfo-10.0.9-160000.1.1 * qemu-hw-display-virtio-vga-10.0.9-160000.1.1 * qemu-hw-display-virtio-vga-debuginfo-10.0.9-160000.1.1 * qemu-audio-spice-10.0.9-160000.1.1 * qemu-tools-10.0.9-160000.1.1 * qemu-ui-opengl-debuginfo-10.0.9-160000.1.1 * qemu-hw-display-virtio-gpu-debuginfo-10.0.9-160000.1.1 * qemu-guest-agent-debuginfo-10.0.9-160000.1.1 * qemu-pr-helper-debuginfo-10.0.9-160000.1.1 * qemu-debuginfo-10.0.9-160000.1.1 * qemu-ui-spice-core-10.0.9-160000.1.1 * qemu-img-10.0.9-160000.1.1 * qemu-hw-usb-redirect-10.0.9-160000.1.1 * qemu-tools-debuginfo-10.0.9-160000.1.1 * qemu-audio-spice-debuginfo-10.0.9-160000.1.1 * qemu-hw-display-virtio-gpu-10.0.9-160000.1.1 * qemu-block-iscsi-debuginfo-10.0.9-160000.1.1 * qemu-chardev-spice-debuginfo-10.0.9-160000.1.1 * qemu-img-debuginfo-10.0.9-160000.1.1 * qemu-hw-usb-redirect-debuginfo-10.0.9-160000.1.1 * qemu-ksm-10.0.9-160000.1.1 * qemu-hw-display-virtio-gpu-pci-10.0.9-160000.1.1 * qemu-hw-display-qxl-10.0.9-160000.1.1 * qemu-ui-spice-core-debuginfo-10.0.9-160000.1.1 * qemu-guest-agent-10.0.9-160000.1.1 * qemu-ui-opengl-10.0.9-160000.1.1 * qemu-block-iscsi-10.0.9-160000.1.1 * qemu-debugsource-10.0.9-160000.1.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-10.0.9-160000.1.1 * qemu-pr-helper-10.0.9-160000.1.1 * qemu-hw-usb-host-10.0.9-160000.1.1 * qemu-10.0.9-160000.1.1 * qemu-hw-usb-host-debuginfo-10.0.9-160000.1.1 * qemu-hw-display-qxl-debuginfo-10.0.9-160000.1.1 * qemu-block-ssh-10.0.9-160000.1.1 * qemu-chardev-spice-10.0.9-160000.1.1 * SUSE Linux Micro 6.2 (noarch) * qemu-seabios-10.0.91.16.3_3_g3d33c746-160000.1.1 * qemu-vgabios-10.0.91.16.3_3_g3d33c746-160000.1.1 * qemu-SLOF-10.0.9-160000.1.1 * qemu-lang-10.0.9-160000.1.1 * qemu-ipxe-10.0.9-160000.1.1 * SUSE Linux Micro 6.2 (x86_64) * qemu-x86-10.0.9-160000.1.1 * qemu-vmsr-helper-10.0.9-160000.1.1 * qemu-vmsr-helper-debuginfo-10.0.9-160000.1.1 * qemu-x86-debuginfo-10.0.9-160000.1.1 * SUSE Linux Micro 6.2 (aarch64) * qemu-arm-debuginfo-10.0.9-160000.1.1 * qemu-arm-10.0.9-160000.1.1 * SUSE Linux Micro 6.2 (ppc64le) * qemu-ppc-debuginfo-10.0.9-160000.1.1 * qemu-ppc-10.0.9-160000.1.1 * SUSE Linux Micro 6.2 (s390x) * qemu-s390x-10.0.9-160000.1.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-10.0.9-160000.1.1 * qemu-s390x-debuginfo-10.0.9-160000.1.1 * qemu-hw-s390x-virtio-gpu-ccw-10.0.9-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2243.html * https://www.suse.com/security/cve/CVE-2026-3195.html * https://www.suse.com/security/cve/CVE-2026-3196.html * https://bugzilla.suse.com/show_bug.cgi?id=1258509 * https://bugzilla.suse.com/show_bug.cgi?id=1259079 * https://bugzilla.suse.com/show_bug.cgi?id=1259080 * https://jira.suse.com/browse/PED-13174 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:32:18 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 22 Apr 2026 12:32:18 -0000 Subject: SUSE-RU-2026:21234-1: moderate: Recommended update for haproxy Message-ID: <177686113859.329.8276556352647686496@d4c6dfb45de4> # Recommended update for haproxy Announcement ID: SUSE-RU-2026:21234-1 Release Date: 2026-04-17T15:13:18Z Rating: moderate References: * bsc#1261626 Affected Products: * SUSE Linux Micro 6.2 An update that has one fix can now be installed. ## Description: This update for haproxy fixes the following issues: * Update to version 3.2.15+git64.0fc44b458: * BUG/MINOR: hlua: fix use-after-free of HTTP reason string * BUG/MINOR: sample: fix info leak in regsub when exp_replace fails * BUG/MINOR: spoe: fix pointer arithmetic overflow in spoe_decode_buffer() * BUG/MINOR: resolvers: fix memory leak on AAAA additional records * BUG/MINOR: peers: fix OOB heap write in dictionary cache update * BUG/MINOR: hlua: fix format-string vulnerability in Patref error path * BUG/MINOR: hlua: fix stack overflow in httpclient headers conversion * BUG/MINOR: http-act: fix a typo in the "pause" action error message * BUG/MINOR: cfgcond: fail cleanly on missing argument for "feature" * BUG/MINOR: cfgcond: always set the error string on openssl_version checks * BUG/MINOR: cfgcond: properly set the error pointer on evaluation error * BUG/MINOR: quic: fix documentation for transport params decoding * BUG/MINOR: tcpcheck: Use tcpcheck context for expressions parsing * BUG/MINOR: tcpcheck: Don't enable http_needed when parsing HTTP samples * BUG/MINOR: tcpcheck: Remove unexpected flag on tcpcheck rules for httchck option * BUG/MINOR: stconn: Always declare the SC created from healthchecks as a back SC * BUG/MINOR: quic: close conn on packet reception with incompatible frame * BUG/MINOR: acme: fix task allocation leaked upon error * BUG/MINOR: http-ana: Only consider client abort for abortonclose * BUG/MINOR: config: Properly test warnif_misplaced_* return values * BUG/MINOR: acme: permission checks on the CLI * BUG/MINOR: acme/cli: fix argument check and error in 'acme challenge_ready' * BUG/MINOR: acme: replace atol with len-bounded __strl2uic() for retry-after * BUG/MINOR: acme: free() DER buffer on a2base64url error path * BUG/MINOR: acme: fix incorrect number of arguments allowed in config * BUG/MINOR: acme: wrong labels logic always memprintf errmsg * BUG/MINOR: acme: acme_ctx_destroy() leaks auth dns * BUG/MINOR: acme/cli: wrong argument check in 'acme renew' * BUG/MINOR: acme: wrong error when checking for duplicate section * BUG/MINOR: acme: leak of ext_san upon insertion error * BUG/MINOR: qpack: fix 62-bit overflow and 1-byte OOB reads in decoding * BUG/MINOR: sock: adjust accept() error messages for ENFILE and ENOMEM * BUG/MINOR: mworker: fix sort order of mworker_proc in 'show proc' * BUG/MINOR: mworker/cli: fix show proc pagination losing entries on resume * BUG/MINOR: mux-h2: properly ignore R bit in WINDOW_UPDATE increments * BUG/MINOR: mux-h2: properly ignore R bit in GOAWAY stream ID * BUG/MINOR: mworker: don't try to access an initializing process * BUG/MINOR: spoe: Fix condition to abort processing on client abort * BUG/MINOR: mjson: make mystrtod() length-aware to prevent out-of-bounds reads * BUG/MINOR: stream: Fix crash in stream dump if the current rule has no keyword * BUG/MINOR: proxy: do not forget to validate quic-initial rules * BUG/MINOR: http-ana: Swap L7 buffer with request buffer by hand * BUG/MINOR: h2/h3: Never insert partial headers/trailers in an HTX message * BUG/MINOR: h2/h3: Only test number of trailers inserted in HTX messag * BUG/MINOR: spoe: Properly switch SPOE filter to WAITING_ACK state * BUG/MINOR: sockpair: set FD_CLOEXEC on fd received via SCM_RIGHTS * BUG/MINOR: mworker: avoid passing NULL version in proc list serialization * BUG/MINOR: mworker: set a timeout on the worker socketpair read at startup * BUG/MINOR: mworker: fix typo in proc list serialization * BUG/MINOR: mworker: only match worker processes when looking for unspawned proc * BUG/MINOR: memprof: avoid a small memory leak in "show profiling" * BUG/MINOR: mworker: always stop the receiving listener * BUG/MINOR: jws: fix memory leak in jws_b64_signature * BUG/MINOR: tcpcheck: Fix typo in error error message for `http-check expect` * BUG/MINOR: mworker: don't set the PROC_O_LEAVING flag on master process * BUG/MEDIUM: mux-fcgi: prevent record-length truncation with large bufsize * BUG/MEDIUM: samples: Fix handling of SMP_T_METH samples * BUG/MEDIUM: jwt: fix heap overflow in ECDSA signature DER conversion * BUG/MEDIUM: payload: validate SNI name_len in req.ssl_sni * BUG/MEDIUM: mux-h1: Disable 0-copy forwarding when draining the request * BUG/MEDIUM: mux-h1: Don't set MSG_MORE on bodyless responses forwarded to client * BUG/MEDIUM: map/cli: map/acl commands warn when accessed without admin level * BUG/MEDIUM: ssl/ocsp: ocsp commands warn when accessed without admin level * BUG/MEDIUM: ssl/cli: tls-keys commands warn when accessed without admin level * BUG/MEDIUM: acme: skip doing challenge if it is already valid * BUG/MEDIUM: spoe: Acquire context buffer in applet before consuming a frame * BUG/MEDIUM: acme: fix multiple resource leaks in acme_x509_req() * BUG/MEDIUM: h3: reject unaligned frames except DATA * BUG/MEDIUM: peers: enforce check on incoming table key type * BUG/MEDIUM: spoe: Properly abort processing on client abort * BUG/MAJOR: slz: always make sure to limit fixed output to less than worst case literals (bsc#1261626) * BUG/MAJOR: h3: check body size with content-length on empty FIN * BUG: hlua: fix stack overflow in httpclient headers conversion * DOC: config: fix ambiguous info in log-steps directive description * DOC: config: Reorder params for 'tcp-check expect' directive * DOC: config: Add missing 'status-code' param for 'http-check expect' directive * DOC/CLEANUP: config: update mentions of the old "Global parameters" section * DOC: configuration: http-check expect example typo * SCRIPTS: git-show-backports: list new commits and how to review them with -L * MINOR: mux-h2: report glitches on early RST_STREAM * MINOR: stconn: flag the stream endpoint descriptor when the app has started * MINOR: ncbmbuf: improve itbmap_next() code * CI: github: fix tag listing by implementing proper API pagination * BUILD: tools: potential null pointer dereference in dl_collect_libs_cb * BUILD: spoe: Remove unsused variable * Revert "BUG/MEDIUM: mux-h2: make sure to always report pending errors to the stream" * BUILD: sched: fix leftover of debugging test in single-run changes * MINOR: mux-h2: assign a limited frames processing budget * MINOR: mworker/cli: extract worker "show proc" row printer * MINOR: debug: opportunistically load libthread_db.so.1 with set-dumpable=libs * MINOR: debug: copy debug symbols from /usr/lib/debug when present * MINOR: debug: read all libs in memory when set-dumpable=libs * MINOR: config: support explicit "on" and "off" for "set-dumpable" * MINOR: tools: add a function to load a file into a tar archive * MINOR: tools: add a function to create a tar file header * MINOR: sched: do not punish self-waking tasklets anymore * MINOR: sched: do not requeue a tasklet into the current queue * MINOR: htx: Add function to truncate all blocks after a specific block * MINOR: memprof: attempt different retry slots for different hashes on collision * MINOR: tools: extend the pointer hashing code to ease manipulations * MEDIUM: sched: change scheduler budgets to lower TL_BULK * MEDIUM: sched: do not punish self-waking tasklets if TASK_WOKEN_ANY * MEDIUM: sched: do not run a same task multiple times in series * [RELEASE] Released version 3.2.15 * CI: github: treat vX.Y.Z release tags as stable like haproxy-* branches * DEV: gdb: add a new utility to extract libs from a core dump: libs-from-core * DEV: gdb: add a utility to find the post-mortem address from a core * Update to version 3.2.14+git0.951507193: * [RELEASE] Released version 3.2.14 * SCRIPTS: git-show-backports: add a restart-from-last option * SCRIPTS: git-show-backports: hide the common ancestor warning in quiet mode * BUG/MINOR: backend: Don't get proto to use for webscoket if there is no server * BUG/MINOR: ssl-sample: Fix sample_conv_sha2() by checking EVP_Digest* failures * BUG/MINOR: ssl: error with ssl-f-use when no "crt" * BUG/MINOR: ssl: clarify ssl-f-use errors in post-section parsing * BUG/MINOR: ssl: fix leak in ssl-f-use parser upon error * BUG/MINOR: ssl: double-free on error path w/ ssl-f-use parser * BUG/MINOR: ssl: lack crtlist_dup_ssl_conf() declaration * BUG/MINOR: deviceatlas: set cache_size on hot-reloaded atlas instance * BUG/MINOR: deviceatlas: fix deinit to only finalize when initialized * BUG/MINOR: deviceatlas: fix resource leak on hot-reload compile failure * BUG/MINOR: deviceatlas: fix double-checked locking race in checkinst * BUG/MINOR: deviceatlas: fix cookie vlen using wrong length after extraction * BUG/MINOR: deviceatlas: fix off-by-one in da_haproxy_conv() * BUG/MINOR: h1-htx: Be sure that H1 response version starts by "HTTP/" * BUG/MINOR: qpack: fix 1-byte OOB read in qpack_decode_fs_pfx() * BUG/MINOR: promex: fix server iteration when last server is deleted * BUG/MINOR: http-ana: Stop to wait for body on client error/abort * BUG/MINOR: flt-trace: Properly compute length of the first DATA block * BUG/MINOR: deviceatlas: add NULL checks on strdup() results in config parsers * BUG/MINOR: deviceatlas: add missing return on error in config parsers * BUG/MEDIUM: mux-fcgi: Use a safe loop to resume each stream eligible for sending * BUG/MEDIUM: hpack: correctly deal with too large decoded numbers * BUG/MEDIUM: stream: Handle TASK_WOKEN_RES as a stream event * BUG/MEDIUM: qpack: correctly deal with too large decoded numbers * BUG/MEDIUM: mux-h2: make sure to always report pending errors to the stream * BUG/MEDIUM: applet: Fix test on shut flags for legacy applets (v2) * BUG/MEDIUM: mux-h1: Stop sending vi fast-forward for unexpected states * BUG/MEDIUM: mux-h2/quic: Stop sending via fast-forward if stream is closed * BUG/MEDIUM: h3: reject frontend CONNECT as currently not implemented * BUG/MEDIUM: deviceatlas: fix resource leaks on init error paths * BUG/MAJOR: Revert "MEDIUM: mux-quic: add BUG_ON if sending on locally closed QCS" * BUG/MAJOR: resolvers: Properly lowered the names found in DNS response * BUG/MAJOR: fcgi: Fix param decoding by properly checking its size * BUG/MAJOR: qpack: unchecked length passed to huffman decoder * MINOR: filters: Set last_entity when a filter fails on stream_start callback * MINOR: mux-h2: add a new setting, "tune.h2.log-errors" to tweak error logging * MINOR: mux-h2: also count glitches on invalid trailers * MINOR: stconn: Add missing SC_FL_NO_FASTFWD flag in sc_show_flags * DEBUG: stream: Display the currently running rule in stream dump * [RELEASE] Released version 3.2.13 * CLEANUP: mux-h1: Remove unneeded null check * CLEANUP: compression: Remove unused static buffers * CI: github: disable windows.yml by default on unofficials repo * CI: vtest: move the vtest2 URL to vinyl-cache.org * DEV: term-events: Fix hanshake events decoding * DOC: proxy-proto: underline the packed attribute for struct pp2_tlv_ssl * DOC: internals: addd mworker V3 internals ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-588=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * haproxy-debuginfo-3.2.15+git64.0fc44b458-160000.1.1 * haproxy-3.2.15+git64.0fc44b458-160000.1.1 * haproxy-debugsource-3.2.15+git64.0fc44b458-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1261626 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:32:27 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 22 Apr 2026 12:32:27 -0000 Subject: SUSE-RU-2026:21233-1: moderate: Recommended update for selinux-policy Message-ID: <177686114704.329.11243543177063943522@d4c6dfb45de4> # Recommended update for selinux-policy Announcement ID: SUSE-RU-2026:21233-1 Release Date: 2026-04-17T14:52:55Z Rating: moderate References: * bsc#1239177 * bsc#1253682 * bsc#1259867 * bsc#1261535 * bsc#1262083 Affected Products: * SUSE Linux Micro 6.2 An update that has five fixes can now be installed. ## Description: This update for selinux-policy fixes the following issues: Changes in selinux-policy: * Move %postInstall to %post as fix until zypper moves to rpm single transaction backend by default (bsc#1262083) Update to version 20250627+git363.7b84cc7fb: * Add missing Nextcloud file contexts (bsc#1261535) * openSUSE uses /var/lib/php8 (bsc#1239177) * /srv/www/htdocs is DocumentRoot of apache (bsc#1261535) * Allow snapper sdbootutil plugin read kernel modules (bsc#1259867) * Allow named_filetrans_domain filetrans flatpak homedir (bsc#1253682) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-586=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * selinux-policy-20250627+git363.7b84cc7fb-160000.1.1 * selinux-policy-targeted-20250627+git363.7b84cc7fb-160000.1.1 * selinux-policy-minimum-20250627+git363.7b84cc7fb-160000.1.1 * selinux-policy-devel-20250627+git363.7b84cc7fb-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1239177 * https://bugzilla.suse.com/show_bug.cgi?id=1253682 * https://bugzilla.suse.com/show_bug.cgi?id=1259867 * https://bugzilla.suse.com/show_bug.cgi?id=1261535 * https://bugzilla.suse.com/show_bug.cgi?id=1262083 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:32:28 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 22 Apr 2026 12:32:28 -0000 Subject: SUSE-FU-2026:21232-1: moderate: Feature update for libgcrypt, libgpg-error Message-ID: <177686114839.329.6693970408308571602@d4c6dfb45de4> # Feature update for libgcrypt, libgpg-error Announcement ID: SUSE-FU-2026:21232-1 Release Date: 2026-04-17T10:48:45Z Rating: moderate References: * jsc#PED-15059 * jsc#PED-15907 Cross-References: * CVE-2024-2236 CVSS scores: * CVE-2024-2236 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-2236 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability and contains two features can now be installed. ## Description: This update for libgcrypt, libgpg-error fixes the following issues: Update libgcrypt to 1.12.1 (jsc#PED-15059): * New and extended interfaces: * Allow access to the FIPS service indicator via the new GCRYCTL_FIPS_SERVICE_INDICATOR control code. * Make SHA-1 non-FIPS internally for the 1.12 API * Add Dilithium (ML-DSA) support * Support optional random-override and support byte string data * Bug fixes: * Use secure MPI in _gcry_mpi_assign_limb_space. * Use CSIDL_COMMON_APPDATA instead of /etc on Windows. * Apply a Kyber patch from upstream. * Fix an edge case in Jent initialization. * mceliece6688128f: Fix stack overflow crash on win64/wine * Performance: * Many performance improvements, new AVX512 implementations for modern CPUs. * Add RISC-V Zbb+Zbc implementation of CRC. * Add RISC-V vector cryptography implementation of GHASH, AES, SHA256 and SHA512 * Add AVX2 and AVX512 code paths to improve CRC. For a full changelog, see: https://dev.gnupg.org/source/libgcrypt/history/master/;libgcrypt-1.12.0 Update libgpg-error to 1.58: * New src/gpg-error.c (main): New command "fconcat". * Rename src/spawn-posix.c (struct gpgrt_spawn_actions): Rename the field to ENVP. * argparse: Use SYSCONFDIR for /etc. * Update translations for Portugese, German * src/estream.c (parse_mode): Fix parsing of "share". Set sysopen flag. * syscfg: Add 64-bit Android arch. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-585=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libgpg-error0-debuginfo-1.58-160000.1.1 * libgcrypt20-1.12.1-160000.1.1 * libgcrypt-debugsource-1.12.1-160000.1.1 * libgcrypt20-debuginfo-1.12.1-160000.1.1 * libgpg-error-debugsource-1.58-160000.1.1 * libgpg-error0-1.58-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-2236.html * https://jira.suse.com/browse/PED-15059 * https://jira.suse.com/browse/PED-15907 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:32:31 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 22 Apr 2026 12:32:31 -0000 Subject: SUSE-SU-2026:21231-1: important: Security update for freeipmi Message-ID: <177686115124.329.10594685399460867827@d4c6dfb45de4> # Security update for freeipmi Announcement ID: SUSE-SU-2026:21231-1 Release Date: 2026-04-17T07:57:36Z Rating: important References: * bsc#1260414 Cross-References: * CVE-2026-33554 CVSS scores: * CVE-2026-33554 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-33554 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2026-33554 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for freeipmi fixes the following issue: * CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses (bsc#1260414). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-579=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 x86_64) * libfreeipmi17-debuginfo-1.6.15-160000.3.1 * freeipmi-debugsource-1.6.15-160000.3.1 * libfreeipmi17-1.6.15-160000.3.1 * freeipmi-debuginfo-1.6.15-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-33554.html * https://bugzilla.suse.com/show_bug.cgi?id=1260414 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:34:29 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 22 Apr 2026 12:34:29 -0000 Subject: SUSE-SU-2026:21230-1: important: Security update for the Linux Kernel Message-ID: <177686126918.329.11397357837850188183@d4c6dfb45de4> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:21230-1 Release Date: 2026-04-20T15:09:00Z Rating: important References: * bsc#1191256 * bsc#1191270 * bsc#1194778 * bsc#1207184 * bsc#1217845 * bsc#1222768 * bsc#1243208 * bsc#1252073 * bsc#1253129 * bsc#1254214 * bsc#1254306 * bsc#1254307 * bsc#1255084 * bsc#1255687 * bsc#1256647 * bsc#1257183 * bsc#1257511 * bsc#1257708 * bsc#1257773 * bsc#1257777 * bsc#1258175 * bsc#1258280 * bsc#1258293 * bsc#1258301 * bsc#1258305 * bsc#1258330 * bsc#1258337 * bsc#1258340 * bsc#1258414 * bsc#1258447 * bsc#1258476 * bsc#1258849 * bsc#1259188 * bsc#1259461 * bsc#1259484 * bsc#1259485 * bsc#1259580 * bsc#1259707 * bsc#1259759 * bsc#1259795 * bsc#1259797 * bsc#1259870 * bsc#1259886 * bsc#1259891 * bsc#1259955 * bsc#1259997 * bsc#1259998 * bsc#1260005 * bsc#1260009 * bsc#1260347 * bsc#1260459 * bsc#1260464 * bsc#1260471 * bsc#1260481 * bsc#1260486 * bsc#1260490 * bsc#1260497 * bsc#1260500 * bsc#1260522 * bsc#1260527 * bsc#1260544 * bsc#1260550 * bsc#1260606 * bsc#1260730 * bsc#1260732 * bsc#1260735 * bsc#1260799 * bsc#1261210 * bsc#1261496 * bsc#1261498 * bsc#1261506 * bsc#1261507 * bsc#1261669 * jsc#PED-11175 * jsc#PED-15042 * jsc#PED-15441 * jsc#PED-15986 Cross-References: * CVE-2025-39998 * CVE-2025-40253 * CVE-2025-68794 * CVE-2025-71239 * CVE-2026-23072 * CVE-2026-23103 * CVE-2026-23120 * CVE-2026-23125 * CVE-2026-23138 * CVE-2026-23140 * CVE-2026-23187 * CVE-2026-23193 * CVE-2026-23201 * CVE-2026-23204 * CVE-2026-23215 * CVE-2026-23216 * CVE-2026-23231 * CVE-2026-23239 * CVE-2026-23240 * CVE-2026-23242 * CVE-2026-23243 * CVE-2026-23255 * CVE-2026-23262 * CVE-2026-23270 * CVE-2026-23272 * CVE-2026-23274 * CVE-2026-23277 * CVE-2026-23278 * CVE-2026-23281 * CVE-2026-23292 * CVE-2026-23293 * CVE-2026-23297 * CVE-2026-23304 * CVE-2026-23319 * CVE-2026-23326 * CVE-2026-23335 * CVE-2026-23343 * CVE-2026-23361 * CVE-2026-23379 * CVE-2026-23381 * CVE-2026-23383 * CVE-2026-23386 * CVE-2026-23393 * CVE-2026-23398 * CVE-2026-23413 * CVE-2026-23414 * CVE-2026-23419 * CVE-2026-23425 * CVE-2026-31788 * CVE-2026-5201 CVSS scores: * CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-40253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68794 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2025-71239 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-71239 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-23072 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23072 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23072 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23138 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23138 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23138 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23187 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23215 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23215 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23215 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23239 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23239 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23240 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23240 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23240 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23242 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23262 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23262 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23281 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23304 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23304 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23319 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23326 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23326 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23335 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-23335 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-23343 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23343 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23361 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23383 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23393 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23414 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23419 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23419 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23425 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23425 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2026-5201 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-5201 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5201 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 * SUSE Linux Micro Extras 6.2 An update that solves 50 vulnerabilities, contains four features and has 23 fixes can now be installed. ## Security update for the Linux Kernel ### Description: The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). * CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). * CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). * CVE-2025-71239: audit: add fchmodat2() to change attributes class (bsc#1259759). * CVE-2026-23072: l2tp: Fix memleak in l2tp_udp_encap_recv() (bsc#1257708). * CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). * CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). * CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). * CVE-2026-23138: kABI: Preserve values of the trace recursion bits (bsc#1258301). * CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). * CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). * CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). * CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). * CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340). * CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476). * CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). * CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). * CVE-2026-23239: espintcp: Fix race condition in espintcp_close() (bsc#1259485). * CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx() (bsc#1259484). * CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). * CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). * CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). * CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). * CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). * CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). * CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). * CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). * CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). * CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). * CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). * CVE-2026-23297: nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit() (bsc#1260490). * CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544). * CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735). * CVE-2026-23326: xsk: Fix fragment node deletion to prevent buffer leak (bsc#1260606). * CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550). * CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527). * CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). * CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). * CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). * CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497). * CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). * CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion (bsc#1260522). * CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). * CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). * CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). * CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507). * CVE-2026-23425: KVM: arm64: Fix ID register initialization for non-protected pKVM guests (bsc#1261506). * CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non security issues were fixed: * KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). * KVM: x86: synthesize CPUID bits only if CPU capability is set (bsc#1257511). * Revert "drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129)." * Update config files (bsc#1254307). * apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). * apparmor: fix differential encoding verification (bsc#1258849). * apparmor: fix memory leak in verify_header (bsc#1258849). * apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). * apparmor: fix race between freeing data and fs accessing it (bsc#1258849). * apparmor: fix race on rawdata dereference (bsc#1258849). * apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). * apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). * apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). * apparmor: replace recursive profile removal with iterative approach (bsc#1258849). * apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). * bpf, btf: Enforce destructor kfunc type with CFI (bsc#1259955). * bpf: crypto: Use the correct destructor kfunc type (bsc#1259955). * btrfs: only enforce free space tree if v1 cache is required for bs < ps cases (bsc#1260459). * btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). * dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). * drm/amdkfd: Unreserve bo if queue update failed (git-fixes). * drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129). * drm/i915/dsc: Add Selective Update register definitions (stable-fixes). * drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes). * firmware: microchip: fail auto-update probe if no flash found (git-fixes). * kABI: Include trace recursion bits in kABI tracking (bsc#1258301). * net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). * nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208). * nvme: expose active quirks in sysfs (bsc#1243208). * nvme: fix memory leak in quirks_param_set() (bsc#1243208). * powerpc/crash: adjust the elfcorehdr size (jsc#PED-11175 git-fixes). * powerpc/kdump: Fix size calculation for hot-removed memory ranges (jsc#PED-11175 git-fixes). * s390/cio: Update purge function to unregister the unused subchannels (bsc#1254214). * s390/ipl: Clear SBP flag when bootprog is set (bsc#1258175). * s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). * scsi: fnic: Add Cisco hardware model names (jsc#PED-15441). * scsi: fnic: Add and integrate support for FDMI (jsc#PED-15441). * scsi: fnic: Add and integrate support for FIP (jsc#PED-15441). * scsi: fnic: Add functionality in fnic to support FDLS (jsc#PED-15441). * scsi: fnic: Add headers and definitions for FDLS (jsc#PED-15441). * scsi: fnic: Add stats and related functionality (jsc#PED-15441). * scsi: fnic: Add support for fabric based solicited requests and responses (jsc#PED-15441). * scsi: fnic: Add support for target based solicited requests and responses (jsc#PED-15441). * scsi: fnic: Add support for unsolicited requests and responses (jsc#PED-15441). * scsi: fnic: Add support to handle port channel RSCN (jsc#PED-15441). * scsi: fnic: Code cleanup (jsc#PED-15441). * scsi: fnic: Delete incorrect debugfs error handling (jsc#PED-15441). * scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (jsc#PED-15441). * scsi: fnic: Fix indentation and remove unnecessary parenthesis (jsc#PED-15441). * scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (jsc#PED-15441). * scsi: fnic: Fix use of uninitialized value in debug message (jsc#PED-15441). * scsi: fnic: Increment driver version (jsc#PED-15441). * scsi: fnic: Modify IO path to use FDLS (jsc#PED-15441). * scsi: fnic: Modify fnic interfaces to use FDLS (jsc#PED-15441). * scsi: fnic: Propagate SCSI error code from fnic_scsi_drv_init() (jsc#PED-15441). * scsi: fnic: Remove always-true IS_FNIC_FCP_INITIATOR macro (jsc#PED-15441). * scsi: fnic: Remove extern definition from .c files (jsc#PED-15441). * scsi: fnic: Remove unnecessary debug print (jsc#PED-15441). * scsi: fnic: Remove unnecessary else and unnecessary break in FDLS (jsc#PED-15441). * scsi: fnic: Remove unnecessary else to fix warning in FDLS FIP (jsc#PED-15441). * scsi: fnic: Remove unnecessary spinlock locking and unlocking (jsc#PED-15441). * scsi: fnic: Replace fnic->lock_flags with local flags (jsc#PED-15441). * scsi: fnic: Replace shost_printk() with dev_info()/dev_err() (jsc#PED-15441). * scsi: fnic: Replace use of sizeof with standard usage (jsc#PED-15441). * scsi: fnic: Return appropriate error code for mem alloc failure (jsc#PED-15441). * scsi: fnic: Return appropriate error code from failure of scsi drv init (jsc#PED-15441). * scsi: fnic: Test for memory allocation failure and return error code (jsc#PED-15441). * scsi: fnic: Turn off FDMI ACTIVE flags on link down (jsc#PED-15441). * scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687). * scsi: scsi_transport_sas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes). * scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() (git-fixes, jsc#PED-15042). * selftests/bpf: Use the correct destructor kfunc type (bsc#1259955). * selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590). * tg3: Fix race for querying speed/duplex (bsc#1257183). * x86/platform/uv: Handle deconfigured sockets (bsc#1260347). ## Security update for gdk-pixbuf ### Description: This update for gdk-pixbuf fixes the following issue: * CVE-2026-5201: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (bsc#1261210). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro Extras 6.2 zypper in -t patch SUSE-SLE-Micro-Extras-6.2-596=1 * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-581=1 ## Package List: * SUSE Linux Micro Extras 6.2 (aarch64 ppc64le s390x x86_64) * kernel-syms-6.12.0-160000.28.1 * kernel-obs-build-6.12.0-160000.28.1 * kernel-obs-build-debugsource-6.12.0-160000.28.1 * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libgdk_pixbuf-2_0-0-2.42.12-160000.4.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-160000.4.1 * gdk-pixbuf-query-loaders-2.42.12-160000.4.1 * gdk-pixbuf-query-loaders-debuginfo-2.42.12-160000.4.1 * gdk-pixbuf-debugsource-2.42.12-160000.4.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39998.html * https://www.suse.com/security/cve/CVE-2025-40253.html * https://www.suse.com/security/cve/CVE-2025-68794.html * https://www.suse.com/security/cve/CVE-2025-71239.html * https://www.suse.com/security/cve/CVE-2026-23072.html * https://www.suse.com/security/cve/CVE-2026-23103.html * https://www.suse.com/security/cve/CVE-2026-23120.html * https://www.suse.com/security/cve/CVE-2026-23125.html * https://www.suse.com/security/cve/CVE-2026-23138.html * https://www.suse.com/security/cve/CVE-2026-23140.html * https://www.suse.com/security/cve/CVE-2026-23187.html * https://www.suse.com/security/cve/CVE-2026-23193.html * https://www.suse.com/security/cve/CVE-2026-23201.html * https://www.suse.com/security/cve/CVE-2026-23204.html * https://www.suse.com/security/cve/CVE-2026-23215.html * https://www.suse.com/security/cve/CVE-2026-23216.html * https://www.suse.com/security/cve/CVE-2026-23231.html * https://www.suse.com/security/cve/CVE-2026-23239.html * https://www.suse.com/security/cve/CVE-2026-23240.html * https://www.suse.com/security/cve/CVE-2026-23242.html * https://www.suse.com/security/cve/CVE-2026-23243.html * https://www.suse.com/security/cve/CVE-2026-23255.html * https://www.suse.com/security/cve/CVE-2026-23262.html * https://www.suse.com/security/cve/CVE-2026-23270.html * https://www.suse.com/security/cve/CVE-2026-23272.html * https://www.suse.com/security/cve/CVE-2026-23274.html * https://www.suse.com/security/cve/CVE-2026-23277.html * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-23281.html * https://www.suse.com/security/cve/CVE-2026-23292.html * https://www.suse.com/security/cve/CVE-2026-23293.html * https://www.suse.com/security/cve/CVE-2026-23297.html * https://www.suse.com/security/cve/CVE-2026-23304.html * https://www.suse.com/security/cve/CVE-2026-23319.html * https://www.suse.com/security/cve/CVE-2026-23326.html * https://www.suse.com/security/cve/CVE-2026-23335.html * https://www.suse.com/security/cve/CVE-2026-23343.html * https://www.suse.com/security/cve/CVE-2026-23361.html * https://www.suse.com/security/cve/CVE-2026-23379.html * https://www.suse.com/security/cve/CVE-2026-23381.html * https://www.suse.com/security/cve/CVE-2026-23383.html * https://www.suse.com/security/cve/CVE-2026-23386.html * https://www.suse.com/security/cve/CVE-2026-23393.html * https://www.suse.com/security/cve/CVE-2026-23398.html * https://www.suse.com/security/cve/CVE-2026-23413.html * https://www.suse.com/security/cve/CVE-2026-23414.html * https://www.suse.com/security/cve/CVE-2026-23419.html * https://www.suse.com/security/cve/CVE-2026-23425.html * https://www.suse.com/security/cve/CVE-2026-31788.html * https://www.suse.com/security/cve/CVE-2026-5201.html * https://bugzilla.suse.com/show_bug.cgi?id=1191256 * https://bugzilla.suse.com/show_bug.cgi?id=1191270 * https://bugzilla.suse.com/show_bug.cgi?id=1194778 * https://bugzilla.suse.com/show_bug.cgi?id=1207184 * https://bugzilla.suse.com/show_bug.cgi?id=1217845 * https://bugzilla.suse.com/show_bug.cgi?id=1222768 * https://bugzilla.suse.com/show_bug.cgi?id=1243208 * https://bugzilla.suse.com/show_bug.cgi?id=1252073 * https://bugzilla.suse.com/show_bug.cgi?id=1253129 * https://bugzilla.suse.com/show_bug.cgi?id=1254214 * https://bugzilla.suse.com/show_bug.cgi?id=1254306 * https://bugzilla.suse.com/show_bug.cgi?id=1254307 * https://bugzilla.suse.com/show_bug.cgi?id=1255084 * https://bugzilla.suse.com/show_bug.cgi?id=1255687 * https://bugzilla.suse.com/show_bug.cgi?id=1256647 * https://bugzilla.suse.com/show_bug.cgi?id=1257183 * https://bugzilla.suse.com/show_bug.cgi?id=1257511 * https://bugzilla.suse.com/show_bug.cgi?id=1257708 * https://bugzilla.suse.com/show_bug.cgi?id=1257773 * https://bugzilla.suse.com/show_bug.cgi?id=1257777 * https://bugzilla.suse.com/show_bug.cgi?id=1258175 * https://bugzilla.suse.com/show_bug.cgi?id=1258280 * https://bugzilla.suse.com/show_bug.cgi?id=1258293 * https://bugzilla.suse.com/show_bug.cgi?id=1258301 * https://bugzilla.suse.com/show_bug.cgi?id=1258305 * https://bugzilla.suse.com/show_bug.cgi?id=1258330 * https://bugzilla.suse.com/show_bug.cgi?id=1258337 * https://bugzilla.suse.com/show_bug.cgi?id=1258340 * https://bugzilla.suse.com/show_bug.cgi?id=1258414 * https://bugzilla.suse.com/show_bug.cgi?id=1258447 * https://bugzilla.suse.com/show_bug.cgi?id=1258476 * https://bugzilla.suse.com/show_bug.cgi?id=1258849 * https://bugzilla.suse.com/show_bug.cgi?id=1259188 * https://bugzilla.suse.com/show_bug.cgi?id=1259461 * https://bugzilla.suse.com/show_bug.cgi?id=1259484 * https://bugzilla.suse.com/show_bug.cgi?id=1259485 * https://bugzilla.suse.com/show_bug.cgi?id=1259580 * https://bugzilla.suse.com/show_bug.cgi?id=1259707 * https://bugzilla.suse.com/show_bug.cgi?id=1259759 * https://bugzilla.suse.com/show_bug.cgi?id=1259795 * https://bugzilla.suse.com/show_bug.cgi?id=1259797 * https://bugzilla.suse.com/show_bug.cgi?id=1259870 * https://bugzilla.suse.com/show_bug.cgi?id=1259886 * https://bugzilla.suse.com/show_bug.cgi?id=1259891 * https://bugzilla.suse.com/show_bug.cgi?id=1259955 * https://bugzilla.suse.com/show_bug.cgi?id=1259997 * https://bugzilla.suse.com/show_bug.cgi?id=1259998 * https://bugzilla.suse.com/show_bug.cgi?id=1260005 * https://bugzilla.suse.com/show_bug.cgi?id=1260009 * https://bugzilla.suse.com/show_bug.cgi?id=1260347 * https://bugzilla.suse.com/show_bug.cgi?id=1260459 * https://bugzilla.suse.com/show_bug.cgi?id=1260464 * https://bugzilla.suse.com/show_bug.cgi?id=1260471 * https://bugzilla.suse.com/show_bug.cgi?id=1260481 * https://bugzilla.suse.com/show_bug.cgi?id=1260486 * https://bugzilla.suse.com/show_bug.cgi?id=1260490 * https://bugzilla.suse.com/show_bug.cgi?id=1260497 * https://bugzilla.suse.com/show_bug.cgi?id=1260500 * https://bugzilla.suse.com/show_bug.cgi?id=1260522 * https://bugzilla.suse.com/show_bug.cgi?id=1260527 * https://bugzilla.suse.com/show_bug.cgi?id=1260544 * https://bugzilla.suse.com/show_bug.cgi?id=1260550 * https://bugzilla.suse.com/show_bug.cgi?id=1260606 * https://bugzilla.suse.com/show_bug.cgi?id=1260730 * https://bugzilla.suse.com/show_bug.cgi?id=1260732 * https://bugzilla.suse.com/show_bug.cgi?id=1260735 * https://bugzilla.suse.com/show_bug.cgi?id=1260799 * https://bugzilla.suse.com/show_bug.cgi?id=1261210 * https://bugzilla.suse.com/show_bug.cgi?id=1261496 * https://bugzilla.suse.com/show_bug.cgi?id=1261498 * https://bugzilla.suse.com/show_bug.cgi?id=1261506 * https://bugzilla.suse.com/show_bug.cgi?id=1261507 * https://bugzilla.suse.com/show_bug.cgi?id=1261669 * https://jira.suse.com/browse/PED-11175 * https://jira.suse.com/browse/PED-15042 * https://jira.suse.com/browse/PED-15441 * https://jira.suse.com/browse/PED-15986 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:34:51 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 22 Apr 2026 12:34:51 -0000 Subject: SUSE-RU-2026:21229-1: moderate: Recommended update 5.1.3 for SUSE_Multi-Linux_Manager Message-ID: <177686129166.329.5011879143159020670@d4c6dfb45de4> # Recommended update 5.1.3 for SUSE_Multi-Linux_Manager Announcement ID: SUSE-RU-2026:21229-1 Release Date: 2026-03-27T09:17:51Z Rating: moderate References: * bsc#1250367 * bsc#1252548 * bsc#1252964 * bsc#1254154 * bsc#1254619 * bsc#1256791 * bsc#1257447 * bsc#1257660 * bsc#1257941 * bsc#1258015 * bsc#1258418 * bsc#1258927 * bsc#1259208 Affected Products: * SUSE Linux Micro 6.1 * SUSE Multi-Linux Manager Proxy 5.1 * SUSE Multi-Linux Manager Retail Branch Server 5.1 * SUSE Multi-Linux Manager Server 5.1 An update that has 13 fixes can now be installed. ## Recommended update 5.1.3 for SUSE_Multi-Linux_Manager ### Description: This update for SUSE_Multi-Linux_Manager fixes the following issues: proxy-httpd-image: * Version 5.1.14 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 proxy-salt-broker-image: * Version 5.1.13 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 proxy-squid-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 proxy-ssh-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 proxy-tftpd-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 server-attestation-image: * Version 5.1.13 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 server-hub-xmlrpc-api-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 server-image: * Version 5.1.13 * Allow LDAP users that are not visible to pam_unix (bsc#1256791) server-migration-14-16-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 server-postgresql-image: * Version 5.1.10 * Include tar, gzip and smdba-pgarchive command to the database image (bsc#1250367) * Trust local user access server-saline-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 uyuni-tools: * version 5.1.26-0 * Fix applying PTF with images from RPMs (bsc#1252548) * Ssl Key file can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fix default value for helm registry (bsc#1258927). * Remove hub register command * Optimize postgres migration disk space usage (bsc#1257447) * Add continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) * version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) How to apply this update: SUSE Multi-Linux Manager Server: 1. Log in as root user to the SUSE Multi-Linux Manager Server. 2. Upgrade mgradm and mgrctl. 3. If you are in a disconnected environment, upgrade the image packages. 4. Reboot the system. 5. Run `mgradm upgrade podman` which will use the default image tags. SUSE Multi-Linux Manager Proxy / Retail Branch Server: 1. Log in as root user to the SUSE Multi-Linux Manager Proxy / Retail Branch Server. 2. Upgrade mgrpxy. 3. If you are in a disconnected environment, upgrade the image packages. 4. Reboot the system. 5. Run `mgrpxy upgrade podman` which will use the default image tags. ## Recommended update 5.1.3 for SUSE_Multi-Linux_Manager ### Description: This update for SUSE_Multi-Linux_Manager fixes the following issues: proxy-httpd-image: * Version 5.1.14 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 proxy-salt-broker-image: * Version 5.1.13 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 proxy-squid-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 proxy-ssh-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 proxy-tftpd-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 server-attestation-image: * Version 5.1.13 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 server-hub-xmlrpc-api-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 server-image: * Version 5.1.13 * Allow LDAP users that are not visible to pam_unix (bsc#1256791) server-migration-14-16-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 server-postgresql-image: * Version 5.1.10 * Include tar, gzip and smdba-pgarchive command to the database image (bsc#1250367) * Trust local user access server-saline-image: * Version 5.1.12 * Image rebuilt to the newest version with updated dependencies for SUSE Multi-Linux Manager 5.1.3 uyuni-tools: * version 5.1.26-0 * Fix applying PTF with images from RPMs (bsc#1252548) * Ssl Key file can miss if CA password is blank (bsc#1254154) * mgrpxy ssh tuning should happens before crypto policies (bsc#1254619) * Fix default value for helm registry (bsc#1258927). * Remove hub register command * Optimize postgres migration disk space usage (bsc#1257447) * Add continuous database backup support (bsc#1250367) * Explicitly start proxy pods after operations (bsc#1258015) * Use static supportconfig name to avoid dynamic search (bsc#1257941) * Do not nest multiple tarball files and instead collect all files into one tarball (bsc#1252964) * Show where final tarball was generated (bsc#1259208) * Set proxy config file permissions (bsc#1257660) * version 5.1.25-0 * If PTF image doesn't exists, use the current service image (bsc#1258418) How to apply this update: SUSE Multi-Linux Manager Server: 1. Log in as root user to the SUSE Multi-Linux Manager Server. 2. Upgrade mgradm and mgrctl. 3. If you are in a disconnected environment, upgrade the image packages. 4. Reboot the system. 5. Run `mgradm upgrade podman` which will use the default image tags. SUSE Multi-Linux Manager Proxy / Retail Branch Server: 1. Log in as root user to the SUSE Multi-Linux Manager Proxy / Retail Branch Server. 2. Upgrade mgrpxy. 3. If you are in a disconnected environment, upgrade the image packages. 4. Reboot the system. 5. Run `mgrpxy upgrade podman` which will use the default image tags. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Proxy 5.1 zypper in -t patch SUSE-Multi-Linux-Manager-5.1-6=1 SUSE-Multi-Linux- Manager-5.1-6=1 * SUSE Multi-Linux Manager Server 5.1 zypper in -t patch SUSE-Multi-Linux-Manager-5.1-6=1 SUSE-Multi-Linux- Manager-5.1-6=1 * SUSE Multi-Linux Manager Retail Branch Server 5.1 zypper in -t patch SUSE-Multi-Linux-Manager-5.1-6=1 ## Package List: * SUSE Multi-Linux Manager Proxy 5.1 (aarch64 ppc64le s390x x86_64) * mgrpxy-5.1.26-slfo.1.1.1 * mgrpxy-debuginfo-5.1.26-slfo.1.1.1 * SUSE Multi-Linux Manager Proxy 5.1 (noarch) * mgrpxy-bash-completion-5.1.26-slfo.1.1.1 * mgrpxy-lang-5.1.26-slfo.1.1.1 * mgrpxy-zsh-completion-5.1.26-slfo.1.1.1 * SUSE Multi-Linux Manager Proxy 5.1 (aarch64) * suse-multi-linux-manager-5.1-aarch64-proxy-salt-broker-image-5.1.3-9.14.10 * suse-multi-linux-manager-5.1-aarch64-proxy-tftpd-image-5.1.3-8.14.4 * suse-multi-linux-manager-5.1-aarch64-proxy-squid-image-5.1.3-8.14.4 * suse-multi-linux-manager-5.1-aarch64-proxy-httpd-image-5.1.3-8.16.11 * suse-multi-linux-manager-5.1-aarch64-proxy-ssh-image-5.1.3-8.14.6 * SUSE Multi-Linux Manager Proxy 5.1 (ppc64le) * suse-multi-linux-manager-5.1-ppc64le-proxy-tftpd-image-5.1.3-8.14.4 * suse-multi-linux-manager-5.1-ppc64le-proxy-httpd-image-5.1.3-8.16.11 * suse-multi-linux-manager-5.1-ppc64le-proxy-ssh-image-5.1.3-8.14.6 * suse-multi-linux-manager-5.1-ppc64le-proxy-squid-image-5.1.3-8.14.4 * suse-multi-linux-manager-5.1-ppc64le-proxy-salt-broker-image-5.1.3-9.14.10 * SUSE Multi-Linux Manager Proxy 5.1 (s390x) * suse-multi-linux-manager-5.1-s390x-proxy-httpd-image-5.1.3-8.16.11 * suse-multi-linux-manager-5.1-s390x-proxy-squid-image-5.1.3-8.14.4 * suse-multi-linux-manager-5.1-s390x-proxy-tftpd-image-5.1.3-8.14.4 * suse-multi-linux-manager-5.1-s390x-proxy-salt-broker-image-5.1.3-9.14.10 * suse-multi-linux-manager-5.1-s390x-proxy-ssh-image-5.1.3-8.14.6 * SUSE Multi-Linux Manager Proxy 5.1 (x86_64) * suse-multi-linux-manager-5.1-x86_64-proxy-squid-image-5.1.3-8.14.4 * suse-multi-linux-manager-5.1-x86_64-proxy-ssh-image-5.1.3-8.14.6 * suse-multi-linux-manager-5.1-x86_64-proxy-salt-broker-image-5.1.3-9.14.10 * suse-multi-linux-manager-5.1-x86_64-proxy-tftpd-image-5.1.3-8.14.4 * suse-multi-linux-manager-5.1-x86_64-proxy-httpd-image-5.1.3-8.16.11 * SUSE Multi-Linux Manager Server 5.1 (aarch64 ppc64le s390x x86_64) * mgrctl-debuginfo-5.1.26-slfo.1.1.1 * mgradm-debuginfo-5.1.26-slfo.1.1.1 * mgradm-5.1.26-slfo.1.1.1 * mgrctl-5.1.26-slfo.1.1.1 * SUSE Multi-Linux Manager Server 5.1 (noarch) * mgradm-zsh-completion-5.1.26-slfo.1.1.1 * mgrctl-lang-5.1.26-slfo.1.1.1 * mgrctl-bash-completion-5.1.26-slfo.1.1.1 * mgradm-lang-5.1.26-slfo.1.1.1 * mgradm-bash-completion-5.1.26-slfo.1.1.1 * mgrctl-zsh-completion-5.1.26-slfo.1.1.1 * SUSE Multi-Linux Manager Server 5.1 (aarch64) * suse-multi-linux-manager-5.1-aarch64-server-attestation-image-5.1.3-8.16.4 * suse-multi-linux-manager-5.1-aarch64-server-image-5.1.3-8.14.11 * suse-multi-linux-manager-5.1-aarch64-server-hub-xmlrpc-api-image-5.1.3-8.14.5 * suse-multi-linux-manager-5.1-aarch64-server-migration-14-16-image-5.1.3-8.14.5 * suse-multi-linux-manager-5.1-aarch64-server-saline-image-5.1.3-9.14.7 * suse-multi-linux-manager-5.1-aarch64-server-postgresql-image-5.1.3-6.14.4 * SUSE Multi-Linux Manager Server 5.1 (ppc64le) * suse-multi-linux-manager-5.1-ppc64le-server-hub-xmlrpc-api-image-5.1.3-8.14.5 * suse-multi-linux-manager-5.1-ppc64le-server-migration-14-16-image-5.1.3-8.14.5 * suse-multi-linux-manager-5.1-ppc64le-server-image-5.1.3-8.14.11 * suse-multi-linux-manager-5.1-ppc64le-server-postgresql-image-5.1.3-6.14.4 * suse-multi-linux-manager-5.1-ppc64le-server-attestation-image-5.1.3-8.16.4 * suse-multi-linux-manager-5.1-ppc64le-server-saline-image-5.1.3-9.14.7 * SUSE Multi-Linux Manager Server 5.1 (s390x) * suse-multi-linux-manager-5.1-s390x-server-postgresql-image-5.1.3-6.14.4 * suse-multi-linux-manager-5.1-s390x-server-image-5.1.3-8.14.11 * suse-multi-linux-manager-5.1-s390x-server-migration-14-16-image-5.1.3-8.14.5 * suse-multi-linux-manager-5.1-s390x-server-hub-xmlrpc-api-image-5.1.3-8.14.5 * suse-multi-linux-manager-5.1-s390x-server-attestation-image-5.1.3-8.16.4 * suse-multi-linux-manager-5.1-s390x-server-saline-image-5.1.3-9.14.7 * SUSE Multi-Linux Manager Server 5.1 (x86_64) * suse-multi-linux-manager-5.1-x86_64-server-hub-xmlrpc-api-image-5.1.3-8.14.5 * suse-multi-linux-manager-5.1-x86_64-server-image-5.1.3-8.14.11 * suse-multi-linux-manager-5.1-x86_64-server-saline-image-5.1.3-9.14.7 * suse-multi-linux-manager-5.1-x86_64-server-migration-14-16-image-5.1.3-8.14.5 * suse-multi-linux-manager-5.1-x86_64-server-attestation-image-5.1.3-8.16.4 * suse-multi-linux-manager-5.1-x86_64-server-postgresql-image-5.1.3-6.14.4 * SUSE Multi-Linux Manager Retail Branch Server 5.1 (aarch64 ppc64le s390x x86_64) * mgrpxy-5.1.26-slfo.1.1.1 * mgrpxy-debuginfo-5.1.26-slfo.1.1.1 * SUSE Multi-Linux Manager Retail Branch Server 5.1 (noarch) * mgrpxy-bash-completion-5.1.26-slfo.1.1.1 * mgrpxy-lang-5.1.26-slfo.1.1.1 * mgrpxy-zsh-completion-5.1.26-slfo.1.1.1 * SUSE Multi-Linux Manager Retail Branch Server 5.1 (aarch64) * suse-multi-linux-manager-5.1-aarch64-proxy-salt-broker-image-5.1.3-9.14.10 * suse-multi-linux-manager-5.1-aarch64-proxy-tftpd-image-5.1.3-8.14.4 * suse-multi-linux-manager-5.1-aarch64-proxy-squid-image-5.1.3-8.14.4 * suse-multi-linux-manager-5.1-aarch64-proxy-httpd-image-5.1.3-8.16.11 * suse-multi-linux-manager-5.1-aarch64-proxy-ssh-image-5.1.3-8.14.6 * SUSE Multi-Linux Manager Retail Branch Server 5.1 (ppc64le) * suse-multi-linux-manager-5.1-ppc64le-proxy-tftpd-image-5.1.3-8.14.4 * suse-multi-linux-manager-5.1-ppc64le-proxy-httpd-image-5.1.3-8.16.11 * suse-multi-linux-manager-5.1-ppc64le-proxy-ssh-image-5.1.3-8.14.6 * suse-multi-linux-manager-5.1-ppc64le-proxy-squid-image-5.1.3-8.14.4 * suse-multi-linux-manager-5.1-ppc64le-proxy-salt-broker-image-5.1.3-9.14.10 * SUSE Multi-Linux Manager Retail Branch Server 5.1 (s390x) * suse-multi-linux-manager-5.1-s390x-proxy-httpd-image-5.1.3-8.16.11 * suse-multi-linux-manager-5.1-s390x-proxy-squid-image-5.1.3-8.14.4 * suse-multi-linux-manager-5.1-s390x-proxy-tftpd-image-5.1.3-8.14.4 * suse-multi-linux-manager-5.1-s390x-proxy-salt-broker-image-5.1.3-9.14.10 * suse-multi-linux-manager-5.1-s390x-proxy-ssh-image-5.1.3-8.14.6 * SUSE Multi-Linux Manager Retail Branch Server 5.1 (x86_64) * suse-multi-linux-manager-5.1-x86_64-proxy-squid-image-5.1.3-8.14.4 * suse-multi-linux-manager-5.1-x86_64-proxy-ssh-image-5.1.3-8.14.6 * suse-multi-linux-manager-5.1-x86_64-proxy-salt-broker-image-5.1.3-9.14.10 * suse-multi-linux-manager-5.1-x86_64-proxy-tftpd-image-5.1.3-8.14.4 * suse-multi-linux-manager-5.1-x86_64-proxy-httpd-image-5.1.3-8.16.11 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1250367 * https://bugzilla.suse.com/show_bug.cgi?id=1252548 * https://bugzilla.suse.com/show_bug.cgi?id=1252964 * https://bugzilla.suse.com/show_bug.cgi?id=1254154 * https://bugzilla.suse.com/show_bug.cgi?id=1254619 * https://bugzilla.suse.com/show_bug.cgi?id=1256791 * https://bugzilla.suse.com/show_bug.cgi?id=1257447 * https://bugzilla.suse.com/show_bug.cgi?id=1257660 * https://bugzilla.suse.com/show_bug.cgi?id=1257941 * https://bugzilla.suse.com/show_bug.cgi?id=1258015 * https://bugzilla.suse.com/show_bug.cgi?id=1258418 * https://bugzilla.suse.com/show_bug.cgi?id=1258927 * https://bugzilla.suse.com/show_bug.cgi?id=1259208 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:34:56 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 22 Apr 2026 12:34:56 -0000 Subject: SUSE-SU-2026:1537-1: important: Security update for the Linux Kernel (Live Patch 71 for SUSE Linux Enterprise 12 SP5) Message-ID: <177686129668.329.18286836270448234920@d4c6dfb45de4> # Security update for the Linux Kernel (Live Patch 71 for SUSE Linux Enterprise 12 SP5) Announcement ID: SUSE-SU-2026:1537-1 Release Date: 2026-04-21T23:07:11Z Rating: important References: * bsc#1258396 * bsc#1259859 Cross-References: * CVE-2026-23191 * CVE-2026-23268 CVSS scores: * CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-23191 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 4.12.14-122.269 fixes various security issues The following security issues were fixed: * CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258396). * CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1259859). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-1538=1 SUSE-SLE-Live- Patching-12-SP5-2026-1537=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_255-default-16-2.1 * kgraft-patch-4_12_14-122_269-default-10-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23191.html * https://www.suse.com/security/cve/CVE-2026-23268.html * https://bugzilla.suse.com/show_bug.cgi?id=1258396 * https://bugzilla.suse.com/show_bug.cgi?id=1259859 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:34:59 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 22 Apr 2026 12:34:59 -0000 Subject: SUSE-SU-2026:1544-1: moderate: Security update for python-python-multipart Message-ID: <177686129934.329.1612659179803175073@d4c6dfb45de4> # Security update for python-python-multipart Announcement ID: SUSE-SU-2026:1544-1 Release Date: 2026-04-22T07:22:55Z Rating: moderate References: * bsc#1262403 Cross-References: * CVE-2026-40347 CVSS scores: * CVE-2026-40347 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-40347 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-40347 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for python-python-multipart fixes the following issue: * CVE-2026-40347: crafted `multipart/form-data` can cause a denial of service (bsc#1262403). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1544=1 ## Package List: * openSUSE Leap 15.6 (noarch) * python311-python-multipart-0.0.9-150600.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-40347.html * https://bugzilla.suse.com/show_bug.cgi?id=1262403 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:35:04 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 22 Apr 2026 12:35:04 -0000 Subject: SUSE-SU-2026:1541-1: important: Security update for flatpak Message-ID: <177686130432.329.12438807085181364611@d4c6dfb45de4> # Security update for flatpak Announcement ID: SUSE-SU-2026:1541-1 Release Date: 2026-04-22T07:22:36Z Rating: important References: * bsc#1261769 * bsc#1261770 Cross-References: * CVE-2026-34078 * CVE-2026-34079 CVSS scores: * CVE-2026-34078 ( SUSE ): 6.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H * CVE-2026-34078 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2026-34078 ( NVD ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N * CVE-2026-34079 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L * CVE-2026-34079 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-34079 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for flatpak fixes the following issues: * CVE-2026-34078: improper processing of app-controlled symlinks by sandbox- expose can lead to sandbox escape, host file access and code execution in the host context (bsc#1261769). * CVE-2026-34079: improper removal of outdated cache files allows for arbitrary file deletion on the host filesystem (bsc#1261770). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1541=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1541=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1541=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1541=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1541=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * openSUSE Leap 15.5 (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 * system-user-flatpak-1.16.0-150500.3.18.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 * system-user-flatpak-1.16.0-150500.3.18.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 * system-user-flatpak-1.16.0-150500.3.18.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 * system-user-flatpak-1.16.0-150500.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libflatpak0-1.16.0-150500.3.18.1 * flatpak-debuginfo-1.16.0-150500.3.18.1 * flatpak-debugsource-1.16.0-150500.3.18.1 * flatpak-devel-1.16.0-150500.3.18.1 * flatpak-1.16.0-150500.3.18.1 * libflatpak0-debuginfo-1.16.0-150500.3.18.1 * typelib-1_0-Flatpak-1_0-1.16.0-150500.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * flatpak-zsh-completion-1.16.0-150500.3.18.1 * flatpak-remote-flathub-1.16.0-150500.3.18.1 * system-user-flatpak-1.16.0-150500.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-34078.html * https://www.suse.com/security/cve/CVE-2026-34079.html * https://bugzilla.suse.com/show_bug.cgi?id=1261769 * https://bugzilla.suse.com/show_bug.cgi?id=1261770 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:35:06 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 22 Apr 2026 12:35:06 -0000 Subject: SUSE-SU-2026:1540-1: important: Security update for podman Message-ID: <177686130609.329.16697555127240037437@d4c6dfb45de4> # Security update for podman Announcement ID: SUSE-SU-2026:1540-1 Release Date: 2026-04-22T07:22:19Z Rating: important References: Affected Products: * Containers Module 15-SP7 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that can now be installed. ## Description: This update for podman rebuilds it against the current go 1.25 security release. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1540=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1540=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1540=1 * Containers Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-1540=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1540=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1540=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1540=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1540=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1540=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * podman-remote-4.9.5-150500.3.67.1 * podman-debuginfo-4.9.5-150500.3.67.1 * podman-remote-debuginfo-4.9.5-150500.3.67.1 * podman-4.9.5-150500.3.67.1 * podmansh-4.9.5-150500.3.67.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * podman-docker-4.9.5-150500.3.67.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * podman-remote-4.9.5-150500.3.67.1 * podman-debuginfo-4.9.5-150500.3.67.1 * podman-remote-debuginfo-4.9.5-150500.3.67.1 * podman-4.9.5-150500.3.67.1 * podmansh-4.9.5-150500.3.67.1 * openSUSE Leap 15.5 (noarch) * podman-docker-4.9.5-150500.3.67.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * podman-remote-4.9.5-150500.3.67.1 * podman-debuginfo-4.9.5-150500.3.67.1 * podman-remote-debuginfo-4.9.5-150500.3.67.1 * podman-4.9.5-150500.3.67.1 * podmansh-4.9.5-150500.3.67.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * podman-docker-4.9.5-150500.3.67.1 * Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64) * podman-remote-4.9.5-150500.3.67.1 * podman-debuginfo-4.9.5-150500.3.67.1 * podman-remote-debuginfo-4.9.5-150500.3.67.1 * podman-4.9.5-150500.3.67.1 * podmansh-4.9.5-150500.3.67.1 * Containers Module 15-SP7 (noarch) * podman-docker-4.9.5-150500.3.67.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * podman-remote-4.9.5-150500.3.67.1 * podman-debuginfo-4.9.5-150500.3.67.1 * podman-remote-debuginfo-4.9.5-150500.3.67.1 * podman-4.9.5-150500.3.67.1 * podmansh-4.9.5-150500.3.67.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * podman-docker-4.9.5-150500.3.67.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * podman-remote-4.9.5-150500.3.67.1 * podman-debuginfo-4.9.5-150500.3.67.1 * podman-remote-debuginfo-4.9.5-150500.3.67.1 * podman-4.9.5-150500.3.67.1 * podmansh-4.9.5-150500.3.67.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * podman-docker-4.9.5-150500.3.67.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * podman-remote-4.9.5-150500.3.67.1 * podman-debuginfo-4.9.5-150500.3.67.1 * podman-remote-debuginfo-4.9.5-150500.3.67.1 * podman-4.9.5-150500.3.67.1 * podmansh-4.9.5-150500.3.67.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * podman-docker-4.9.5-150500.3.67.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * podman-remote-4.9.5-150500.3.67.1 * podman-debuginfo-4.9.5-150500.3.67.1 * podman-remote-debuginfo-4.9.5-150500.3.67.1 * podman-4.9.5-150500.3.67.1 * podmansh-4.9.5-150500.3.67.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * podman-docker-4.9.5-150500.3.67.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * podman-remote-4.9.5-150500.3.67.1 * podman-debuginfo-4.9.5-150500.3.67.1 * podman-remote-debuginfo-4.9.5-150500.3.67.1 * podman-4.9.5-150500.3.67.1 * podmansh-4.9.5-150500.3.67.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * podman-docker-4.9.5-150500.3.67.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 22 12:35:10 2026 From: null at suse.de (SLE-UPDATES) Date: Wed, 22 Apr 2026 12:35:10 -0000 Subject: SUSE-SU-2026:1539-1: important: Security update for gdk-pixbuf Message-ID: <177686131004.329.2461414573029592884@d4c6dfb45de4> # Security update for gdk-pixbuf Announcement ID: SUSE-SU-2026:1539-1 Release Date: 2026-04-22T07:20:58Z Rating: important References: * bsc#1261210 Cross-References: * CVE-2026-5201 CVSS scores: * CVE-2026-5201 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-5201 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5201 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for gdk-pixbuf fixes the following issue: * CVE-2026-5201: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (bsc#1261210). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-1539=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1539=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-1539=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1539=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-1539=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-1539=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1539=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1539=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1539=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1539=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1539=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1539=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1539=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1539=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * openSUSE Leap 15.4 (x86_64) * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-32bit-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.17.1 * openSUSE Leap 15.4 (noarch) * gdk-pixbuf-lang-2.42.12-150400.5.17.1 * openSUSE Leap 15.4 (aarch64_ilp32) * gdk-pixbuf-devel-64bit-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-64bit-debuginfo-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-64bit-debuginfo-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-64bit-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-64bit-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-64bit-debuginfo-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * gdk-pixbuf-lang-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * gdk-pixbuf-lang-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * gdk-pixbuf-lang-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * gdk-pixbuf-lang-2.42.12-150400.5.17.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * gdk-pixbuf-lang-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * gdk-pixbuf-lang-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * gdk-pixbuf-lang-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * gdk-pixbuf-query-loaders-debuginfo-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-thumbnailer-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-2.42.12-150400.5.17.1 * typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.17.1 * gdk-pixbuf-debugsource-2.42.12-150400.5.17.1 * gdk-pixbuf-devel-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * gdk-pixbuf-lang-2.42.12-150400.5.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.17.1 * libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.12-150400.5.17.1 * gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.17.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5201.html * https://bugzilla.suse.com/show_bug.cgi?id=1261210 -------------- next part -------------- An HTML attachment was scrubbed... URL: