From null at suse.de Mon Feb 2 08:30:11 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 02 Feb 2026 08:30:11 -0000 Subject: SUSE-SU-2026:0355-1: important: Security update for glib2 Message-ID: <177002101106.24019.14100075763563946690@smelt2.prg2.suse.org> # Security update for glib2 Announcement ID: SUSE-SU-2026:0355-1 Release Date: 2026-01-31T02:04:40Z Rating: important References: * bsc#1257353 * bsc#1257354 * bsc#1257355 Cross-References: * CVE-2026-1484 * CVE-2026-1485 * CVE-2026-1489 CVSS scores: * CVE-2026-1484 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-1484 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-1484 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2026-1485 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-1485 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-1485 ( NVD ): 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L * CVE-2026-1489 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-1489 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-1489 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for glib2 fixes the following issues: * CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). * CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). * CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-355=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-355=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libglib-2_0-0-debuginfo-2.62.6-150200.3.42.1 * glib2-tools-2.62.6-150200.3.42.1 * libgobject-2_0-0-2.62.6-150200.3.42.1 * libgobject-2_0-0-debuginfo-2.62.6-150200.3.42.1 * glib2-debugsource-2.62.6-150200.3.42.1 * libgio-2_0-0-2.62.6-150200.3.42.1 * libgmodule-2_0-0-2.62.6-150200.3.42.1 * libgio-2_0-0-debuginfo-2.62.6-150200.3.42.1 * libgmodule-2_0-0-debuginfo-2.62.6-150200.3.42.1 * libglib-2_0-0-2.62.6-150200.3.42.1 * glib2-tools-debuginfo-2.62.6-150200.3.42.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libglib-2_0-0-debuginfo-2.62.6-150200.3.42.1 * glib2-tools-2.62.6-150200.3.42.1 * libgobject-2_0-0-2.62.6-150200.3.42.1 * libgobject-2_0-0-debuginfo-2.62.6-150200.3.42.1 * glib2-debugsource-2.62.6-150200.3.42.1 * libgio-2_0-0-2.62.6-150200.3.42.1 * libgmodule-2_0-0-2.62.6-150200.3.42.1 * libgio-2_0-0-debuginfo-2.62.6-150200.3.42.1 * libgmodule-2_0-0-debuginfo-2.62.6-150200.3.42.1 * libglib-2_0-0-2.62.6-150200.3.42.1 * glib2-tools-debuginfo-2.62.6-150200.3.42.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1484.html * https://www.suse.com/security/cve/CVE-2026-1485.html * https://www.suse.com/security/cve/CVE-2026-1489.html * https://bugzilla.suse.com/show_bug.cgi?id=1257353 * https://bugzilla.suse.com/show_bug.cgi?id=1257354 * https://bugzilla.suse.com/show_bug.cgi?id=1257355 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Feb 2 08:30:16 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 02 Feb 2026 08:30:16 -0000 Subject: SUSE-SU-2026:0354-1: moderate: Security update for govulncheck-vulndb Message-ID: <177002101693.24019.13288353040722642537@smelt2.prg2.suse.org> # Security update for govulncheck-vulndb Announcement ID: SUSE-SU-2026:0354-1 Release Date: 2026-01-30T18:33:39Z Rating: moderate References: * jsc#PED-11136 Cross-References: * CVE-2025-61726 * CVE-2025-61728 * CVE-2025-61730 * CVE-2025-61731 * CVE-2025-68119 CVSS scores: * CVE-2025-61726 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-61726 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-61726 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-61728 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-61728 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-61728 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-61730 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-61730 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2025-61730 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-61731 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-61731 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-61731 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-68119 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-68119 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2025-68119 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 An update that solves five vulnerabilities and contains one feature can now be installed. ## Description: This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20260128T190828 2026-01-28T19:08:28Z (jsc#PED-11136): Go CVE Numbering Authority IDs added or updated with aliases: * GO-2026-4338 CVE-2025-68119 CVE-2025-68119 * GO-2026-4339 CVE-2025-61731 CVE-2025-61731 * GO-2026-4340 CVE-2025-61730 CVE-2025-61730 * GO-2026-4341 CVE-2025-61726 CVE-2025-61726 * GO-2026-4342 CVE-2025-61728 CVE-2025-61728 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-354=1 ## Package List: * openSUSE Leap 15.6 (noarch) * govulncheck-vulndb-0.0.20260128T190828-150000.1.143.1 ## References: * https://www.suse.com/security/cve/CVE-2025-61726.html * https://www.suse.com/security/cve/CVE-2025-61728.html * https://www.suse.com/security/cve/CVE-2025-61730.html * https://www.suse.com/security/cve/CVE-2025-61731.html * https://www.suse.com/security/cve/CVE-2025-68119.html * https://jira.suse.com/browse/PED-11136 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Feb 2 12:30:03 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 02 Feb 2026 12:30:03 -0000 Subject: SUSE-SU-2026:0356-1: important: Security update for qemu Message-ID: <177003540366.9683.13522829417886351716@smelt2.prg2.suse.org> # Security update for qemu Announcement ID: SUSE-SU-2026:0356-1 Release Date: 2026-02-01T21:18:57Z Rating: important References: * bsc#1250984 Cross-References: * CVE-2025-11234 CVSS scores: * CVE-2025-11234 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-11234 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-11234 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that solves one vulnerability can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2025-11234: Fixed use-after-free in websocket handshake code can lead to denial of service (bsc#1250984). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2026-356=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-356=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-356=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * qemu-extra-debuginfo-5.2.0-150300.142.1 * qemu-block-gluster-5.2.0-150300.142.1 * qemu-s390x-debuginfo-5.2.0-150300.142.1 * qemu-vhost-user-gpu-debuginfo-5.2.0-150300.142.1 * qemu-hw-usb-redirect-5.2.0-150300.142.1 * qemu-ivshmem-tools-debuginfo-5.2.0-150300.142.1 * qemu-ppc-5.2.0-150300.142.1 * qemu-block-curl-debuginfo-5.2.0-150300.142.1 * qemu-block-ssh-debuginfo-5.2.0-150300.142.1 * qemu-block-iscsi-5.2.0-150300.142.1 * qemu-block-dmg-debuginfo-5.2.0-150300.142.1 * qemu-linux-user-debugsource-5.2.0-150300.142.1 * qemu-5.2.0-150300.142.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.142.1 * qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.142.1 * qemu-hw-usb-smartcard-debuginfo-5.2.0-150300.142.1 * qemu-ivshmem-tools-5.2.0-150300.142.1 * qemu-audio-pa-debuginfo-5.2.0-150300.142.1 * qemu-ui-gtk-5.2.0-150300.142.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.142.1 * qemu-audio-spice-debuginfo-5.2.0-150300.142.1 * qemu-ui-spice-core-5.2.0-150300.142.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.142.1 * qemu-ui-curses-5.2.0-150300.142.1 * qemu-block-nfs-5.2.0-150300.142.1 * qemu-block-curl-5.2.0-150300.142.1 * qemu-block-nfs-debuginfo-5.2.0-150300.142.1 * qemu-hw-display-qxl-5.2.0-150300.142.1 * qemu-linux-user-5.2.0-150300.142.1 * qemu-lang-5.2.0-150300.142.1 * qemu-guest-agent-5.2.0-150300.142.1 * qemu-x86-5.2.0-150300.142.1 * qemu-arm-5.2.0-150300.142.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.142.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.142.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.142.1 * qemu-audio-alsa-5.2.0-150300.142.1 * qemu-block-ssh-5.2.0-150300.142.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.142.1 * qemu-ui-opengl-5.2.0-150300.142.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.142.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.142.1 * qemu-guest-agent-debuginfo-5.2.0-150300.142.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.142.1 * qemu-extra-5.2.0-150300.142.1 * qemu-ui-spice-app-5.2.0-150300.142.1 * qemu-arm-debuginfo-5.2.0-150300.142.1 * qemu-audio-pa-5.2.0-150300.142.1 * qemu-audio-spice-5.2.0-150300.142.1 * qemu-debugsource-5.2.0-150300.142.1 * qemu-s390x-5.2.0-150300.142.1 * qemu-chardev-baum-5.2.0-150300.142.1 * qemu-linux-user-debuginfo-5.2.0-150300.142.1 * qemu-debuginfo-5.2.0-150300.142.1 * qemu-chardev-spice-5.2.0-150300.142.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.142.1 * qemu-ppc-debuginfo-5.2.0-150300.142.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.142.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.142.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.142.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.142.1 * qemu-hw-usb-smartcard-5.2.0-150300.142.1 * qemu-ui-curses-debuginfo-5.2.0-150300.142.1 * qemu-tools-5.2.0-150300.142.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.142.1 * qemu-tools-debuginfo-5.2.0-150300.142.1 * qemu-ksm-5.2.0-150300.142.1 * qemu-block-gluster-debuginfo-5.2.0-150300.142.1 * qemu-vhost-user-gpu-5.2.0-150300.142.1 * qemu-x86-debuginfo-5.2.0-150300.142.1 * qemu-testsuite-5.2.0-150300.142.2 * qemu-block-dmg-5.2.0-150300.142.1 * qemu-hw-display-virtio-vga-5.2.0-150300.142.1 * openSUSE Leap 15.3 (s390x x86_64 i586) * qemu-kvm-5.2.0-150300.142.1 * openSUSE Leap 15.3 (noarch) * qemu-sgabios-8-150300.142.1 * qemu-microvm-5.2.0-150300.142.1 * qemu-vgabios-1.14.0_0_g155821a-150300.142.1 * qemu-SLOF-5.2.0-150300.142.1 * qemu-ipxe-1.0.0+-150300.142.1 * qemu-skiboot-5.2.0-150300.142.1 * qemu-seabios-1.14.0_0_g155821a-150300.142.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * qemu-block-rbd-5.2.0-150300.142.1 * qemu-block-rbd-debuginfo-5.2.0-150300.142.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * qemu-hw-usb-redirect-5.2.0-150300.142.1 * qemu-5.2.0-150300.142.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.142.1 * qemu-ui-spice-core-5.2.0-150300.142.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.142.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.142.1 * qemu-audio-spice-debuginfo-5.2.0-150300.142.1 * qemu-hw-display-qxl-5.2.0-150300.142.1 * qemu-guest-agent-5.2.0-150300.142.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.142.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.142.1 * qemu-ui-opengl-5.2.0-150300.142.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.142.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.142.1 * qemu-guest-agent-debuginfo-5.2.0-150300.142.1 * qemu-debugsource-5.2.0-150300.142.1 * qemu-audio-spice-5.2.0-150300.142.1 * qemu-debuginfo-5.2.0-150300.142.1 * qemu-chardev-spice-5.2.0-150300.142.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.142.1 * qemu-tools-5.2.0-150300.142.1 * qemu-tools-debuginfo-5.2.0-150300.142.1 * qemu-hw-display-virtio-vga-5.2.0-150300.142.1 * SUSE Linux Enterprise Micro 5.2 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.142.1 * qemu-arm-5.2.0-150300.142.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * qemu-ipxe-1.0.0+-150300.142.1 * qemu-seabios-1.14.0_0_g155821a-150300.142.1 * qemu-vgabios-1.14.0_0_g155821a-150300.142.1 * qemu-sgabios-8-150300.142.1 * SUSE Linux Enterprise Micro 5.2 (s390x) * qemu-s390x-5.2.0-150300.142.1 * qemu-s390x-debuginfo-5.2.0-150300.142.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * qemu-x86-debuginfo-5.2.0-150300.142.1 * qemu-x86-5.2.0-150300.142.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * qemu-hw-usb-redirect-5.2.0-150300.142.1 * qemu-5.2.0-150300.142.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.142.1 * qemu-ui-spice-core-5.2.0-150300.142.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.142.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.142.1 * qemu-audio-spice-debuginfo-5.2.0-150300.142.1 * qemu-hw-display-qxl-5.2.0-150300.142.1 * qemu-guest-agent-5.2.0-150300.142.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.142.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.142.1 * qemu-ui-opengl-5.2.0-150300.142.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.142.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.142.1 * qemu-guest-agent-debuginfo-5.2.0-150300.142.1 * qemu-debugsource-5.2.0-150300.142.1 * qemu-audio-spice-5.2.0-150300.142.1 * qemu-debuginfo-5.2.0-150300.142.1 * qemu-chardev-spice-5.2.0-150300.142.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.142.1 * qemu-tools-5.2.0-150300.142.1 * qemu-tools-debuginfo-5.2.0-150300.142.1 * qemu-hw-display-virtio-vga-5.2.0-150300.142.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.142.1 * qemu-arm-5.2.0-150300.142.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * qemu-ipxe-1.0.0+-150300.142.1 * qemu-seabios-1.14.0_0_g155821a-150300.142.1 * qemu-vgabios-1.14.0_0_g155821a-150300.142.1 * qemu-sgabios-8-150300.142.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (s390x) * qemu-s390x-5.2.0-150300.142.1 * qemu-s390x-debuginfo-5.2.0-150300.142.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * qemu-x86-debuginfo-5.2.0-150300.142.1 * qemu-x86-5.2.0-150300.142.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11234.html * https://bugzilla.suse.com/show_bug.cgi?id=1250984 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Feb 2 16:30:03 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 02 Feb 2026 16:30:03 -0000 Subject: SUSE-SU-2026:20180-1: moderate: Security update for unbound Message-ID: <177004980395.14302.7773725258351520295@smelt2.prg2.suse.org> # Security update for unbound Announcement ID: SUSE-SU-2026:20180-1 Release Date: 2026-01-30T10:02:19Z Rating: moderate References: * bsc#1252525 Cross-References: * CVE-2025-11411 CVSS scores: * CVE-2025-11411 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:L * CVE-2025-11411 ( SUSE ): 6.9 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L * CVE-2025-11411 ( NVD ): 5.7 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for unbound fixes the following issues: Update to 1.24.1: * CVE-2025-11411: Fixed possible domain hijacking attack (bsc#1252525). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-224=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * unbound-debugsource-1.24.1-160000.1.1 * libunbound8-debuginfo-1.24.1-160000.1.1 * libunbound8-1.24.1-160000.1.1 * unbound-anchor-debuginfo-1.24.1-160000.1.1 * unbound-debuginfo-1.24.1-160000.1.1 * unbound-anchor-1.24.1-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11411.html * https://bugzilla.suse.com/show_bug.cgi?id=1252525 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Feb 2 16:30:09 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 02 Feb 2026 16:30:09 -0000 Subject: SUSE-SU-2026:20179-1: important: Security update for gpg2 Message-ID: <177004980936.14302.5335446685657979073@smelt2.prg2.suse.org> # Security update for gpg2 Announcement ID: SUSE-SU-2026:20179-1 Release Date: 2026-01-29T16:16:14Z Rating: important References: * bsc#1256389 * bsc#1257395 * bsc#1257396 Cross-References: * CVE-2026-24882 * CVE-2026-24883 CVSS scores: * CVE-2026-24882 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-24882 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24882 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24883 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-24883 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-24883 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for gpg2 fixes the following issues: * CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys (bsc#1257396). * CVE-2026-24883: denial of service due to long signature packet length causing parse_signature to return success with sig->data[] set to a NULL value (bsc#1257395). * gpg.fail/filename: GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field (bsc#1256389). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-221=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * gpg2-debuginfo-2.5.5-160000.4.1 * gpg2-debugsource-2.5.5-160000.4.1 * gpg2-2.5.5-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24882.html * https://www.suse.com/security/cve/CVE-2026-24883.html * https://bugzilla.suse.com/show_bug.cgi?id=1256389 * https://bugzilla.suse.com/show_bug.cgi?id=1257395 * https://bugzilla.suse.com/show_bug.cgi?id=1257396 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Feb 2 16:30:16 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 02 Feb 2026 16:30:16 -0000 Subject: SUSE-SU-2026:20178-1: important: Security update for glibc Message-ID: <177004981633.14302.7172377038148049550@smelt2.prg2.suse.org> # Security update for glibc Announcement ID: SUSE-SU-2026:20178-1 Release Date: 2026-01-29T16:16:14Z Rating: important References: * bsc#1236282 * bsc#1256436 * bsc#1256766 * bsc#1256822 * bsc#1257005 Cross-References: * CVE-2025-0395 * CVE-2025-15281 * CVE-2026-0861 * CVE-2026-0915 CVSS scores: * CVE-2025-0395 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-0395 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-0395 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-15281 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-15281 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-15281 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-0861 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-0861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-0861 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-0915 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-0915 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-0915 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Micro 6.2 * SUSE Linux Micro Extras 6.2 An update that solves four vulnerabilities and has one fix can now be installed. ## Description: This update for glibc fixes the following issues: Security fixes: * CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). * CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). * CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). * CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005). Other fixes: * NPTL: Optimize trylock for high cache contention workloads (bsc#1256436) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-218=1 * SUSE Linux Micro Extras 6.2 zypper in -t patch SUSE-SL-Micro-6.2-218=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * glibc-locale-base-2.40-160000.3.1 * glibc-2.40-160000.3.1 * glibc-debugsource-2.40-160000.3.1 * glibc-debuginfo-2.40-160000.3.1 * glibc-devel-2.40-160000.3.1 * glibc-locale-2.40-160000.3.1 * glibc-devel-debuginfo-2.40-160000.3.1 * SUSE Linux Micro 6.2 (aarch64 x86_64) * glibc-gconv-modules-extra-debuginfo-2.40-160000.3.1 * glibc-gconv-modules-extra-2.40-160000.3.1 * SUSE Linux Micro Extras 6.2 (aarch64 ppc64le s390x x86_64) * glibc-gconv-modules-extra-debuginfo-2.40-160000.3.1 * glibc-debuginfo-2.40-160000.3.1 * glibc-gconv-modules-extra-2.40-160000.3.1 * glibc-debugsource-2.40-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-0395.html * https://www.suse.com/security/cve/CVE-2025-15281.html * https://www.suse.com/security/cve/CVE-2026-0861.html * https://www.suse.com/security/cve/CVE-2026-0915.html * https://bugzilla.suse.com/show_bug.cgi?id=1236282 * https://bugzilla.suse.com/show_bug.cgi?id=1256436 * https://bugzilla.suse.com/show_bug.cgi?id=1256766 * https://bugzilla.suse.com/show_bug.cgi?id=1256822 * https://bugzilla.suse.com/show_bug.cgi?id=1257005 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Feb 2 16:30:19 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 02 Feb 2026 16:30:19 -0000 Subject: SUSE-RU-2026:20177-1: important: Recommended update for samba Message-ID: <177004981988.14302.18083005869551803852@smelt2.prg2.suse.org> # Recommended update for samba Announcement ID: SUSE-RU-2026:20177-1 Release Date: 2026-01-29T15:59:26Z Rating: important References: * bsc#1254586 * bsc#1254665 Affected Products: * SUSE Linux Micro 6.2 An update that has two fixes can now be installed. ## Description: This update for samba fixes the following issues: * Fix mistake in README.SUSE /var/spool/samba to /var/samba/spool (bsc#1254665) * Update to 4.22.7: * Samba 4.22 breaks Time Machine; * Searching for numbers doesn't work with Spotlight; * mdssvc doesn't support $time.iso dates before 1970; * Fix winbind cache consistency; * vfs_recycle does not update mtime; * Assert failed: (dirfd != -1) || (smb_fname to base_name[0] == '/') in vfswrap_openat; * ctdb can crash with inconsistent cluster lock configuration; * samba-bgqd: rework man page; * samba-bgqd can't find [printers] share (bsc#1254586); * Winbind can hang forever in gssapi if there are network issues; * libldb requires linking libreplace on Linux; * Crash in ctdbd on failed updateip; ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-220=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * samba-debugsource-4.22.7+git.460.b680c782b85-160000.1.1 * libldb2-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-client-libs-4.22.7+git.460.b680c782b85-160000.1.1 * samba-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-client-libs-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * libldb2-4.22.7+git.460.b680c782b85-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1254586 * https://bugzilla.suse.com/show_bug.cgi?id=1254665 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Feb 2 16:30:27 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 02 Feb 2026 16:30:27 -0000 Subject: SUSE-SU-2026:20176-1: important: Security update for elemental-register, elemental-toolkit Message-ID: <177004982718.14302.13427298260824505523@smelt2.prg2.suse.org> # Security update for elemental-register, elemental-toolkit Announcement ID: SUSE-SU-2026:20176-1 Release Date: 2026-01-29T15:29:59Z Rating: important References: * bsc#1241826 * bsc#1241857 * bsc#1251511 * bsc#1251679 * bsc#1253581 * bsc#1253901 * bsc#1254079 Cross-References: * CVE-2025-22872 * CVE-2025-47911 * CVE-2025-47913 * CVE-2025-47914 * CVE-2025-58181 * CVE-2025-58190 CVSS scores: * CVE-2025-22872 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L * CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-22872 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L * CVE-2025-47911 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-47914 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-47914 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-58181 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-58181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-58181 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-58190 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Micro 6.2 An update that solves six vulnerabilities and has one fix can now be installed. ## Description: This update for elemental-register, elemental-toolkit fixes the following issues: elemental-register was updated to 1.8.1: Changes on top of v1.8.1: * Update headers to 2026 * Update questions to include SL Micro 6.2 Update to v1.8.1: * Install yip config files in before-install step * Bump github.com/rancher-sandbox/go-tpm and its dependencies This includes few CVE fixes: * bsc#1241826 (CVE-2025-22872) * bsc#1241857 (CVE-2025-22872) * bsc#1251511 (CVE-2025-47911) * bsc#1251679 (CVE-2025-58190) elemental-toolkit was updated to v2.3.2: * Bump golang.org/x/crypto library This includes few CVE fixes: * bsc#1241826 (CVE-2025-22872) * bsc#1241857 (CVE-2025-22872) * bsc#1251511 (CVE-2025-47911) * bsc#1251679 (CVE-2025-58190) * bsc#1253581 (CVE-2025-47913) * bsc#1253901 (CVE-2025-58181) * bsc#1254079 (CVE-2025-47914) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-217=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 x86_64) * elemental-toolkit-2.3.2-160000.1.1 * elemental-support-1.8.1-160000.1.1 * elemental-register-1.8.1-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-22872.html * https://www.suse.com/security/cve/CVE-2025-47911.html * https://www.suse.com/security/cve/CVE-2025-47913.html * https://www.suse.com/security/cve/CVE-2025-47914.html * https://www.suse.com/security/cve/CVE-2025-58181.html * https://www.suse.com/security/cve/CVE-2025-58190.html * https://bugzilla.suse.com/show_bug.cgi?id=1241826 * https://bugzilla.suse.com/show_bug.cgi?id=1241857 * https://bugzilla.suse.com/show_bug.cgi?id=1251511 * https://bugzilla.suse.com/show_bug.cgi?id=1251679 * https://bugzilla.suse.com/show_bug.cgi?id=1253581 * https://bugzilla.suse.com/show_bug.cgi?id=1253901 * https://bugzilla.suse.com/show_bug.cgi?id=1254079 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Feb 2 16:30:30 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 02 Feb 2026 16:30:30 -0000 Subject: SUSE-SU-2026:20175-1: important: Security update for python-urllib3 Message-ID: <177004983057.14302.4396298024284426004@smelt2.prg2.suse.org> # Security update for python-urllib3 Announcement ID: SUSE-SU-2026:20175-1 Release Date: 2026-01-29T14:48:50Z Rating: important References: * bsc#1254866 * bsc#1254867 Cross-References: * CVE-2025-66418 * CVE-2025-66471 CVSS scores: * CVE-2025-66418 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-66418 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-66418 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-66418 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-66471 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-66471 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-66471 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-66471 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-urllib3 fixes the following issues: * CVE-2025-66471: Fixed excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867) * CVE-2025-66418: Fixed resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-212=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * python313-urllib3-2.5.0-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-66418.html * https://www.suse.com/security/cve/CVE-2025-66471.html * https://bugzilla.suse.com/show_bug.cgi?id=1254866 * https://bugzilla.suse.com/show_bug.cgi?id=1254867 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Feb 2 16:30:34 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 02 Feb 2026 16:30:34 -0000 Subject: SUSE-RU-2026:20174-1: important: Recommended update for cloud-init Message-ID: <177004983435.14302.1697775309496243025@smelt2.prg2.suse.org> # Recommended update for cloud-init Announcement ID: SUSE-RU-2026:20174-1 Release Date: 2026-01-29T10:39:37Z Rating: important References: * bsc#1245401 * bsc#1245403 Cross-References: * CVE-2024-11584 * CVE-2024-6174 CVSS scores: * CVE-2024-11584 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-11584 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-11584 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-11584 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-6174 ( SUSE ): 7.7 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-6174 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-6174 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for cloud-init fixes the following issues: Changes in cloud-init: * Fix dependency replace -serial with -pyserial * Drop unneeded test dependency on httpretty, fixed long ago * https://github.com/canonical/cloud-init/pull/1720 * Update to version 25.1.3 (bsc#1245401 , CVE-2024-6174, bsc#1245403, CVE-2024-11584) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-214=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * cloud-init-config-suse-25.1.3-160000.2.1 * cloud-init-25.1.3-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-11584.html * https://www.suse.com/security/cve/CVE-2024-6174.html * https://bugzilla.suse.com/show_bug.cgi?id=1245401 * https://bugzilla.suse.com/show_bug.cgi?id=1245403 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Feb 2 16:30:36 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 02 Feb 2026 16:30:36 -0000 Subject: SUSE-SU-2026:20173-1: important: Security update for ucode-amd Message-ID: <177004983651.14302.13293892627270729835@smelt2.prg2.suse.org> # Security update for ucode-amd Announcement ID: SUSE-SU-2026:20173-1 Release Date: 2026-01-28T16:01:59Z Rating: important References: Affected Products: * SUSE Linux Micro 6.2 An update that can now be installed. ## Description: This update for ucode-amd fixes the following issues: Changes in ucode-amd: * Update to version 20251203 (git commit a0f0e52138e5): * linux-firmware: Update amd-ucode copyright information * linux-firmware: Update AMD cpu microcode * Update to version 20251113 (git commit fb0dbcd30118): * linux-firmware: Update AMD cpu microcode * Update to version 20251031 (git commit 04b323bb64f9): * linux-firmware: Update AMD cpu microcode * Update to version 20251028 (git commit 4f72031fc195): * linux-firmware: Update AMD cpu microcode * Update to version 20251024 (git commit 9b899c779b8a): * amd-ucode: Fix minimum revisions in README * Update to version 20250730 (git commit 910c19074091): * linux-firmware: Update AMD cpu microcode ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-209=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * ucode-amd-20251203-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Feb 2 16:30:44 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 02 Feb 2026 16:30:44 -0000 Subject: SUSE-RU-2026:20172-1: important: Recommended update for grub2 Message-ID: <177004984425.14302.17418277923532760778@smelt2.prg2.suse.org> # Recommended update for grub2 Announcement ID: SUSE-RU-2026:20172-1 Release Date: 2026-01-28T11:38:15Z Rating: important References: * bsc#1248516 Affected Products: * SUSE Linux Micro 6.2 An update that has one fix can now be installed. ## Description: This update for grub2 fixes the following issues: * Optimize PBKDF2 to reduce the decryption time (bsc#1248516) * lib/crypto: Introduce new HMAC functions to reuse buffers * lib/pbkdf2: Optimize PBKDF2 by reusing HMAC handle * kern/misc: Implement faster grub_memcpy() for aligned buffers ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-206=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * grub2-common-debuginfo-2.12-160000.4.1 * grub2-common-2.12-160000.4.1 * grub2-2.12-160000.4.1 * SUSE Linux Micro 6.2 (aarch64 s390x x86_64) * grub2-debugsource-2.12-160000.4.1 * SUSE Linux Micro 6.2 (noarch) * grub2-i386-pc-2.12-160000.4.1 * grub2-arm64-efi-2.12-160000.4.1 * grub2-powerpc-ieee1275-2.12-160000.4.1 * grub2-x86_64-xen-2.12-160000.4.1 * grub2-x86_64-efi-2.12-160000.4.1 * grub2-snapper-plugin-2.12-160000.4.1 * SUSE Linux Micro 6.2 (s390x) * grub2-s390x-emu-2.12-160000.4.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1248516 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Feb 2 16:30:49 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 02 Feb 2026 16:30:49 -0000 Subject: SUSE-SU-2026:20171-1: important: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Message-ID: <177004984914.14302.10792319504626697451@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:20171-1 Release Date: 2026-01-28T10:28:18Z Rating: important References: * bsc#1251982 * bsc#1252270 * bsc#1253437 * bsc#1254196 Cross-References: * CVE-2025-39963 * CVE-2025-40204 * CVE-2025-40212 CVSS scores: * CVE-2025-39963 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39963 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40204 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-40212 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40212 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves three vulnerabilities and has one fix can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: * CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251982). * CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437). * CVE-2025-40212: nfsd: fix refcount leak in nfsd_set_fh_dentry() (bsc#1254196). The following non security issues was fixed: * Explicitly add module-common.c with vermagic and retpoline modinfo (bsc#1252270). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-205=1 ## Package List: * SUSE Linux Micro 6.2 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_6-default-debuginfo-3-160000.1.1 * kernel-livepatch-SLE16_Update_1-debugsource-3-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39963.html * https://www.suse.com/security/cve/CVE-2025-40204.html * https://www.suse.com/security/cve/CVE-2025-40212.html * https://bugzilla.suse.com/show_bug.cgi?id=1251982 * https://bugzilla.suse.com/show_bug.cgi?id=1252270 * https://bugzilla.suse.com/show_bug.cgi?id=1253437 * https://bugzilla.suse.com/show_bug.cgi?id=1254196 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Feb 2 16:30:51 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 02 Feb 2026 16:30:51 -0000 Subject: SUSE-SU-2026:20170-1: moderate: Security update for cockpit-subscriptions Message-ID: <177004985155.14302.14334093401986718187@smelt2.prg2.suse.org> # Security update for cockpit-subscriptions Announcement ID: SUSE-SU-2026:20170-1 Release Date: 2026-01-27T20:37:55Z Rating: moderate References: * bsc#1255425 Cross-References: * CVE-2025-64718 CVSS scores: * CVE-2025-64718 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-64718 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2025-64718 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves one vulnerability can now be installed. ## Description: This update for cockpit-subscriptions fixes the following issues: Update to version 12.1: * CVE-2025-64718: js-yaml: fixed prototype pollution in merge (bsc#1255425). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-202=1 ## Package List: * SUSE Linux Micro 6.2 (noarch) * cockpit-subscriptions-12.1-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-64718.html * https://bugzilla.suse.com/show_bug.cgi?id=1255425 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Feb 2 16:31:00 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 02 Feb 2026 16:31:00 -0000 Subject: SUSE-SU-2026:0360-1: moderate: Security update for openssl-1_1 Message-ID: <177004986031.14302.8583313550827967203@smelt2.prg2.suse.org> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2026:0360-1 Release Date: 2026-02-02T09:55:53Z Rating: moderate References: * bsc#1256834 * bsc#1256835 * bsc#1256836 * bsc#1256837 * bsc#1256838 * bsc#1256839 * bsc#1256840 Cross-References: * CVE-2025-68160 * CVE-2025-69418 * CVE-2025-69419 * CVE-2025-69420 * CVE-2025-69421 * CVE-2026-22795 * CVE-2026-22796 CVSS scores: * CVE-2025-68160 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68160 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68160 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69418 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-69418 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-69418 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-69419 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-69419 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69419 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-69420 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-69420 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-69420 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69421 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-69421 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22795 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-22795 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22795 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-22796 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22796 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves seven vulnerabilities can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). * CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). * CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). * CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). * CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). * CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). * CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-360=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-360=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-360=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-360=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-360=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-360=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-360=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-360=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-360=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * openssl-1_1-debugsource-1.1.1l-150400.7.87.1 * openssl-1_1-1.1.1l-150400.7.87.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.87.1 * libopenssl-1_1-devel-1.1.1l-150400.7.87.1 * libopenssl1_1-hmac-1.1.1l-150400.7.87.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.87.1 * libopenssl1_1-1.1.1l-150400.7.87.1 * openSUSE Leap 15.4 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.87.1 * libopenssl1_1-32bit-1.1.1l-150400.7.87.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.87.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.87.1 * openSUSE Leap 15.4 (noarch) * openssl-1_1-doc-1.1.1l-150400.7.87.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libopenssl1_1-64bit-1.1.1l-150400.7.87.1 * libopenssl-1_1-devel-64bit-1.1.1l-150400.7.87.1 * libopenssl1_1-64bit-debuginfo-1.1.1l-150400.7.87.1 * libopenssl1_1-hmac-64bit-1.1.1l-150400.7.87.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.87.1 * openssl-1_1-1.1.1l-150400.7.87.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.87.1 * libopenssl-1_1-devel-1.1.1l-150400.7.87.1 * libopenssl1_1-hmac-1.1.1l-150400.7.87.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.87.1 * libopenssl1_1-1.1.1l-150400.7.87.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.87.1 * openssl-1_1-1.1.1l-150400.7.87.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.87.1 * libopenssl-1_1-devel-1.1.1l-150400.7.87.1 * libopenssl1_1-hmac-1.1.1l-150400.7.87.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.87.1 * libopenssl1_1-1.1.1l-150400.7.87.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.87.1 * openssl-1_1-1.1.1l-150400.7.87.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.87.1 * libopenssl-1_1-devel-1.1.1l-150400.7.87.1 * libopenssl1_1-hmac-1.1.1l-150400.7.87.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.87.1 * libopenssl1_1-1.1.1l-150400.7.87.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.87.1 * openssl-1_1-1.1.1l-150400.7.87.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.87.1 * libopenssl-1_1-devel-1.1.1l-150400.7.87.1 * libopenssl1_1-hmac-1.1.1l-150400.7.87.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.87.1 * libopenssl1_1-1.1.1l-150400.7.87.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.87.1 * openssl-1_1-1.1.1l-150400.7.87.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.87.1 * libopenssl-1_1-devel-1.1.1l-150400.7.87.1 * libopenssl1_1-hmac-1.1.1l-150400.7.87.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.87.1 * libopenssl1_1-1.1.1l-150400.7.87.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.87.1 * libopenssl1_1-32bit-1.1.1l-150400.7.87.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.87.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.87.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.87.1 * openssl-1_1-1.1.1l-150400.7.87.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.87.1 * libopenssl-1_1-devel-1.1.1l-150400.7.87.1 * libopenssl1_1-hmac-1.1.1l-150400.7.87.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.87.1 * libopenssl1_1-1.1.1l-150400.7.87.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.87.1 * libopenssl1_1-32bit-1.1.1l-150400.7.87.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.87.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.87.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.87.1 * openssl-1_1-1.1.1l-150400.7.87.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.87.1 * libopenssl-1_1-devel-1.1.1l-150400.7.87.1 * libopenssl1_1-hmac-1.1.1l-150400.7.87.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.87.1 * libopenssl1_1-1.1.1l-150400.7.87.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.87.1 * libopenssl1_1-32bit-1.1.1l-150400.7.87.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.87.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.87.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * openssl-1_1-debugsource-1.1.1l-150400.7.87.1 * openssl-1_1-1.1.1l-150400.7.87.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.87.1 * libopenssl-1_1-devel-1.1.1l-150400.7.87.1 * libopenssl1_1-hmac-1.1.1l-150400.7.87.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.87.1 * libopenssl1_1-1.1.1l-150400.7.87.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.87.1 * libopenssl1_1-32bit-1.1.1l-150400.7.87.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.87.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.87.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68160.html * https://www.suse.com/security/cve/CVE-2025-69418.html * https://www.suse.com/security/cve/CVE-2025-69419.html * https://www.suse.com/security/cve/CVE-2025-69420.html * https://www.suse.com/security/cve/CVE-2025-69421.html * https://www.suse.com/security/cve/CVE-2026-22795.html * https://www.suse.com/security/cve/CVE-2026-22796.html * https://bugzilla.suse.com/show_bug.cgi?id=1256834 * https://bugzilla.suse.com/show_bug.cgi?id=1256835 * https://bugzilla.suse.com/show_bug.cgi?id=1256836 * https://bugzilla.suse.com/show_bug.cgi?id=1256837 * https://bugzilla.suse.com/show_bug.cgi?id=1256838 * https://bugzilla.suse.com/show_bug.cgi?id=1256839 * https://bugzilla.suse.com/show_bug.cgi?id=1256840 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Feb 2 16:31:10 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 02 Feb 2026 16:31:10 -0000 Subject: SUSE-SU-2026:0359-1: moderate: Security update for openssl-1_1 Message-ID: <177004987009.14302.11168786586454034036@smelt2.prg2.suse.org> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2026:0359-1 Release Date: 2026-02-02T09:55:09Z Rating: moderate References: * bsc#1256834 * bsc#1256835 * bsc#1256836 * bsc#1256837 * bsc#1256838 * bsc#1256839 * bsc#1256840 Cross-References: * CVE-2025-68160 * CVE-2025-69418 * CVE-2025-69419 * CVE-2025-69420 * CVE-2025-69421 * CVE-2026-22795 * CVE-2026-22796 CVSS scores: * CVE-2025-68160 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68160 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68160 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69418 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-69418 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-69418 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-69419 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-69419 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69419 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-69420 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-69420 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-69420 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69421 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-69421 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22795 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-22795 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22795 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-22796 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22796 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). * CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). * CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). * CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). * CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). * CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). * CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-359=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-359=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-359=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-359=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-359=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-359=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl1_1-debuginfo-1.1.1l-150500.17.46.1 * libopenssl1_1-hmac-1.1.1l-150500.17.46.1 * openssl-1_1-debugsource-1.1.1l-150500.17.46.1 * libopenssl-1_1-devel-1.1.1l-150500.17.46.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.46.1 * libopenssl1_1-1.1.1l-150500.17.46.1 * openssl-1_1-1.1.1l-150500.17.46.1 * openSUSE Leap 15.5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.46.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.46.1 * libopenssl-1_1-devel-32bit-1.1.1l-150500.17.46.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.46.1 * openSUSE Leap 15.5 (noarch) * openssl-1_1-doc-1.1.1l-150500.17.46.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl1_1-64bit-1.1.1l-150500.17.46.1 * libopenssl1_1-hmac-64bit-1.1.1l-150500.17.46.1 * libopenssl-1_1-devel-64bit-1.1.1l-150500.17.46.1 * libopenssl1_1-64bit-debuginfo-1.1.1l-150500.17.46.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.46.1 * libopenssl1_1-hmac-1.1.1l-150500.17.46.1 * openssl-1_1-debugsource-1.1.1l-150500.17.46.1 * libopenssl-1_1-devel-1.1.1l-150500.17.46.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.46.1 * libopenssl1_1-1.1.1l-150500.17.46.1 * openssl-1_1-1.1.1l-150500.17.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.46.1 * libopenssl1_1-hmac-1.1.1l-150500.17.46.1 * openssl-1_1-debugsource-1.1.1l-150500.17.46.1 * libopenssl-1_1-devel-1.1.1l-150500.17.46.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.46.1 * libopenssl1_1-1.1.1l-150500.17.46.1 * openssl-1_1-1.1.1l-150500.17.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.46.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.46.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.46.1 * libopenssl1_1-hmac-1.1.1l-150500.17.46.1 * openssl-1_1-debugsource-1.1.1l-150500.17.46.1 * libopenssl-1_1-devel-1.1.1l-150500.17.46.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.46.1 * libopenssl1_1-1.1.1l-150500.17.46.1 * openssl-1_1-1.1.1l-150500.17.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.46.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.46.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.46.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.46.1 * libopenssl1_1-hmac-1.1.1l-150500.17.46.1 * openssl-1_1-debugsource-1.1.1l-150500.17.46.1 * libopenssl-1_1-devel-1.1.1l-150500.17.46.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.46.1 * libopenssl1_1-1.1.1l-150500.17.46.1 * openssl-1_1-1.1.1l-150500.17.46.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.46.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.46.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libopenssl1_1-debuginfo-1.1.1l-150500.17.46.1 * libopenssl1_1-hmac-1.1.1l-150500.17.46.1 * openssl-1_1-debugsource-1.1.1l-150500.17.46.1 * libopenssl-1_1-devel-1.1.1l-150500.17.46.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.46.1 * libopenssl1_1-1.1.1l-150500.17.46.1 * openssl-1_1-1.1.1l-150500.17.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.46.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.46.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.46.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68160.html * https://www.suse.com/security/cve/CVE-2025-69418.html * https://www.suse.com/security/cve/CVE-2025-69419.html * https://www.suse.com/security/cve/CVE-2025-69420.html * https://www.suse.com/security/cve/CVE-2025-69421.html * https://www.suse.com/security/cve/CVE-2026-22795.html * https://www.suse.com/security/cve/CVE-2026-22796.html * https://bugzilla.suse.com/show_bug.cgi?id=1256834 * https://bugzilla.suse.com/show_bug.cgi?id=1256835 * https://bugzilla.suse.com/show_bug.cgi?id=1256836 * https://bugzilla.suse.com/show_bug.cgi?id=1256837 * https://bugzilla.suse.com/show_bug.cgi?id=1256838 * https://bugzilla.suse.com/show_bug.cgi?id=1256839 * https://bugzilla.suse.com/show_bug.cgi?id=1256840 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Feb 2 16:31:18 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 02 Feb 2026 16:31:18 -0000 Subject: SUSE-SU-2026:0358-1: moderate: Security update for openssl-1_1 Message-ID: <177004987848.14302.17302875852509640226@smelt2.prg2.suse.org> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2026:0358-1 Release Date: 2026-02-02T09:54:26Z Rating: moderate References: * bsc#1256834 * bsc#1256835 * bsc#1256836 * bsc#1256837 * bsc#1256838 * bsc#1256839 * bsc#1256840 Cross-References: * CVE-2025-68160 * CVE-2025-69418 * CVE-2025-69419 * CVE-2025-69420 * CVE-2025-69421 * CVE-2026-22795 * CVE-2026-22796 CVSS scores: * CVE-2025-68160 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-68160 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68160 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69418 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-69418 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-69418 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2025-69419 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-69419 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69419 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-69420 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-69420 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-69420 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69421 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-69421 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22795 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-22795 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22795 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-22796 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22796 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). * CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). * CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). * CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). * CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). * CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). * CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2026-358=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-358=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libopenssl1_1-1.1.1d-2.122.1 * openssl-1_1-1.1.1d-2.122.1 * libopenssl1_1-hmac-1.1.1d-2.122.1 * libopenssl-1_1-devel-1.1.1d-2.122.1 * openssl-1_1-debugsource-1.1.1d-2.122.1 * libopenssl1_1-debuginfo-1.1.1d-2.122.1 * openssl-1_1-debuginfo-1.1.1d-2.122.1 * SUSE Linux Enterprise Server 12 SP5 LTSS (s390x x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-2.122.1 * libopenssl1_1-32bit-1.1.1d-2.122.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.122.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.122.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * libopenssl1_1-32bit-1.1.1d-2.122.1 * libopenssl1_1-1.1.1d-2.122.1 * openssl-1_1-1.1.1d-2.122.1 * libopenssl1_1-hmac-1.1.1d-2.122.1 * libopenssl-1_1-devel-1.1.1d-2.122.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.122.1 * libopenssl-1_1-devel-32bit-1.1.1d-2.122.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.122.1 * openssl-1_1-debugsource-1.1.1d-2.122.1 * libopenssl1_1-debuginfo-1.1.1d-2.122.1 * openssl-1_1-debuginfo-1.1.1d-2.122.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68160.html * https://www.suse.com/security/cve/CVE-2025-69418.html * https://www.suse.com/security/cve/CVE-2025-69419.html * https://www.suse.com/security/cve/CVE-2025-69420.html * https://www.suse.com/security/cve/CVE-2025-69421.html * https://www.suse.com/security/cve/CVE-2026-22795.html * https://www.suse.com/security/cve/CVE-2026-22796.html * https://bugzilla.suse.com/show_bug.cgi?id=1256834 * https://bugzilla.suse.com/show_bug.cgi?id=1256835 * https://bugzilla.suse.com/show_bug.cgi?id=1256836 * https://bugzilla.suse.com/show_bug.cgi?id=1256837 * https://bugzilla.suse.com/show_bug.cgi?id=1256838 * https://bugzilla.suse.com/show_bug.cgi?id=1256839 * https://bugzilla.suse.com/show_bug.cgi?id=1256840 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Mon Feb 2 20:30:05 2026 From: null at suse.de (SLE-UPDATES) Date: Mon, 02 Feb 2026 20:30:05 -0000 Subject: SUSE-SU-2026:0361-1: moderate: Security update for logback Message-ID: <177006420586.9900.14409869640266659489@smelt2.prg2.suse.org> # Security update for logback Announcement ID: SUSE-SU-2026:0361-1 Release Date: 2026-02-02T13:20:46Z Rating: moderate References: * bsc#1257094 Cross-References: * CVE-2026-1225 CVSS scores: * CVE-2026-1225 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-1225 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:X/V:X/RE:M/U:Green Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for logback fixes the following issues: * CVE-2026-1225: ACE vulnerability in configuration file (bsc#1257094) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2026-361=1 ## Package List: * openSUSE Leap 15.6 (noarch) * logback-1.2.13-150200.3.16.1 * logback-access-1.2.13-150200.3.16.1 * logback-javadoc-1.2.13-150200.3.16.1 * logback-examples-1.2.13-150200.3.16.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1225.html * https://bugzilla.suse.com/show_bug.cgi?id=1257094 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:30:02 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:30:02 -0000 Subject: SUSE-RU-2026:20204-1: moderate: Recommended update for supportutils-plugin-ha-sap Message-ID: <177013620213.28774.14658318978679951415@smelt2.prg2.suse.org> # Recommended update for supportutils-plugin-ha-sap Announcement ID: SUSE-RU-2026:20204-1 Release Date: 2026-01-27T10:47:44Z Rating: moderate References: Affected Products: * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that can now be installed. ## Description: This update for supportutils-plugin-ha-sap fixes the following issues: * fix typo in the definition of INSTANCE_TRACE_DIR * fix calling of getParameter.py * skip unused files from the collection of sudo files and sort the result ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-199=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * supportutils-plugin-ha-sap-0.0.8+git.1761561174.0434cd5-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:30:03 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:30:03 -0000 Subject: SUSE-SU-2026:20203-1: important: Security update for ucode-amd Message-ID: <177013620371.28774.12541155019891000880@smelt2.prg2.suse.org> # Security update for ucode-amd Announcement ID: SUSE-SU-2026:20203-1 Release Date: 2026-01-28T16:01:59Z Rating: important References: Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that can now be installed. ## Description: This update for ucode-amd fixes the following issues: Changes in ucode-amd: * Update to version 20251203 (git commit a0f0e52138e5): * linux-firmware: Update amd-ucode copyright information * linux-firmware: Update AMD cpu microcode * Update to version 20251113 (git commit fb0dbcd30118): * linux-firmware: Update AMD cpu microcode * Update to version 20251031 (git commit 04b323bb64f9): * linux-firmware: Update AMD cpu microcode * Update to version 20251028 (git commit 4f72031fc195): * linux-firmware: Update AMD cpu microcode * Update to version 20251024 (git commit 9b899c779b8a): * amd-ucode: Fix minimum revisions in README * Update to version 20250730 (git commit 910c19074091): * linux-firmware: Update AMD cpu microcode ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-209=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-209=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * ucode-amd-20251203-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * ucode-amd-20251203-160000.1.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:30:17 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:30:17 -0000 Subject: SUSE-SU-2026:20202-1: important: Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Message-ID: <177013621700.28774.16284688623956304193@smelt2.prg2.suse.org> # Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:20202-1 Release Date: 2026-01-28T10:28:18Z Rating: important References: * bsc#1251982 * bsc#1252270 * bsc#1253437 * bsc#1254196 Cross-References: * CVE-2025-39963 * CVE-2025-40204 * CVE-2025-40212 CVSS scores: * CVE-2025-39963 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-39963 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-39963 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-40204 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-40212 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-40212 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves three vulnerabilities and has one fix can now be installed. ## Description: This update for the SUSE Linux Enterprise kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: * CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251982). * CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437). * CVE-2025-40212: nfsd: fix refcount leak in nfsd_set_fh_dentry() (bsc#1254196). The following non security issues was fixed: * Explicitly add module-common.c with vermagic and retpoline modinfo (bsc#1252270). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-205=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-205=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_1-debugsource-3-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-debuginfo-3-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * kernel-livepatch-SLE16_Update_1-debugsource-3-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-3-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-debuginfo-3-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-39963.html * https://www.suse.com/security/cve/CVE-2025-40204.html * https://www.suse.com/security/cve/CVE-2025-40212.html * https://bugzilla.suse.com/show_bug.cgi?id=1251982 * https://bugzilla.suse.com/show_bug.cgi?id=1252270 * https://bugzilla.suse.com/show_bug.cgi?id=1253437 * https://bugzilla.suse.com/show_bug.cgi?id=1254196 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:30:20 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:30:20 -0000 Subject: SUSE-SU-2026:20201-1: moderate: Security update for unbound Message-ID: <177013622037.28774.10089637524035410225@smelt2.prg2.suse.org> # Security update for unbound Announcement ID: SUSE-SU-2026:20201-1 Release Date: 2026-01-30T10:05:07Z Rating: moderate References: * bsc#1252525 Cross-References: * CVE-2025-11411 CVSS scores: * CVE-2025-11411 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:L * CVE-2025-11411 ( SUSE ): 6.9 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L * CVE-2025-11411 ( NVD ): 5.7 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for unbound fixes the following issues: Update to 1.24.1: * CVE-2025-11411: Fixed possible domain hijacking attack (bsc#1252525). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-224=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-224=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * python3-unbound-debuginfo-1.24.1-160000.1.1 * unbound-debuginfo-1.24.1-160000.1.1 * unbound-debugsource-1.24.1-160000.1.1 * unbound-devel-1.24.1-160000.1.1 * python3-unbound-1.24.1-160000.1.1 * libunbound8-1.24.1-160000.1.1 * unbound-anchor-debuginfo-1.24.1-160000.1.1 * unbound-anchor-1.24.1-160000.1.1 * libunbound8-debuginfo-1.24.1-160000.1.1 * unbound-1.24.1-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * python3-unbound-debuginfo-1.24.1-160000.1.1 * unbound-debuginfo-1.24.1-160000.1.1 * unbound-debugsource-1.24.1-160000.1.1 * unbound-devel-1.24.1-160000.1.1 * python3-unbound-1.24.1-160000.1.1 * libunbound8-1.24.1-160000.1.1 * unbound-anchor-debuginfo-1.24.1-160000.1.1 * unbound-anchor-1.24.1-160000.1.1 * libunbound8-debuginfo-1.24.1-160000.1.1 * unbound-1.24.1-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11411.html * https://bugzilla.suse.com/show_bug.cgi?id=1252525 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:30:24 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:30:24 -0000 Subject: SUSE-SU-2026:20200-1: moderate: Security update for jasper Message-ID: <177013622474.28774.11764048318384095596@smelt2.prg2.suse.org> # Security update for jasper Announcement ID: SUSE-SU-2026:20200-1 Release Date: 2026-01-30T09:59:14Z Rating: moderate References: * bsc#1247901 * bsc#1247902 * bsc#1247904 Cross-References: * CVE-2025-8835 * CVE-2025-8836 * CVE-2025-8837 CVSS scores: * CVE-2025-8835 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-8835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-8835 ( NVD ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-8835 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-8835 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-8836 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-8836 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-8836 ( NVD ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-8836 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-8837 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-8837 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H * CVE-2025-8837 ( NVD ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-8837 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2025-8837 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves three vulnerabilities can now be installed. ## Description: This update for jasper fixes the following issues: Update to 4.2.8: * CVE-2025-8837: Fixed a bug in the JPC decoder that could cause bad memory accesses if the debug level is set sufficiently high (bsc#1247901). * CVE-2025-8836: Added some missing range checking on several coding parameters in the JPC encoder (bsc#1247902). * CVE-2025-8835: Added a check for a missing color component in the jas_image_chclrspc function (bsc#1247904). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-223=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-223=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * jasper-debugsource-4.2.8-160000.1.1 * libjasper7-debuginfo-4.2.8-160000.1.1 * libjasper7-4.2.8-160000.1.1 * jasper-debuginfo-4.2.8-160000.1.1 * jasper-4.2.8-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * jasper-debugsource-4.2.8-160000.1.1 * libjasper7-debuginfo-4.2.8-160000.1.1 * libjasper7-4.2.8-160000.1.1 * jasper-debuginfo-4.2.8-160000.1.1 * jasper-4.2.8-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-8835.html * https://www.suse.com/security/cve/CVE-2025-8836.html * https://www.suse.com/security/cve/CVE-2025-8837.html * https://bugzilla.suse.com/show_bug.cgi?id=1247901 * https://bugzilla.suse.com/show_bug.cgi?id=1247902 * https://bugzilla.suse.com/show_bug.cgi?id=1247904 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:30:32 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:30:32 -0000 Subject: SUSE-SU-2026:20199-1: important: Security update for java-17-openjdk Message-ID: <177013623228.28774.1369937356371881842@smelt2.prg2.suse.org> # Security update for java-17-openjdk Announcement ID: SUSE-SU-2026:20199-1 Release Date: 2026-01-29T17:44:57Z Rating: important References: * bsc#1255446 * bsc#1257034 * bsc#1257036 * bsc#1257037 * bsc#1257038 * jsc#PED-14507 * jsc#PED-15216 Cross-References: * CVE-2026-21925 * CVE-2026-21932 * CVE-2026-21933 * CVE-2026-21945 CVSS scores: * CVE-2026-21925 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21925 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21932 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N * CVE-2026-21932 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N * CVE-2026-21933 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-21933 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-21945 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21945 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves four vulnerabilities, contains two features and has one fix can now be installed. ## Description: This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.18+8 (January 2026 CPU) Security fixes: * CVE-2026-21925: Fixed Oracle Java SE component RMI (bsc#1257034). * CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX (bsc#1257036). * CVE-2026-21933: Fixed Oracle Java SE component Networking (bsc#1257037). * CVE-2026-21945: Fixed Oracle Java SE component Security (bsc#1257038). Other fixes: * OpenJDK rendering blue borders when it should not, due to missing the fix for JDK-6304250 from upstream (bsc#1255446). * Do not depend on update-desktop-files (jsc#PED-14507, jsc#PED-15216). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-219=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-219=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-demo-17.0.18.0-160000.1.1 * java-17-openjdk-devel-17.0.18.0-160000.1.1 * java-17-openjdk-headless-debuginfo-17.0.18.0-160000.1.1 * java-17-openjdk-headless-17.0.18.0-160000.1.1 * java-17-openjdk-17.0.18.0-160000.1.1 * java-17-openjdk-src-17.0.18.0-160000.1.1 * java-17-openjdk-jmods-17.0.18.0-160000.1.1 * java-17-openjdk-devel-debuginfo-17.0.18.0-160000.1.1 * java-17-openjdk-debuginfo-17.0.18.0-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * java-17-openjdk-javadoc-17.0.18.0-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * java-17-openjdk-demo-17.0.18.0-160000.1.1 * java-17-openjdk-devel-17.0.18.0-160000.1.1 * java-17-openjdk-headless-debuginfo-17.0.18.0-160000.1.1 * java-17-openjdk-headless-17.0.18.0-160000.1.1 * java-17-openjdk-17.0.18.0-160000.1.1 * java-17-openjdk-src-17.0.18.0-160000.1.1 * java-17-openjdk-jmods-17.0.18.0-160000.1.1 * java-17-openjdk-devel-debuginfo-17.0.18.0-160000.1.1 * java-17-openjdk-debuginfo-17.0.18.0-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * java-17-openjdk-javadoc-17.0.18.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21925.html * https://www.suse.com/security/cve/CVE-2026-21932.html * https://www.suse.com/security/cve/CVE-2026-21933.html * https://www.suse.com/security/cve/CVE-2026-21945.html * https://bugzilla.suse.com/show_bug.cgi?id=1255446 * https://bugzilla.suse.com/show_bug.cgi?id=1257034 * https://bugzilla.suse.com/show_bug.cgi?id=1257036 * https://bugzilla.suse.com/show_bug.cgi?id=1257037 * https://bugzilla.suse.com/show_bug.cgi?id=1257038 * https://jira.suse.com/browse/PED-14507 * https://jira.suse.com/browse/PED-15216 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:30:39 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:30:39 -0000 Subject: SUSE-SU-2026:20198-1: important: Security update for glibc Message-ID: <177013623973.28774.13569243175566895493@smelt2.prg2.suse.org> # Security update for glibc Announcement ID: SUSE-SU-2026:20198-1 Release Date: 2026-01-29T17:44:57Z Rating: important References: * bsc#1236282 * bsc#1256436 * bsc#1256766 * bsc#1256822 * bsc#1257005 Cross-References: * CVE-2025-0395 * CVE-2025-15281 * CVE-2026-0861 * CVE-2026-0915 CVSS scores: * CVE-2025-0395 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-0395 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-0395 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-15281 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-15281 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2025-15281 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-0861 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-0861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-0861 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-0915 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-0915 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-0915 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves four vulnerabilities and has one fix can now be installed. ## Description: This update for glibc fixes the following issues: Security fixes: * CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282). * CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). * CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). * CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005). Other fixes: * NPTL: Optimize trylock for high cache contention workloads (bsc#1256436) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-218=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-218=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * glibc-debugsource-2.40-160000.3.1 * glibc-2.40-160000.3.1 * glibc-devel-2.40-160000.3.1 * glibc-utils-src-debugsource-2.40-160000.3.1 * glibc-extra-debuginfo-2.40-160000.3.1 * glibc-devel-static-2.40-160000.3.1 * glibc-utils-debuginfo-2.40-160000.3.1 * glibc-locale-2.40-160000.3.1 * glibc-locale-base-2.40-160000.3.1 * glibc-devel-debuginfo-2.40-160000.3.1 * glibc-gconv-modules-extra-2.40-160000.3.1 * glibc-debuginfo-2.40-160000.3.1 * glibc-gconv-modules-extra-debuginfo-2.40-160000.3.1 * glibc-utils-2.40-160000.3.1 * glibc-extra-2.40-160000.3.1 * glibc-profile-2.40-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * glibc-html-2.40-160000.3.1 * glibc-i18ndata-2.40-160000.3.1 * glibc-lang-2.40-160000.3.1 * glibc-info-2.40-160000.3.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * glibc-debugsource-2.40-160000.3.1 * glibc-2.40-160000.3.1 * glibc-devel-2.40-160000.3.1 * glibc-utils-src-debugsource-2.40-160000.3.1 * glibc-extra-debuginfo-2.40-160000.3.1 * glibc-devel-static-2.40-160000.3.1 * glibc-utils-debuginfo-2.40-160000.3.1 * glibc-locale-2.40-160000.3.1 * glibc-locale-base-2.40-160000.3.1 * glibc-devel-debuginfo-2.40-160000.3.1 * glibc-gconv-modules-extra-2.40-160000.3.1 * glibc-debuginfo-2.40-160000.3.1 * glibc-gconv-modules-extra-debuginfo-2.40-160000.3.1 * glibc-utils-2.40-160000.3.1 * glibc-extra-2.40-160000.3.1 * glibc-profile-2.40-160000.3.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * glibc-html-2.40-160000.3.1 * glibc-i18ndata-2.40-160000.3.1 * glibc-lang-2.40-160000.3.1 * glibc-info-2.40-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-0395.html * https://www.suse.com/security/cve/CVE-2025-15281.html * https://www.suse.com/security/cve/CVE-2026-0861.html * https://www.suse.com/security/cve/CVE-2026-0915.html * https://bugzilla.suse.com/show_bug.cgi?id=1236282 * https://bugzilla.suse.com/show_bug.cgi?id=1256436 * https://bugzilla.suse.com/show_bug.cgi?id=1256766 * https://bugzilla.suse.com/show_bug.cgi?id=1256822 * https://bugzilla.suse.com/show_bug.cgi?id=1257005 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:30:45 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:30:45 -0000 Subject: SUSE-RU-2026:20197-1: important: Recommended update for samba Message-ID: <177013624503.28774.14957691975609127082@smelt2.prg2.suse.org> # Recommended update for samba Announcement ID: SUSE-RU-2026:20197-1 Release Date: 2026-01-29T16:17:38Z Rating: important References: * bsc#1254586 * bsc#1254665 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that has two fixes can now be installed. ## Description: This update for samba fixes the following issues: * Fix mistake in README.SUSE /var/spool/samba to /var/samba/spool (bsc#1254665) * Update to 4.22.7: * Samba 4.22 breaks Time Machine; * Searching for numbers doesn't work with Spotlight; * mdssvc doesn't support $time.iso dates before 1970; * Fix winbind cache consistency; * vfs_recycle does not update mtime; * Assert failed: (dirfd != -1) || (smb_fname to base_name[0] == '/') in vfswrap_openat; * ctdb can crash with inconsistent cluster lock configuration; * samba-bgqd: rework man page; * samba-bgqd can't find [printers] share (bsc#1254586); * Winbind can hang forever in gssapi if there are network issues; * libldb requires linking libreplace on Linux; * Crash in ctdbd on failed updateip; ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-220=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-220=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * samba-libs-python3-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * ctdb-pcp-pmda-4.22.7+git.460.b680c782b85-160000.1.1 * ctdb-pcp-pmda-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-python3-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-ldb-ldap-4.22.7+git.460.b680c782b85-160000.1.1 * samba-ad-dc-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-dsdb-modules-4.22.7+git.460.b680c782b85-160000.1.1 * samba-dcerpc-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * libldb-devel-4.22.7+git.460.b680c782b85-160000.1.1 * samba-4.22.7+git.460.b680c782b85-160000.1.1 * python3-ldb-4.22.7+git.460.b680c782b85-160000.1.1 * samba-debugsource-4.22.7+git.460.b680c782b85-160000.1.1 * ldb-tools-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-dcerpc-4.22.7+git.460.b680c782b85-160000.1.1 * samba-winbind-libs-4.22.7+git.460.b680c782b85-160000.1.1 * samba-winbind-4.22.7+git.460.b680c782b85-160000.1.1 * samba-libs-python3-4.22.7+git.460.b680c782b85-160000.1.1 * python3-ldb-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-devel-4.22.7+git.460.b680c782b85-160000.1.1 * samba-dsdb-modules-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-tool-4.22.7+git.460.b680c782b85-160000.1.1 * samba-client-4.22.7+git.460.b680c782b85-160000.1.1 * ctdb-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-client-libs-4.22.7+git.460.b680c782b85-160000.1.1 * samba-client-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-libs-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-gpupdate-4.22.7+git.460.b680c782b85-160000.1.1 * ctdb-4.22.7+git.460.b680c782b85-160000.1.1 * samba-ad-dc-libs-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * ldb-tools-4.22.7+git.460.b680c782b85-160000.1.1 * samba-ad-dc-4.22.7+git.460.b680c782b85-160000.1.1 * libldb2-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-winbind-libs-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-ldb-ldap-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-python3-4.22.7+git.460.b680c782b85-160000.1.1 * libldb2-4.22.7+git.460.b680c782b85-160000.1.1 * samba-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-libs-4.22.7+git.460.b680c782b85-160000.1.1 * samba-winbind-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-client-libs-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-ad-dc-libs-4.22.7+git.460.b680c782b85-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * samba-doc-4.22.7+git.460.b680c782b85-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * samba-libs-python3-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * ctdb-pcp-pmda-4.22.7+git.460.b680c782b85-160000.1.1 * ctdb-pcp-pmda-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-python3-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-ldb-ldap-4.22.7+git.460.b680c782b85-160000.1.1 * samba-ad-dc-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-dsdb-modules-4.22.7+git.460.b680c782b85-160000.1.1 * samba-dcerpc-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * libldb-devel-4.22.7+git.460.b680c782b85-160000.1.1 * samba-4.22.7+git.460.b680c782b85-160000.1.1 * python3-ldb-4.22.7+git.460.b680c782b85-160000.1.1 * samba-debugsource-4.22.7+git.460.b680c782b85-160000.1.1 * ldb-tools-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-dcerpc-4.22.7+git.460.b680c782b85-160000.1.1 * samba-winbind-libs-4.22.7+git.460.b680c782b85-160000.1.1 * samba-winbind-4.22.7+git.460.b680c782b85-160000.1.1 * samba-libs-python3-4.22.7+git.460.b680c782b85-160000.1.1 * python3-ldb-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-devel-4.22.7+git.460.b680c782b85-160000.1.1 * samba-dsdb-modules-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-tool-4.22.7+git.460.b680c782b85-160000.1.1 * samba-client-4.22.7+git.460.b680c782b85-160000.1.1 * ctdb-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-client-libs-4.22.7+git.460.b680c782b85-160000.1.1 * samba-client-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-libs-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-gpupdate-4.22.7+git.460.b680c782b85-160000.1.1 * ctdb-4.22.7+git.460.b680c782b85-160000.1.1 * samba-ad-dc-libs-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * ldb-tools-4.22.7+git.460.b680c782b85-160000.1.1 * samba-ad-dc-4.22.7+git.460.b680c782b85-160000.1.1 * libldb2-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-winbind-libs-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-ldb-ldap-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-python3-4.22.7+git.460.b680c782b85-160000.1.1 * libldb2-4.22.7+git.460.b680c782b85-160000.1.1 * samba-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-libs-4.22.7+git.460.b680c782b85-160000.1.1 * samba-winbind-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-client-libs-debuginfo-4.22.7+git.460.b680c782b85-160000.1.1 * samba-ad-dc-libs-4.22.7+git.460.b680c782b85-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * samba-doc-4.22.7+git.460.b680c782b85-160000.1.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1254586 * https://bugzilla.suse.com/show_bug.cgi?id=1254665 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:30:47 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:30:47 -0000 Subject: SUSE-SU-2026:20196-1: important: Security update for openvpn Message-ID: <177013624719.28774.17856804781386543198@smelt2.prg2.suse.org> # Security update for openvpn Announcement ID: SUSE-SU-2026:20196-1 Release Date: 2026-01-29T16:14:38Z Rating: important References: * bsc#1254486 Cross-References: * CVE-2025-13086 CVSS scores: * CVE-2025-13086 ( SUSE ): 4.6 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13086 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-13086 ( NVD ): 4.6 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13086 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for openvpn fixes the following issues: * CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS (bsc#1254486). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-222=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-222=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * openvpn-auth-pam-plugin-2.6.10-160000.3.1 * openvpn-down-root-plugin-debuginfo-2.6.10-160000.3.1 * openvpn-2.6.10-160000.3.1 * openvpn-auth-pam-plugin-debuginfo-2.6.10-160000.3.1 * openvpn-devel-2.6.10-160000.3.1 * openvpn-down-root-plugin-2.6.10-160000.3.1 * openvpn-debuginfo-2.6.10-160000.3.1 * openvpn-debugsource-2.6.10-160000.3.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * openvpn-auth-pam-plugin-2.6.10-160000.3.1 * openvpn-down-root-plugin-debuginfo-2.6.10-160000.3.1 * openvpn-2.6.10-160000.3.1 * openvpn-auth-pam-plugin-debuginfo-2.6.10-160000.3.1 * openvpn-devel-2.6.10-160000.3.1 * openvpn-down-root-plugin-2.6.10-160000.3.1 * openvpn-debuginfo-2.6.10-160000.3.1 * openvpn-debugsource-2.6.10-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-13086.html * https://bugzilla.suse.com/show_bug.cgi?id=1254486 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:30:51 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:30:51 -0000 Subject: SUSE-SU-2026:20195-1: important: Security update for gpg2 Message-ID: <177013625130.28774.8439409301672554177@smelt2.prg2.suse.org> # Security update for gpg2 Announcement ID: SUSE-SU-2026:20195-1 Release Date: 2026-01-29T16:14:38Z Rating: important References: * bsc#1256389 * bsc#1257395 * bsc#1257396 Cross-References: * CVE-2026-24882 * CVE-2026-24883 CVSS scores: * CVE-2026-24882 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-24882 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24882 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-24883 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-24883 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-24883 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for gpg2 fixes the following issues: * CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys (bsc#1257396). * CVE-2026-24883: denial of service due to long signature packet length causing parse_signature to return success with sig->data[] set to a NULL value (bsc#1257395). * gpg.fail/filename: GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field (bsc#1256389). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-221=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-221=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * gpg2-debugsource-2.5.5-160000.4.1 * gpg2-debuginfo-2.5.5-160000.4.1 * dirmngr-debuginfo-2.5.5-160000.4.1 * gpg2-tpm-debuginfo-2.5.5-160000.4.1 * gpg2-tpm-2.5.5-160000.4.1 * gpg2-2.5.5-160000.4.1 * dirmngr-2.5.5-160000.4.1 * SUSE Linux Enterprise Server 16.0 (noarch) * gpg2-lang-2.5.5-160000.4.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * gpg2-debugsource-2.5.5-160000.4.1 * gpg2-debuginfo-2.5.5-160000.4.1 * dirmngr-debuginfo-2.5.5-160000.4.1 * gpg2-tpm-debuginfo-2.5.5-160000.4.1 * gpg2-tpm-2.5.5-160000.4.1 * gpg2-2.5.5-160000.4.1 * dirmngr-2.5.5-160000.4.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * gpg2-lang-2.5.5-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24882.html * https://www.suse.com/security/cve/CVE-2026-24883.html * https://bugzilla.suse.com/show_bug.cgi?id=1256389 * https://bugzilla.suse.com/show_bug.cgi?id=1257395 * https://bugzilla.suse.com/show_bug.cgi?id=1257396 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:30:58 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:30:58 -0000 Subject: SUSE-SU-2026:20193-1: important: Security update for postgresql16 Message-ID: <177013625825.28774.10893164130342888458@smelt2.prg2.suse.org> # Security update for postgresql16 Announcement ID: SUSE-SU-2026:20193-1 Release Date: 2026-01-29T10:55:17Z Rating: important References: * bsc#1253332 * bsc#1253333 Cross-References: * CVE-2025-12817 * CVE-2025-12818 CVSS scores: * CVE-2025-12817 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-12817 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-12817 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-12818 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-12818 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-12818 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for postgresql16 fixes the following issues: Security fixes: * CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts (bsc#1253332) * CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer (bsc#1253333) Other fixes: * Upgrade to 16.11 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-215=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-215=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * postgresql16-debuginfo-16.11-160000.1.1 * postgresql16-plpython-debuginfo-16.11-160000.1.1 * postgresql16-devel-16.11-160000.1.1 * postgresql16-plperl-debuginfo-16.11-160000.1.1 * postgresql16-pltcl-16.11-160000.1.1 * postgresql16-server-16.11-160000.1.1 * postgresql16-debugsource-16.11-160000.1.1 * postgresql16-server-debuginfo-16.11-160000.1.1 * postgresql16-contrib-16.11-160000.1.1 * postgresql16-plpython-16.11-160000.1.1 * postgresql16-server-devel-debuginfo-16.11-160000.1.1 * postgresql16-devel-debuginfo-16.11-160000.1.1 * postgresql16-contrib-debuginfo-16.11-160000.1.1 * postgresql16-16.11-160000.1.1 * postgresql16-pltcl-debuginfo-16.11-160000.1.1 * postgresql16-server-devel-16.11-160000.1.1 * postgresql16-plperl-16.11-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * postgresql16-docs-16.11-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * postgresql16-debuginfo-16.11-160000.1.1 * postgresql16-plpython-debuginfo-16.11-160000.1.1 * postgresql16-devel-16.11-160000.1.1 * postgresql16-plperl-debuginfo-16.11-160000.1.1 * postgresql16-pltcl-16.11-160000.1.1 * postgresql16-server-16.11-160000.1.1 * postgresql16-debugsource-16.11-160000.1.1 * postgresql16-server-debuginfo-16.11-160000.1.1 * postgresql16-contrib-16.11-160000.1.1 * postgresql16-plpython-16.11-160000.1.1 * postgresql16-server-devel-debuginfo-16.11-160000.1.1 * postgresql16-devel-debuginfo-16.11-160000.1.1 * postgresql16-contrib-debuginfo-16.11-160000.1.1 * postgresql16-16.11-160000.1.1 * postgresql16-pltcl-debuginfo-16.11-160000.1.1 * postgresql16-server-devel-16.11-160000.1.1 * postgresql16-plperl-16.11-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * postgresql16-docs-16.11-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12817.html * https://www.suse.com/security/cve/CVE-2025-12818.html * https://bugzilla.suse.com/show_bug.cgi?id=1253332 * https://bugzilla.suse.com/show_bug.cgi?id=1253333 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:31:01 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:31:01 -0000 Subject: SUSE-RU-2026:20192-1: important: Recommended update for cloud-init Message-ID: <177013626154.28774.7666799203779075173@smelt2.prg2.suse.org> # Recommended update for cloud-init Announcement ID: SUSE-RU-2026:20192-1 Release Date: 2026-01-29T10:30:03Z Rating: important References: * bsc#1245401 * bsc#1245403 Cross-References: * CVE-2024-11584 * CVE-2024-6174 CVSS scores: * CVE-2024-11584 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-11584 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-11584 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-11584 ( NVD ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2024-6174 ( SUSE ): 7.7 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2024-6174 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-6174 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for cloud-init fixes the following issues: Changes in cloud-init: * Fix dependency replace -serial with -pyserial * Drop unneeded test dependency on httpretty, fixed long ago * https://github.com/canonical/cloud-init/pull/1720 * Update to version 25.1.3 (bsc#1245401 , CVE-2024-6174, bsc#1245403, CVE-2024-11584) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-214=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-214=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * cloud-init-config-suse-25.1.3-160000.2.1 * cloud-init-doc-25.1.3-160000.2.1 * cloud-init-25.1.3-160000.2.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * cloud-init-config-suse-25.1.3-160000.2.1 * cloud-init-doc-25.1.3-160000.2.1 * cloud-init-25.1.3-160000.2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-11584.html * https://www.suse.com/security/cve/CVE-2024-6174.html * https://bugzilla.suse.com/show_bug.cgi?id=1245401 * https://bugzilla.suse.com/show_bug.cgi?id=1245403 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:30:55 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:30:55 -0000 Subject: SUSE-SU-2026:20194-1: important: Security update for postgresql17 and postgresql18 Message-ID: <177013625500.28774.5396605939967200544@smelt2.prg2.suse.org> # Security update for postgresql17 and postgresql18 Announcement ID: SUSE-SU-2026:20194-1 Release Date: 2026-01-29T13:21:20Z Rating: important References: * bsc#1253332 * bsc#1253333 Cross-References: * CVE-2025-12817 * CVE-2025-12818 CVSS scores: * CVE-2025-12817 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-12817 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-12817 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-12818 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-12818 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-12818 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for postgresql17 and postgresql18 fixes the following issues: Changes in postgresql17, postgresql18: Update to 17.7: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/17.7/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. Postgresql is shipped in version 18.1. pgvector was updated to 0.8.1 to support postgresql18. pgaudit was updated to support postgresql18. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-216=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-216=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * postgresql18-docs-18.1-160000.1.1 * postgresql-plperl-18-160000.1.1 * postgresql-pltcl-18-160000.1.1 * postgresql-server-18-160000.1.1 * postgresql17-docs-17.7-160000.1.1 * postgresql-contrib-18-160000.1.1 * postgresql-server-devel-18-160000.1.1 * postgresql-plpython-18-160000.1.1 * postgresql-docs-18-160000.1.1 * postgresql-18-160000.1.1 * postgresql-devel-18-160000.1.1 * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * libecpg6-debuginfo-18.1-160000.1.1 * postgresql15-pgaudit-debugsource-1.7.1-160000.3.1 * postgresql15-pgvector-debugsource-0.8.1-160000.1.1 * postgresql18-pgaudit-18.0-160000.3.1 * postgresql13-pgvector-debuginfo-0.8.1-160000.1.1 * postgresql18-debugsource-18.1-160000.1.1 * postgresql18-plperl-debuginfo-18.1-160000.1.1 * postgresql14-pgaudit-debugsource-1.6.3-160000.3.1 * postgresql18-pgvector-0.8.1-160000.1.1 * postgresql18-pgvector-debugsource-0.8.1-160000.1.1 * postgresql17-pgaudit-debugsource-17.1-160000.3.1 * postgresql17-plperl-debuginfo-17.7-160000.1.1 * postgresql17-contrib-debuginfo-17.7-160000.1.1 * postgresql18-server-devel-18.1-160000.1.1 * postgresql14-pgaudit-1.6.3-160000.3.1 * postgresql18-pltcl-debuginfo-18.1-160000.1.1 * postgresql18-server-18.1-160000.1.1 * postgresql17-debuginfo-17.7-160000.1.1 * libpq5-18.1-160000.1.1 * postgresql17-plpython-debuginfo-17.7-160000.1.1 * postgresql18-server-debuginfo-18.1-160000.1.1 * postgresql18-devel-18.1-160000.1.1 * postgresql17-17.7-160000.1.1 * postgresql17-devel-17.7-160000.1.1 * postgresql16-pgvector-debugsource-0.8.1-160000.1.1 * postgresql17-server-devel-17.7-160000.1.1 * postgresql18-pgvector-debuginfo-0.8.1-160000.1.1 * postgresql16-pgvector-debuginfo-0.8.1-160000.1.1 * postgresql17-pgvector-debugsource-0.8.1-160000.1.1 * postgresql17-server-devel-debuginfo-17.7-160000.1.1 * postgresql17-debugsource-17.7-160000.1.1 * postgresql18-pltcl-18.1-160000.1.1 * postgresql13-pgvector-debugsource-0.8.1-160000.1.1 * postgresql18-server-devel-debuginfo-18.1-160000.1.1 * postgresql15-pgaudit-debuginfo-1.7.1-160000.3.1 * libecpg6-18.1-160000.1.1 * postgresql18-plpython-debuginfo-18.1-160000.1.1 * postgresql13-pgaudit-debuginfo-1.5.3-160000.3.1 * postgresql17-plperl-17.7-160000.1.1 * postgresql18-pgaudit-debuginfo-18.0-160000.3.1 * postgresql14-pgvector-0.8.1-160000.1.1 * postgresql17-devel-debuginfo-17.7-160000.1.1 * postgresql17-server-17.7-160000.1.1 * postgresql18-devel-debuginfo-18.1-160000.1.1 * postgresql18-plperl-18.1-160000.1.1 * postgresql17-pltcl-debuginfo-17.7-160000.1.1 * postgresql14-pgvector-debugsource-0.8.1-160000.1.1 * postgresql17-pgvector-debuginfo-0.8.1-160000.1.1 * postgresql16-pgaudit-debugsource-16.1-160000.3.1 * postgresql13-pgvector-0.8.1-160000.1.1 * postgresql18-pgaudit-debugsource-18.0-160000.3.1 * postgresql15-pgaudit-1.7.1-160000.3.1 * postgresql15-pgvector-debuginfo-0.8.1-160000.1.1 * postgresql17-pltcl-17.7-160000.1.1 * postgresql17-server-debuginfo-17.7-160000.1.1 * postgresql14-pgaudit-debuginfo-1.6.3-160000.3.1 * postgresql16-pgaudit-debuginfo-16.1-160000.3.1 * postgresql17-pgaudit-debuginfo-17.1-160000.3.1 * postgresql16-pgaudit-16.1-160000.3.1 * postgresql18-debuginfo-18.1-160000.1.1 * postgresql18-contrib-18.1-160000.1.1 * postgresql15-pgvector-0.8.1-160000.1.1 * postgresql17-pgvector-0.8.1-160000.1.1 * postgresql18-18.1-160000.1.1 * postgresql18-contrib-debuginfo-18.1-160000.1.1 * postgresql16-pgvector-0.8.1-160000.1.1 * postgresql17-pgaudit-17.1-160000.3.1 * postgresql14-pgvector-debuginfo-0.8.1-160000.1.1 * libpq5-debuginfo-18.1-160000.1.1 * postgresql13-pgaudit-1.5.3-160000.3.1 * postgresql17-plpython-17.7-160000.1.1 * postgresql18-plpython-18.1-160000.1.1 * postgresql13-pgaudit-debugsource-1.5.3-160000.3.1 * postgresql17-contrib-17.7-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * libecpg6-debuginfo-18.1-160000.1.1 * postgresql15-pgaudit-debugsource-1.7.1-160000.3.1 * postgresql15-pgvector-debugsource-0.8.1-160000.1.1 * postgresql18-pgaudit-18.0-160000.3.1 * postgresql13-pgvector-debuginfo-0.8.1-160000.1.1 * postgresql18-debugsource-18.1-160000.1.1 * postgresql18-plperl-debuginfo-18.1-160000.1.1 * postgresql14-pgaudit-debugsource-1.6.3-160000.3.1 * postgresql18-pgvector-0.8.1-160000.1.1 * postgresql18-pgvector-debugsource-0.8.1-160000.1.1 * postgresql17-pgaudit-debugsource-17.1-160000.3.1 * postgresql17-plperl-debuginfo-17.7-160000.1.1 * postgresql17-contrib-debuginfo-17.7-160000.1.1 * postgresql18-server-devel-18.1-160000.1.1 * postgresql14-pgaudit-1.6.3-160000.3.1 * postgresql18-pltcl-debuginfo-18.1-160000.1.1 * postgresql18-server-18.1-160000.1.1 * postgresql17-debuginfo-17.7-160000.1.1 * libpq5-18.1-160000.1.1 * postgresql17-plpython-debuginfo-17.7-160000.1.1 * postgresql18-server-debuginfo-18.1-160000.1.1 * postgresql18-devel-18.1-160000.1.1 * postgresql17-17.7-160000.1.1 * postgresql17-devel-17.7-160000.1.1 * postgresql16-pgvector-debugsource-0.8.1-160000.1.1 * postgresql17-server-devel-17.7-160000.1.1 * postgresql13-pgaudit-debugsource-1.5.3-160000.3.1 * postgresql18-pgvector-debuginfo-0.8.1-160000.1.1 * postgresql16-pgvector-debuginfo-0.8.1-160000.1.1 * postgresql17-pgvector-debugsource-0.8.1-160000.1.1 * postgresql17-server-devel-debuginfo-17.7-160000.1.1 * postgresql17-debugsource-17.7-160000.1.1 * postgresql18-pltcl-18.1-160000.1.1 * postgresql13-pgvector-debugsource-0.8.1-160000.1.1 * postgresql18-server-devel-debuginfo-18.1-160000.1.1 * postgresql15-pgaudit-debuginfo-1.7.1-160000.3.1 * libecpg6-18.1-160000.1.1 * postgresql18-plpython-debuginfo-18.1-160000.1.1 * postgresql13-pgaudit-debuginfo-1.5.3-160000.3.1 * postgresql17-plperl-17.7-160000.1.1 * postgresql18-pgaudit-debuginfo-18.0-160000.3.1 * postgresql14-pgvector-0.8.1-160000.1.1 * postgresql17-devel-debuginfo-17.7-160000.1.1 * postgresql17-server-17.7-160000.1.1 * postgresql18-devel-debuginfo-18.1-160000.1.1 * postgresql18-plperl-18.1-160000.1.1 * postgresql17-pltcl-debuginfo-17.7-160000.1.1 * postgresql14-pgvector-debugsource-0.8.1-160000.1.1 * postgresql17-pgvector-debuginfo-0.8.1-160000.1.1 * postgresql16-pgaudit-debugsource-16.1-160000.3.1 * postgresql18-pgaudit-debugsource-18.0-160000.3.1 * postgresql15-pgaudit-1.7.1-160000.3.1 * postgresql15-pgvector-debuginfo-0.8.1-160000.1.1 * postgresql17-pltcl-17.7-160000.1.1 * postgresql17-server-debuginfo-17.7-160000.1.1 * postgresql14-pgaudit-debuginfo-1.6.3-160000.3.1 * postgresql16-pgaudit-debuginfo-16.1-160000.3.1 * postgresql17-pgaudit-debuginfo-17.1-160000.3.1 * postgresql16-pgaudit-16.1-160000.3.1 * postgresql18-debuginfo-18.1-160000.1.1 * postgresql18-contrib-18.1-160000.1.1 * postgresql15-pgvector-0.8.1-160000.1.1 * postgresql17-pgvector-0.8.1-160000.1.1 * postgresql18-18.1-160000.1.1 * postgresql18-contrib-debuginfo-18.1-160000.1.1 * postgresql16-pgvector-0.8.1-160000.1.1 * postgresql17-pgaudit-17.1-160000.3.1 * postgresql14-pgvector-debuginfo-0.8.1-160000.1.1 * libpq5-debuginfo-18.1-160000.1.1 * postgresql13-pgaudit-1.5.3-160000.3.1 * postgresql17-plpython-17.7-160000.1.1 * postgresql18-plpython-18.1-160000.1.1 * postgresql13-pgvector-0.8.1-160000.1.1 * postgresql17-contrib-17.7-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * postgresql18-docs-18.1-160000.1.1 * postgresql-plperl-18-160000.1.1 * postgresql-pltcl-18-160000.1.1 * postgresql-server-18-160000.1.1 * postgresql17-docs-17.7-160000.1.1 * postgresql-contrib-18-160000.1.1 * postgresql-server-devel-18-160000.1.1 * postgresql-plpython-18-160000.1.1 * postgresql-docs-18-160000.1.1 * postgresql-18-160000.1.1 * postgresql-devel-18-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12817.html * https://www.suse.com/security/cve/CVE-2025-12818.html * https://bugzilla.suse.com/show_bug.cgi?id=1253332 * https://bugzilla.suse.com/show_bug.cgi?id=1253333 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:31:05 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:31:05 -0000 Subject: SUSE-RU-2026:20191-1: important: Recommended update for pipewire Message-ID: <177013626510.28774.8599587793673813680@smelt2.prg2.suse.org> # Recommended update for pipewire Announcement ID: SUSE-RU-2026:20191-1 Release Date: 2026-01-29T10:30:03Z Rating: important References: * bsc#1217690 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that has one fix can now be installed. ## Description: This update for pipewire fixes the following issues: Changes in pipewire: * Fix libcamera working by removing a systemd restriction (boo#1217690) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-213=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-213=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * pipewire-modules-0_3-debuginfo-1.4.6-160000.3.1 * pipewire-spa-tools-debuginfo-1.4.6-160000.3.1 * pipewire-module-x11-0_3-debuginfo-1.4.6-160000.3.1 * pipewire-tools-1.4.6-160000.3.1 * pipewire-spa-plugins-0_2-1.4.6-160000.3.1 * pipewire-libjack-0_3-1.4.6-160000.3.1 * pipewire-doc-1.4.6-160000.3.1 * pipewire-debugsource-1.4.6-160000.3.1 * pipewire-tools-debuginfo-1.4.6-160000.3.1 * libpipewire-0_3-0-debuginfo-1.4.6-160000.3.1 * gstreamer-plugin-pipewire-debuginfo-1.4.6-160000.3.1 * pipewire-spa-plugins-0_2-jack-1.4.6-160000.3.1 * pipewire-devel-1.4.6-160000.3.1 * pipewire-alsa-1.4.6-160000.3.1 * libpipewire-0_3-0-1.4.6-160000.3.1 * pipewire-modules-0_3-1.4.6-160000.3.1 * gstreamer-plugin-pipewire-1.4.6-160000.3.1 * pipewire-spa-plugins-0_2-debuginfo-1.4.6-160000.3.1 * pipewire-libjack-0_3-debuginfo-1.4.6-160000.3.1 * pipewire-pulseaudio-debuginfo-1.4.6-160000.3.1 * pipewire-debuginfo-1.4.6-160000.3.1 * pipewire-alsa-debuginfo-1.4.6-160000.3.1 * pipewire-jack-1.4.6-160000.3.1 * pipewire-module-x11-0_3-1.4.6-160000.3.1 * pipewire-spa-tools-1.4.6-160000.3.1 * pipewire-pulseaudio-1.4.6-160000.3.1 * pipewire-spa-plugins-0_2-jack-debuginfo-1.4.6-160000.3.1 * pipewire-1.4.6-160000.3.1 * SUSE Linux Enterprise Server 16.0 (noarch) * pipewire-lang-1.4.6-160000.3.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * pipewire-modules-0_3-debuginfo-1.4.6-160000.3.1 * pipewire-spa-tools-debuginfo-1.4.6-160000.3.1 * pipewire-module-x11-0_3-debuginfo-1.4.6-160000.3.1 * pipewire-tools-1.4.6-160000.3.1 * pipewire-spa-plugins-0_2-1.4.6-160000.3.1 * pipewire-libjack-0_3-1.4.6-160000.3.1 * pipewire-doc-1.4.6-160000.3.1 * pipewire-debugsource-1.4.6-160000.3.1 * pipewire-tools-debuginfo-1.4.6-160000.3.1 * libpipewire-0_3-0-debuginfo-1.4.6-160000.3.1 * gstreamer-plugin-pipewire-debuginfo-1.4.6-160000.3.1 * pipewire-spa-plugins-0_2-jack-1.4.6-160000.3.1 * pipewire-devel-1.4.6-160000.3.1 * pipewire-alsa-1.4.6-160000.3.1 * libpipewire-0_3-0-1.4.6-160000.3.1 * pipewire-modules-0_3-1.4.6-160000.3.1 * gstreamer-plugin-pipewire-1.4.6-160000.3.1 * pipewire-spa-plugins-0_2-debuginfo-1.4.6-160000.3.1 * pipewire-libjack-0_3-debuginfo-1.4.6-160000.3.1 * pipewire-pulseaudio-debuginfo-1.4.6-160000.3.1 * pipewire-debuginfo-1.4.6-160000.3.1 * pipewire-alsa-debuginfo-1.4.6-160000.3.1 * pipewire-jack-1.4.6-160000.3.1 * pipewire-module-x11-0_3-1.4.6-160000.3.1 * pipewire-spa-tools-1.4.6-160000.3.1 * pipewire-pulseaudio-1.4.6-160000.3.1 * pipewire-spa-plugins-0_2-jack-debuginfo-1.4.6-160000.3.1 * pipewire-1.4.6-160000.3.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * pipewire-lang-1.4.6-160000.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1217690 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:31:09 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:31:09 -0000 Subject: SUSE-SU-2026:20190-1: important: Security update for java-21-openjdk Message-ID: <177013626999.28774.3537916710125711166@smelt2.prg2.suse.org> # Security update for java-21-openjdk Announcement ID: SUSE-SU-2026:20190-1 Release Date: 2026-01-28T16:43:12Z Rating: important References: * bsc#1257034 * bsc#1257036 * bsc#1257037 * bsc#1257038 * jsc#PED-14507 * jsc#PED-15217 Cross-References: * CVE-2026-21925 * CVE-2026-21932 * CVE-2026-21933 * CVE-2026-21945 CVSS scores: * CVE-2026-21925 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21925 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21932 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N * CVE-2026-21932 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N * CVE-2026-21933 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-21933 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-21945 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21945 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves four vulnerabilities and contains two features can now be installed. ## Description: This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.10+7 (January 2026 CPU) Security fixes: * CVE-2026-21925: Fixed Oracle Java SE component RMI (bsc#1257034). * CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX (bsc#1257036). * CVE-2026-21933: Fixed Oracle Java SE component Networking (bsc#1257037). * CVE-2026-21945: Fixed Oracle Java SE component Security (bsc#1257038). Other fixes: * Do not depend on update-desktop-files (jsc#PED-14507, jsc#PED-15217). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-211=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-211=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * java-21-openjdk-debuginfo-21.0.10.0-160000.1.1 * java-21-openjdk-21.0.10.0-160000.1.1 * java-21-openjdk-devel-debuginfo-21.0.10.0-160000.1.1 * java-21-openjdk-headless-debuginfo-21.0.10.0-160000.1.1 * java-21-openjdk-src-21.0.10.0-160000.1.1 * java-21-openjdk-jmods-21.0.10.0-160000.1.1 * java-21-openjdk-demo-21.0.10.0-160000.1.1 * java-21-openjdk-headless-21.0.10.0-160000.1.1 * java-21-openjdk-devel-21.0.10.0-160000.1.1 * SUSE Linux Enterprise Server 16.0 (noarch) * java-21-openjdk-javadoc-21.0.10.0-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * java-21-openjdk-debuginfo-21.0.10.0-160000.1.1 * java-21-openjdk-21.0.10.0-160000.1.1 * java-21-openjdk-devel-debuginfo-21.0.10.0-160000.1.1 * java-21-openjdk-headless-debuginfo-21.0.10.0-160000.1.1 * java-21-openjdk-src-21.0.10.0-160000.1.1 * java-21-openjdk-jmods-21.0.10.0-160000.1.1 * java-21-openjdk-demo-21.0.10.0-160000.1.1 * java-21-openjdk-headless-21.0.10.0-160000.1.1 * java-21-openjdk-devel-21.0.10.0-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * java-21-openjdk-javadoc-21.0.10.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21925.html * https://www.suse.com/security/cve/CVE-2026-21932.html * https://www.suse.com/security/cve/CVE-2026-21933.html * https://www.suse.com/security/cve/CVE-2026-21945.html * https://bugzilla.suse.com/show_bug.cgi?id=1257034 * https://bugzilla.suse.com/show_bug.cgi?id=1257036 * https://bugzilla.suse.com/show_bug.cgi?id=1257037 * https://bugzilla.suse.com/show_bug.cgi?id=1257038 * https://jira.suse.com/browse/PED-14507 * https://jira.suse.com/browse/PED-15217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:31:13 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:31:13 -0000 Subject: SUSE-SU-2026:20189-1: important: Security update for python-urllib3 Message-ID: <177013627357.28774.3601501775508272954@smelt2.prg2.suse.org> # Security update for python-urllib3 Announcement ID: SUSE-SU-2026:20189-1 Release Date: 2026-01-28T16:04:56Z Rating: important References: * bsc#1254866 * bsc#1254867 Cross-References: * CVE-2025-66418 * CVE-2025-66471 CVSS scores: * CVE-2025-66418 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-66418 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-66418 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-66418 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-66471 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-66471 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-66471 ( NVD ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-66471 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for python-urllib3 fixes the following issues: * CVE-2025-66471: Fixed excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867) * CVE-2025-66418: Fixed resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-212=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-212=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * python313-urllib3-2.5.0-160000.4.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * python313-urllib3-2.5.0-160000.4.1 ## References: * https://www.suse.com/security/cve/CVE-2025-66418.html * https://www.suse.com/security/cve/CVE-2025-66471.html * https://bugzilla.suse.com/show_bug.cgi?id=1254866 * https://bugzilla.suse.com/show_bug.cgi?id=1254867 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:31:15 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:31:15 -0000 Subject: SUSE-SU-2026:20188-1: important: Security update for python-python-multipart Message-ID: <177013627583.28774.18442238030308526569@smelt2.prg2.suse.org> # Security update for python-python-multipart Announcement ID: SUSE-SU-2026:20188-1 Release Date: 2026-01-28T16:01:35Z Rating: important References: * bsc#1257301 Cross-References: * CVE-2026-24486 CVSS scores: * CVE-2026-24486 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-24486 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L * CVE-2026-24486 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-python-multipart fixes the following issues: * CVE-2026-24486: Fixed non-default configuration options can lead to path traversal (bsc#1257301). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-210=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-210=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * python313-python-multipart-0.0.20-160000.3.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * python313-python-multipart-0.0.20-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2026-24486.html * https://bugzilla.suse.com/show_bug.cgi?id=1257301 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:31:19 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:31:19 -0000 Subject: SUSE-SU-2026:20187-1: moderate: Security update for python-h2 Message-ID: <177013627900.28774.15517470572533646359@smelt2.prg2.suse.org> # Security update for python-h2 Announcement ID: SUSE-SU-2026:20187-1 Release Date: 2026-01-28T15:48:58Z Rating: moderate References: * bsc#1248737 Cross-References: * CVE-2025-57804 CVSS scores: * CVE-2025-57804 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-57804 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2025-57804 ( NVD ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-h2 fixes the following issues: * CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers (bsc#1248737) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-207=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-207=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * python313-h2-4.2.0-160000.3.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * python313-h2-4.2.0-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-57804.html * https://bugzilla.suse.com/show_bug.cgi?id=1248737 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:31:22 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:31:22 -0000 Subject: SUSE-SU-2026:20186-1: low: Security update for xkbcomp Message-ID: <177013628269.28774.3386883408287979402@smelt2.prg2.suse.org> # Security update for xkbcomp Announcement ID: SUSE-SU-2026:20186-1 Release Date: 2026-01-28T15:47:30Z Rating: low References: * bsc#1105832 Cross-References: * CVE-2018-15853 * CVE-2018-15859 * CVE-2018-15861 * CVE-2018-15863 CVSS scores: * CVE-2018-15853 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15853 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15853 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15859 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15859 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15859 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15861 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15861 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15861 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15863 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15863 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15863 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves four vulnerabilities can now be installed. ## Description: This update for xkbcomp fixes the following issues: * CVE-2018-15863, CVE-2018-15861, CVE-2018-15859, CVE-2018-15853: Fixed multiple memory handling and correctness issues (bsc#1105832) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-208=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-208=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * xkbcomp-debuginfo-1.4.7-160000.3.1 * xkbcomp-1.4.7-160000.3.1 * xkbcomp-devel-1.4.7-160000.3.1 * xkbcomp-debugsource-1.4.7-160000.3.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * xkbcomp-debuginfo-1.4.7-160000.3.1 * xkbcomp-1.4.7-160000.3.1 * xkbcomp-devel-1.4.7-160000.3.1 * xkbcomp-debugsource-1.4.7-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2018-15853.html * https://www.suse.com/security/cve/CVE-2018-15859.html * https://www.suse.com/security/cve/CVE-2018-15861.html * https://www.suse.com/security/cve/CVE-2018-15863.html * https://bugzilla.suse.com/show_bug.cgi?id=1105832 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:31:25 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:31:25 -0000 Subject: SUSE-RU-2026:20185-1: important: Recommended update for grub2 Message-ID: <177013628589.28774.14588185921056024932@smelt2.prg2.suse.org> # Recommended update for grub2 Announcement ID: SUSE-RU-2026:20185-1 Release Date: 2026-01-28T11:26:08Z Rating: important References: * bsc#1248516 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that has one fix can now be installed. ## Description: This update for grub2 fixes the following issues: * Optimize PBKDF2 to reduce the decryption time (bsc#1248516) * lib/crypto: Introduce new HMAC functions to reuse buffers * lib/pbkdf2: Optimize PBKDF2 by reusing HMAC handle * kern/misc: Implement faster grub_memcpy() for aligned buffers ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-206=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-206=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * grub2-common-2.12-160000.4.1 * grub2-common-debuginfo-2.12-160000.4.1 * grub2-2.12-160000.4.1 * SUSE Linux Enterprise Server 16.0 (noarch) * grub2-snapper-plugin-2.12-160000.4.1 * grub2-i386-pc-2.12-160000.4.1 * grub2-arm64-efi-2.12-160000.4.1 * grub2-powerpc-ieee1275-2.12-160000.4.1 * grub2-x86_64-efi-2.12-160000.4.1 * grub2-systemd-sleep-plugin-2.12-160000.4.1 * SUSE Linux Enterprise Server 16.0 (aarch64 s390x x86_64) * grub2-debugsource-2.12-160000.4.1 * SUSE Linux Enterprise Server 16.0 (s390x) * grub2-s390x-emu-2.12-160000.4.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * grub2-common-2.12-160000.4.1 * grub2-common-debuginfo-2.12-160000.4.1 * grub2-2.12-160000.4.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (x86_64) * grub2-debugsource-2.12-160000.4.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * grub2-snapper-plugin-2.12-160000.4.1 * grub2-i386-pc-2.12-160000.4.1 * grub2-powerpc-ieee1275-2.12-160000.4.1 * grub2-x86_64-efi-2.12-160000.4.1 * grub2-systemd-sleep-plugin-2.12-160000.4.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1248516 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:31:28 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:31:28 -0000 Subject: SUSE-SU-2026:20184-1: moderate: Security update for python-FontTools Message-ID: <177013628868.28774.15721194992639537968@smelt2.prg2.suse.org> # Security update for python-FontTools Announcement ID: SUSE-SU-2026:20184-1 Release Date: 2026-01-28T09:54:14Z Rating: moderate References: * bsc#1254366 Cross-References: * CVE-2025-66034 CVSS scores: * CVE-2025-66034 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2025-66034 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L * CVE-2025-66034 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L * CVE-2025-66034 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for python-FontTools fixes the following issues: * CVE-2025-66034: Fixed arbitrary file write vulnerability that could lead to remote code execution (bsc#1254366). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-204=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-204=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * python313-FontTools-4.53.1-160000.3.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * python313-FontTools-4.53.1-160000.3.1 ## References: * https://www.suse.com/security/cve/CVE-2025-66034.html * https://bugzilla.suse.com/show_bug.cgi?id=1254366 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:31:33 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:31:33 -0000 Subject: SUSE-SU-2026:20183-1: important: Security update for ImageMagick Message-ID: <177013629386.28774.13572782006767432641@smelt2.prg2.suse.org> # Security update for ImageMagick Announcement ID: SUSE-SU-2026:20183-1 Release Date: 2026-01-28T08:27:48Z Rating: important References: * bsc#1254435 * bsc#1254820 * bsc#1255821 * bsc#1255822 * bsc#1255823 Cross-References: * CVE-2025-65955 * CVE-2025-66628 * CVE-2025-68618 * CVE-2025-68950 * CVE-2025-69204 CVSS scores: * CVE-2025-65955 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2025-65955 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-65955 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2025-65955 ( NVD ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2025-66628 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-66628 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-66628 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-68618 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-68618 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-68618 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-68618 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-68950 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-68950 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-68950 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-68950 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-69204 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-69204 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-69204 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-69204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves five vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2025-65955: Fixed use-after-free/double-free in ImageMagick (bsc#1254435) * CVE-2025-66628: Fixed Integer Overflow leading to out of bounds read in ImageMagick (32-bit only) (bsc#1254820) * CVE-2025-68618: Fixed that reading a malicious SVG file may result in a DoS attack (bsc#1255821) * CVE-2025-68950: Fixed check for circular references in mvg files may lead to stack overflow (bsc#1255822) * CVE-2025-69204: Fixed an integer overflow can lead to a DoS attack (bsc#1255823) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-203=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-203=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64) * ImageMagick-extra-debuginfo-7.1.2.0-160000.5.1 * libMagick++-7_Q16HDRI5-7.1.2.0-160000.5.1 * ImageMagick-debuginfo-7.1.2.0-160000.5.1 * libMagickWand-7_Q16HDRI10-7.1.2.0-160000.5.1 * perl-PerlMagick-debuginfo-7.1.2.0-160000.5.1 * libMagick++-devel-7.1.2.0-160000.5.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.2.0-160000.5.1 * libMagickCore-7_Q16HDRI10-7.1.2.0-160000.5.1 * ImageMagick-extra-7.1.2.0-160000.5.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.2.0-160000.5.1 * ImageMagick-7.1.2.0-160000.5.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.2.0-160000.5.1 * ImageMagick-debugsource-7.1.2.0-160000.5.1 * ImageMagick-devel-7.1.2.0-160000.5.1 * perl-PerlMagick-7.1.2.0-160000.5.1 * SUSE Linux Enterprise Server 16.0 (noarch) * ImageMagick-config-7-upstream-websafe-7.1.2.0-160000.5.1 * ImageMagick-doc-7.1.2.0-160000.5.1 * ImageMagick-config-7-SUSE-7.1.2.0-160000.5.1 * ImageMagick-config-7-upstream-open-7.1.2.0-160000.5.1 * ImageMagick-config-7-upstream-limited-7.1.2.0-160000.5.1 * ImageMagick-config-7-upstream-secure-7.1.2.0-160000.5.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64) * ImageMagick-extra-debuginfo-7.1.2.0-160000.5.1 * libMagick++-7_Q16HDRI5-7.1.2.0-160000.5.1 * ImageMagick-debuginfo-7.1.2.0-160000.5.1 * libMagickWand-7_Q16HDRI10-7.1.2.0-160000.5.1 * perl-PerlMagick-debuginfo-7.1.2.0-160000.5.1 * libMagick++-devel-7.1.2.0-160000.5.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.2.0-160000.5.1 * libMagickCore-7_Q16HDRI10-7.1.2.0-160000.5.1 * ImageMagick-extra-7.1.2.0-160000.5.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.2.0-160000.5.1 * ImageMagick-7.1.2.0-160000.5.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.2.0-160000.5.1 * ImageMagick-debugsource-7.1.2.0-160000.5.1 * ImageMagick-devel-7.1.2.0-160000.5.1 * perl-PerlMagick-7.1.2.0-160000.5.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * ImageMagick-config-7-upstream-websafe-7.1.2.0-160000.5.1 * ImageMagick-doc-7.1.2.0-160000.5.1 * ImageMagick-config-7-SUSE-7.1.2.0-160000.5.1 * ImageMagick-config-7-upstream-open-7.1.2.0-160000.5.1 * ImageMagick-config-7-upstream-limited-7.1.2.0-160000.5.1 * ImageMagick-config-7-upstream-secure-7.1.2.0-160000.5.1 ## References: * https://www.suse.com/security/cve/CVE-2025-65955.html * https://www.suse.com/security/cve/CVE-2025-66628.html * https://www.suse.com/security/cve/CVE-2025-68618.html * https://www.suse.com/security/cve/CVE-2025-68950.html * https://www.suse.com/security/cve/CVE-2025-69204.html * https://bugzilla.suse.com/show_bug.cgi?id=1254435 * https://bugzilla.suse.com/show_bug.cgi?id=1254820 * https://bugzilla.suse.com/show_bug.cgi?id=1255821 * https://bugzilla.suse.com/show_bug.cgi?id=1255822 * https://bugzilla.suse.com/show_bug.cgi?id=1255823 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:31:35 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:31:35 -0000 Subject: SUSE-SU-2026:20182-1: moderate: Security update for cockpit-subscriptions Message-ID: <177013629596.28774.7370246677627612624@smelt2.prg2.suse.org> # Security update for cockpit-subscriptions Announcement ID: SUSE-SU-2026:20182-1 Release Date: 2026-01-27T20:39:51Z Rating: moderate References: * bsc#1255425 Cross-References: * CVE-2025-64718 CVSS scores: * CVE-2025-64718 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-64718 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2025-64718 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that solves one vulnerability can now be installed. ## Description: This update for cockpit-subscriptions fixes the following issues: Update to version 12.1: * CVE-2025-64718: js-yaml: fixed prototype pollution in merge (bsc#1255425). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-202=1 * SUSE Linux Enterprise Server for SAP Applications 16.0 zypper in -t patch SUSE-SLES-16.0-202=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (noarch) * cockpit-subscriptions-12.1-160000.1.1 * SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch) * cockpit-subscriptions-12.1-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-64718.html * https://bugzilla.suse.com/show_bug.cgi?id=1255425 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:31:47 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:31:47 -0000 Subject: SUSE-RU-2026:0365-1: important: Recommended update for crmsh Message-ID: <177013630710.28774.2939615548167650295@smelt2.prg2.suse.org> # Recommended update for crmsh Announcement ID: SUSE-RU-2026:0365-1 Release Date: 2026-02-03T10:06:04Z Rating: important References: * bsc#1254892 * bsc#1257143 Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise High Availability Extension 15 SP6 * SUSE Linux Enterprise High Availability Extension 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that has two fixes can now be installed. ## Description: This update for crmsh fixes the following issues: * Dev: options: Change 'force' option to be session-only (bsc#1254892) * Fix: sbd: Allow setting -1 to stonith-watchdog-timeout (bsc#1257143) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-365=1 * SUSE Linux Enterprise High Availability Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2026-365=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-365=1 openSUSE-SLE-15.6-2026-365=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP6 (noarch) * crmsh-4.6.2+20260126.475e4dc3-150600.3.47.1 * crmsh-scripts-4.6.2+20260126.475e4dc3-150600.3.47.1 * SUSE Linux Enterprise High Availability Extension 15 SP7 (noarch) * crmsh-4.6.2+20260126.475e4dc3-150600.3.47.1 * crmsh-scripts-4.6.2+20260126.475e4dc3-150600.3.47.1 * openSUSE Leap 15.6 (noarch) * crmsh-test-4.6.2+20260126.475e4dc3-150600.3.47.1 * crmsh-4.6.2+20260126.475e4dc3-150600.3.47.1 * crmsh-scripts-4.6.2+20260126.475e4dc3-150600.3.47.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1254892 * https://bugzilla.suse.com/show_bug.cgi?id=1257143 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Tue Feb 3 16:31:40 2026 From: null at suse.de (SLE-UPDATES) Date: Tue, 03 Feb 2026 16:31:40 -0000 Subject: SUSE-RU-2026:20181-1: moderate: Recommended update for xom, xmlunit, modello, junit5, jna, javapackages-tools, xz-java, sisu, slf4j, jline3, j2objc-annotations, jackson-databind, icu4j, guava, google-guice, google-gson, geronimo-specs, exec-maven-plugin, bouncycastle, byte-buddy, byaccj, apache-commons-logging, apache-commons-cli, apache-commons-codec, apache-commons-daemon, apache-commons-dbcp, apache-commons-beanutils, ant, auto Message-ID: <177013630078.28774.16063029902844309454@smelt2.prg2.suse.org> # Recommended update for xom, xmlunit, modello, junit5, jna, javapackages-tools, xz-java, sisu, slf4j, jline3, j2objc-annotations, jackson-databind, icu4j, guava, google-guice, google-gson, geronimo-specs, exec-maven-plugin, bouncycastle, byte-buddy, byaccj, apache-commons-logging, apache-commons-cli, apache-commons-codec, apache-commons-daemon, apache-commons-dbcp, apache- commons-beanutils, ant, auto Announcement ID: SUSE-RU-2026:20181-1 Release Date: 2026-01-27T15:23:11Z Rating: moderate References: * bsc#1245914 * bsc#1245931 * bsc#1245969 Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP Applications 16.0 An update that has three fixes can now be installed. ## Description: This update for xom, xmlunit, modello, junit5, jna, javapackages-tools, xz-java, sisu, slf4j, jline3, j2objc-annotations, jackson-databind, icu4j, guava, google- guice, google-gson, geronimo-specs, exec-maven-plugin, bouncycastle, byte-buddy, byaccj, apache-commons-logging, apache-commons-cli, apache-commons-codec, apache-commons-daemon, apache-commons-dbcp, apache-commons-beanutils, ant, auto fixes the following issues: Changes in xom: * Make build recipe compatible with POSIX sh. Use %autosetup. Changes in xmlunit: * Upgrade to 2.11.0 * XMLUnit 2.x is a complete rewrite of XMLUnit and actually doesn't share any code with XMLUnit for Java 1.x. * Some goals for XMLUnit 2.x: * create .NET and Java versions that are compatible in design while trying to be idiomatic for each platform * remove all static configuration (the old XMLUnit class setter methods) * focus on the parts that are useful for testing * XPath * (Schema) validation * comparisons * be independent of any test framework * XMLUnit 1.x is no longer maintained * Use diretly the xalan-j2 jar instead of the jaxp_transform_impl alternative (bsc#1245931 and bsc#1245914) * In cases of ATTR_NAME_NOT_FOUND and CHILD_NODE_NOT_FOUND differences the value used to be the local name of the missing attribute or node. * New assertXpathEvaluatesTo overloads in XMLAssert and a new QualifiedName class can be used to assert the stringified result of an XPath expression is actually a qualified name Changes in modello: * Upgrade to upstream version 2.5.1 * New features and improvements * Improve and add exceptions for singular method * Fix Snakeyaml * Restore singular method behavior like was in version 2.4.0 * Maintenance * Partially migrate to JUnit 5 * Apply spotless re-formatting * Update build, get rid of legacy, fix CLI * Use distributionManagement from parent pom * Fix the modello script classpath to be able to run the velocity generator. * Upgrade to upstream version 2.3.0 Changes in modello: * Add -Dguice_custom_class_loading=CHILD option to the command-line launcher in order to avoid the following warnings with OpenJDK >= 24 : WARNING: A terminally deprecated method in sun.misc.Unsafe has been called WARNING: sun.misc.Unsafe::staticFieldBase has been called by com.google.inject.internal.aop.HiddenClassDefiner WARNING: Please consider reporting this to the maintainers of class com.google.inject.internal.aop.HiddenClassDefiner WARNING: sun.misc.Unsafe::staticFieldBase will be removed in a future release * Upgrade to upstream version 2.5.1 * New features and improvements * Improve and add exceptions for singular method * Fix Snakeyaml * Restore singular method behavior like was in version 2.4.0 * Maintenance * Partially migrate to JUnit 5 * Apply spotless re-formatting * Update build, get rid of legacy, fix CLI * Use distributionManagement from parent pom * Add dependency on objectweb-asm to build with sisu 0.9.0.M4 * Fix the modello script classpath to be able to run the velocity generator. Changes in junit5: * Fix errors in aggregator.pom and in ant build system that prevent successful builds with upcoming Maven 4 * Generate a non-modular javadoc Changes in jna: * do not put module-info.class in multirelease directories Changes in javapackages-tools: * Require findutils for working build-classpath (bsc#1245969) * Upgrade to upstream version 6.4.1 * Changes * Revert "jpackage_script: Remove unneeded backslashes" * Initial implementation of %jp_binding macro * Replace invalid $ escape in regex Changes in xz-java: * Do not put the module-info.class into multirelease directory * If building with Java 8 only, specify in the manifest the Automatic-Module- Name, so that it can be recognized as modular jar even in that configuration Changes in sisu: * Initial packaging of the Sisu Extenders with version 0.9.0.M4 * Upgrade to upstream milestone 0.9.0.M4 * Most important change * ASM is "demoted" to plain dependency, hence, consumer is able to override/update it the usual "Maven way". This applies to all components: inject, plexus and sisu-maven-plugin as well. * Historically, Sisu shaded in ASM just like Guice did. Later Sisu started shipping "main" JAR with shaded ASM but also "no_asm" classified artifact without ASM (just like Guice did with "classes" classified JAR). Starting from this version, Sisu does not shade ASM anymore, it is "demoted" to transitive dependency. * Changes * Disable shallow clones for sonarcloud analysis * Remove spurious asserts * Post release cleanup * Fix jacoco + code coverage * Enable code coverage again for all modules * Use default property for the jacoco agent * Add documentation on Plexus Configurator API * Remove about.html as only relevant for Eclipse plugins * Document Lifecycle support * Call TypeAwareExpressionEvaluator.evaluate(String,Class) if available * Pass strict flag also via "discoverComponents" * Embed/relocate ASM via m-shade-p * Update to ASM 9.8 * Increase coverage * Align subproject names (and naming) * Build infra updates * Reproducible * Fix sisu-maven-plugin * Lax array converter * Update dependencies * Publishing to Central * Build with bootstrap version of maven-plugins. This allows to be built early, since it will become a crucial plugin with Maven 4. Changes in sisu: * Upgrade to upstream milestone 0.9.0.M4 * Most important change * ASM is "demoted" to plain dependency, hence, consumer is able to override/update it the usual "Maven way". This applies to all components: inject, plexus and sisu-maven-plugin as well. * Historically, Sisu shaded in ASM just like Guice did. Later Sisu started shipping "main" JAR with shaded ASM but also "no_asm" classified artifact without ASM (just like Guice did with "classes" classified JAR). Starting from this version, Sisu does not shade ASM anymore, it is "demoted" to transitive dependency. * Changes * Disable shallow clones for sonarcloud analysis * Remove spurious asserts * Post release cleanup * Fix jacoco + code coverage * Enable code coverage again for all modules * Use default property for the jacoco agent * Add documentation on Plexus Configurator API * Remove about.html as only relevant for Eclipse plugins * Document Lifecycle support * Call TypeAwareExpressionEvaluator.evaluate(String,Class) if available * Pass strict flag also via "discoverComponents" * Embed/relocate ASM via m-shade-p * Update to ASM 9.8 * Increase coverage * Align subproject names (and naming) * Build infra updates * Reproducible * Fix sisu-maven-plugin * Lax array converter * Update dependencies * Publishing to Central Changes in jline3: * Update to upstream version 3.30.6 * New features and improvements * Improve console variable expansion (fixes #1370) * ConsoleEngineImpl: change method and field visibilities * Allow ConsoleEngineImpl subclasses access to VariableReferenceCompleter * feat: add reusable POSIX commands to builtins module * feat: support slurp command to be renamed * feat: Extend InputRC with method/s to directly read ~/.inputrc & /etc/inputrc * Allow system commands to be renamed. * Bug Fixes * Fix macOS hang in pipe operations by removing PTY terminal usage * enhancement: only compute suggestions in the Nano editor if something has changed * fix: refactor TerminalProvider methods to use inputEncoding/outputEncoding parameters * Fix System.out not working after closing dumb terminal * Optimize Display performance and fix terminal capability usage * Dependency updates * chore: Bump groovy.version from 4.0.27 to 4.0.28 * chore: Bump com.palantir.javaformat:palantir-java-format from 2.67.00 to 2.73.0 * chore: Bump junit.version from 5.12.2 to 5.13.4 * chore: Bump org.graalvm.sdk:graal-sdk from 24.2.1 to 24.2.2 * chore: Bump com.google.jimfs:jimfs from 1.3.0 to 1.3.1 * chore: Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.5.0 to 3.6.1 * chore: Bump on-headers and compression in /website * chore: Bump org.codehaus.gmavenplus:gmavenplus-plugin from 4.2.0 to 4.2.1 * chore: Bump org.apache.maven.plugins:maven-clean-plugin from 3.4.1 to 3.5.0 * chore: Bump org.codehaus.mojo:build-helper-maven-plugin from 3.6.0 to 3.6.1 * chore: Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8 * chore: Bump eu.maveniverse.maven.njord:extension from 0.6.2 to 0.7.5 * Documentation updates * docs: Link to Nano Customization from Builtins doc page * docs: Add Capability.enter_ca_mode and Capability.exit_ca_mode tip * Maintenance * Remove double docs/docs in edit links on jline.org (fixes# 1309) * chore: make downcall handles static final * Build the ffm support in Factory, since we have now the java >= 22 * Update to upstream version 3.30.4 * New features and improvements * add pluggable completion to Nano editor (fixes #1194) * enhanced MouseSupport to handle multiple mouse event formats (SGR, URXVT, SGR-Pixels) * add getCurrentMouseTracking to Terminal interface * add ability to get terminal default foreground and background colors * add password masking support for dumb terminals (fixes #1172) * add line numbers and current line marker to secondary prompt (fix for #1151) * Add support for separate encodings for stdin, stdout, and stderr * Make prompts work in non-fullscreen mode * Bug Fixes * use a fallback classloader suitable for java Modules or OSGi environments (fixes #1185) * NPE in Status#resize when supported is false (fixes #1191) * nano editor exiting when pressing Ctrl+Space (fixes #1200) * parse error of system default /usr/share/nano/*.nanorc * Terminal.trackMouse(MouseTracking.Off) (fixes #1189) * Make command execution order consistent in SystemRegistryImpl * handle invalid entries in history files gracefully * Properly fill screen lines with spaces when width is increased in ScreenTerminal * cursor position after Status.update() * improve script file detection and execution in Groovy REPL, fixes #1139 * ensure proper cleanup of pump threads in terminal implementations * add history line width check in ScreenTerminal.setSize() (fixes #1206) * console-ui example: catch UserInterruptException in place of IOError * Ctrl+Space handling on Windows terminals * Update LineReaderImpl to use new readMouseEvent signature with lastBinding parameter * enhance nanorc loading and introduce a ClasspathResourceUtil utility * missing close in PosixSysTerminal. * Jansi AnsiConsole broken color detection in uber jars * SyntaxHighlighter glob pattern handling for non-default file systems * Documentation * Integrate website into main repository * improve JLineNativeLoader documentation and references * fix readme * Add comprehensive Javadoc to jline-builtins module * improve Javadoc in console module * add comprehensive Javadoc to org.jline.style package * add comprehensive Javadoc to JLine Terminal and Reader * Add missing DISABLE_EVENT_EXPANSION JavaDoc (fixes #1218) * Make sure snippets compile * Corrected the maven central link * correct PicocliJLineExample snippet name in library-integration.md * validate code snippets during build time instead of runtime * add missing @SInCE 3.30.0 annotations to new methods in Terminal * integrate GitHub wiki content into website documentation * Improve website build system and documentation management * fix javadoc redirect URL issue * Add picocli links to library integration * Mention InputRC on Builtins * doc: update version to 3.30.0 and add Javadoc integration * integrate ConsoleUI documentation into website * add syntax highlighting example classes for documentation * Expand DISABLE_EVENT_EXPANSION JavaDoc (re. #1238) * Link to documentation website earlier in README (see #1240) * Link to Pty4j on Terminal * Rewrite to use Ant to build. This prevents potential cycles with upcoming Maven 4 Changes in j2objc-annotations: * Update to version 3.0.0 * no structured changelog available * this version is a modular jar needed by guava Changes in jackson-databind: * Fix "Not fully interpolated version" error with Maven 4 Changes in icu4j: * detect java version up to 25 when running ant Changes in guava: * Upgrade to guava 33.4.8 * Changes of version 33.4.8 * util.concurrent: Removed our VarHandle code from guava-android. While the code was never used at runtime under Android, it was causing problems under the Android Gradle Plugin with a minSdkVersion below 26. To continue to avoid sun.misc.Unsafe under the JVM, guava-android will now always use AtomicReferenceFieldUpdater when run there. * Changes of version 33.4.7 * Modified the guava module's dependency on failureaccess to be transitive. Also, modified the guava-testlib module to make its dependency on guava transitive, to remove its dependency on failureaccess, and to add a dependency (transitive) on junit. * util.concurrent: Modified our fast paths to ensure that they continue to work when run through optimizers, such as those commonly used by Android apps. This fixes problems that some users may have seen since Guava 33.4.5. * util.concurrent: Changed the guava-android copy of AbstractFuture to try VarHandle before Unsafe, eliminating a warning under newer JDKs. * Changes of version 33.4.6 * Removed the extra copy of each class from the Guava jar. The extra copies were an accidental addition from the modularization work in Guava 33.4.5. * Fixed annotation-related warnings when using Guava in modular builds. The most common such warning is Cannot find annotation method 'value()' in type 'DoNotMock': .... * Changes of version 33.4.5 * Changed the Guava jar (plus guava-testlib and failureaccess jars) to be a modular jar. * Changed various classes to stop using sun.misc.Unsafe under Java 9+. ? Note that, if you use guava-android on the JVM (instead of using guava-jre), Guava will still try to use sun.misc.Unsafe. We will do further work on this in the future. * Belatedly updated the Public Suffix List data. * Changes of version 33.4.4 * Migrated from Checker Framework annotations to JSpecify annotations. * Made our usages of nullness annotations available in our GWT artifact. GWT users will need to upgrade to GWT 2.12.1, which makes GWT as tolerant of Java 8 type-use annotations as it is of other annotations. * Changes of version 33.4.3 * Migrated from @CheckForNull to the Checker Framework @Nullable. Most tools recognize both annotations, so we expect this to be a no-op in almost all cases. This release removes our dependency on JSR-305. * Changes of version 33.4.2 * Changed @ParametricNullness into a no-op for Kotlin and IntelliJ. Before now, it was forcing many usages of type variables to have platform types, which meant that Kotlin couldn't check those usages for nullness errors. With this change, Kotlin can detect more errors. * Changes of version 33.4.1 * Replaced our custom @ElementTypesAreNonnullByDefault annotations with the JSpecify @NullMarked annotation. * Changes of version 33.4.0 * Exposed additional Java 8 APIs to Android users. * base: Deprecated Charsets constants in favor of StandardCharsets. We will not remove the constants, but we recommend using StandardCharsets for consistency. * base: Added ToStringHelper.omitEmptyValues(). * collect: Added an optimized copyOf method to TreeRangeMap. * collect.testing: Fixed @Require annotations so that features implied by absent features are not also required to be absent. * io: Changed ByteSink and CharSink to no longer call flush() in some cases before close(). This is a no-op for well-behaved streams, which internally flush their data as part of closing. However, we have discovered some stream implementations that have overridden close() to do nothing, including not to flush some buffered data. If this change causes problems, the simplest fix is usually to change the close() override to at least call flush(). * net: Added HttpHeaders.ALT_SVC and MediaType.CBOR. * Changes of version 33.3.1 * Added j2objc-annotations to the Gradle runtime classpath to stop producing an Android Gradle Plugin error. * Changes of version 33.3.0 * base: Removed @Beta from the Duration overload of Suppliers.memoizeWithExpiration. * cache: Added CacheBuilder Duration overloads to guava-android. * collect: Removed @Beta from the guava-android Collector APIs. * collect: Added ImmutableMultimap.builderWithExpectedKeys and ImmutableMultimap.Builder.expectedValuesPerKey. * graph: Improved Graphs.hasCycle to avoid causing StackOverflowError for long paths. * net: Added text/markdown to MediaType. * net: Deprecated HttpHeaders constant for Sec-Ch-UA-Form-Factor in favor of Sec-Ch-UA-Form-Factors to follow the latest spec. * testing: Changed some test libraries to throw AssertionError (instead of the more specific AssertionFailedError) in some cases. * we are folding the failureaccess into the main guava.jar, so we don't have a special module for it. Changes in google-guice: * Fix build with Java 25 Changes in google-gson: * Rewrite the build system for ant to avoid potential build cycles with upcoming Maven 4 Changes in geronimo-specs: * Do not use update-alternatives Changes in exec-maven-plugin: * Upgrade to upstream version 3.5.1 * Changes of 3.5.1 * Bug Fixes * Add ClassLoader support for ASM ClassWriter * Maintenance * Fix ITs for Maven 4 rc-3 * Document how to use env vars in commandlineArgs * Changes of 3.5.0 * New features and improvements * Add toolchain java path to environment variables in ExecMojo * Bug Fixes * # 322, enable to control the exec:java interaction with JVM classloader more finely * Maintenance * Update site descriptor to 2.0.0 * Toolchains manual improvements * Manage version of maven-toolchains-plugin * Changes of 3.4.1 * Bug Fixes * Environment variable Path should be used as case-insensitive * fix: NPE because declared MavenSession field hides field of superclass * Maintenance * Remove redundant spotless configuration * Build * Use Maven4 enabled with GH Action * Use shared release drafter GH Action * Chages of 3.4.0 * New features and improvements * Allow to be specified for the exec:exec goal * Bug Fixes * Do not get UPPERCASE env vars * Maintenance * Remove Log4j 1.2.x from ITs * Build * Use Maven 3.9.7 and 4.0.0-beta-3 * Changes of 3.3.0 * New features and improvements * Add option to include runtime and provided * Changes of 3.2.0 * New features and improvements * Enable to exec:java runnables and not only mains with loosely coupled injections * Try to get rid of legacy API which can break starting with java 17 * Bug Fixes * Fix #401 - Maven v4 compatibility * Maintenance * ITs improvement * Fix documentation formatting, add menu items for new examples * Execute mexec-137 also on unix family * Remove unused test * Build * Bump release-drafter/release-drafter from 5 to 6 * Changes of 3.1.1 * New features and improvements * Remove unused killAfter options * [#391] Cope with Thread::stop being unavailable in JDK 20+ * Only prefix program output with thread name when running with multiple threads * [#389] Add option 'blockSystemExit' to 'java' mojo * Require Maven 3.6.3+ * Ensure maven.properties can be forwarded to system properties for exec:java * Bug Fixes * Fix #158 - Fix non ascii character handling * [#323] exec arguments missing * Maintenance * Code cleanups - use newer JDK features * Enable spotless for code formatting * Require Maven 3.6.3+ * ITs cleanups * Use Resolver Api for dependency resolving * Build * Workaround for concurrent access to local repository on Windows by ITs * Use Maven 3.9.4, 3.8.8 in GitHub build * Changes of 3.1.0 * New features and improvements * Require Maven 3.2.5 * Support stream inheritance for the forked process, fixes #71 * Bug Fixes * Fix NullPointerException when using plugin dependencies in version 1.6.0 * preload common pool - issue #198 * fix handling of LongModulePathArgument and LongClassPathArgument * Do not drop environment variables that contain '=' in their value, or have no value. * Empty argument tag should add empty string instead of null * Fixes #160, ensure the java classloader is a child first one and supports to excludes some gathered classpath element to solve manually conflicts * Maintenance * Get rid of maven-artifact-transfer from dependencies * Cleanup project site * Cleanup project * Fix build badge for current CI system * Enforce JAVA_HOME for ITs * Drop Invokable interface * Remove unused class * Remove unused class and profile to build it * Remove unused imports * Remove unused fields * Bump sniffed signatures * fix issue with IBM semu 11 * [DEPS] remove unused logging dependencies. * Fixed message: Removed duplicate space * Fix spelling in error msg (occured -> occurred) * Build * Testing with Maven 3.2.5 and 3.8.6 * use shared gh action from ASF * use Temurin JDK Changes in bouncycastle: * Update to 1.82: * Defects Fixed: * SNOVA and MAYO are now correctly added to the JCA provider module-info file. * TLS: Avoid nonce reuse error in JCE AEAD workaround for pre-Java7. * BCJSSE: Session binding map is now shared across all stages of the session lifecycle (SunJSSE compatibility). * The CMCEPrivateKeyParameters#reconstructPublicKey method was returning an empty byte array. It now returns an encoding of the public key. * CBZip2InputStream no longer auto-closes at end-of-contents. * The BC CertPath implementation was eliminating certificates on the bases of the Key-ID. This is not in accordance with RFC 4158. * Support for the previous set of libOQS Falcon OIDs has been restored. * The BC CipherInputStream could throw an exception if asked to handle an AEAD stream consisting of the MAC only. * Some KeyAgreement classes were missing in the Java 11 class hierarchy. * Fix typo in a constant name in the HPKE class and deprecate the old constant. * Fuzzing analysis has been done on the OpenPGP API and additional code has been added to prevent escaping exceptions. * Additional Features and Functionality: * SHA3Digest, CSHAKE, TupleHash, KMAC now provide support for Memoable and EncodableService. * BCJSSE: Added support for integrity-only cipher suites in TLS 1.3 per RFC 9150. * BCJSSE: Added support for system properties "jdk.tls.{client,server}.maxInboundCertificateChainLength" * BCJSSE: Added support for ML-DSA signature schemes in TLS 1.3 per draft-ietf-tls-mldsa-00. * The Composite post-quantum signatures implementation has been updated to the latest draft (07) draft-ietf-lamps-pq-composite-sigs. * "_PREHASH" implementations are now provided for all composite signatures to allow the hash of the date to be used instead of the actual data in signature calculation. * The gradle build can now be used to generate an Bill of Materials (BOM) file. * It is now possible to configure the SignerInfoVerifierBuilder used by the SignedMailValidator class. * The Ascon family of algorithms has been updated with the latest published changes. * Composite signature keys can now be constructed from the individual keys of the algorithms composing the composite. * PGPSecretKey, PGPSignatureGenerator now support version 6. * Further optimisation work has been done on ML-KEM public key validation. * Zeroization of passwords in the JCA PKCS12 key store has been improved. * The "org.bouncycastle.drbg.effective_256bits_entropy" property has been added for platforms where the entropy source is not producing 1 full bit of entropy per bit and additional bits are required (default value 282). * OpenPGPKeyGenerator now allows for the use of empty UserIDs (version 4 compatibility). * The HQC KEM has been updated with the latest draft updates. * Additional Notes: * The legacy post-quantum package has now been removed. * Update to 1.81: * Defects Fixed: * A potention NullPointerException in the KEM KDF KemUtil class has been removed. * Overlapping input/output buffers in doFinal could result in data corruption. * Fixed Grain-128AEAD decryption incorrectly handle MAC verification. * Add configurable header validation to prevent malicious header injection in PGP cleartext signed messages; Fix signature packet encoding issues in PGPSignature.join() and embedded signatures while phasing out legacy format. * Fixed ParallelHash initialization stall when using block size B=0. * The PRF from the PBKDF2 function was been lost when PBMAC1 was initialized from protectionAlgorithm. This has been fixed. * The lowlevel DigestFactory was cloning MD5 when being asked to clone SHA1. * Additional Features and Functionality: * XWing implementation updated to draft-connolly-cfrg-xwing-kem/07/ * Further support has been added for generation and use of PGP V6 keys * Additional validation has been added for armored headers in Cleartext Signed Messages. * The PQC signature algorithm proposal Mayo has been added to the low-level API and the BCPQC provider. * The PQC signature algorithm proposal Snova has been added to the low-level API and the BCPQC provider. * Support for ChaCha20-Poly1305 has been added to the CMS/SMIME APIs. * The Falcon implementation has been updated to the latest draft. * Support has been added for generating keys which encode as seed-only and expanded-key-only for ML-KEM and ML-DSA private keys. * Private key encoding of ML-DSA and ML-KEM private keys now follows the latest IETF draft. * The Ascon family of algorithms has been updated to the initial draft of SP 800-232. Some additional optimisation work has been done. * Support for ML-DSA's external-mu calculation and signing has been added to the BC provider. * CMS now supports ML-DSA for SignedData generation. * Introduce high-level OpenPGP API for message creation/consumption and certificate evaluation. * Added JDK21 KEM API implementation for HQC algorithm. * BCJSSE: Strip trailing dot from hostname for SNI, endpointID checks. * BCJSSE: Draft support for ML-KEM updated (draft-connolly-tls-mlkem-key-agreement-05). * BCJSSE: Draft support for hybrid ECDHE-MLKEM (draft-ietf-tls-ecdhe-mlkem-00). * BCJSSE: Optionally prefer TLS 1.3 server's supported_groups order (BCSSLParameters.useNamedGroupsOrder). Changes in byte-buddy: * Fix build with maven 4 * Update to v1.17.6 * Changes of v1.17.6 * Add convenience wrapper for ResettableClassFileTransformer that implicitly delegates to correct transformer method. * Add filter for deduplicate fields and methods in class file. * Add missing static requirement of Spotbugs annotations to module descriptors. * Add LazinessMode for TypePool and add convenience support to AgentBuilder. * Fix source jars for multi-version release to contain duplicated source. * Update to v1.17.5 * Changes of v1.17.5 * Update ASM to version 9.8 to support Java 25 using ASM reader and writer. * Include AnnotationRemoval visitor for removing or replacing annotations. * Update to v1.17.4 * Changes of v1.17.4 * Add SafeVarargs plugin. * Fix OSGi declaration for byte-buddy-agent. * Update to v1.17.3 * Changes of v1.17.3 * Fix bug in ASM to Class File API bridge handling tableswitch instructions. * Add plugin for adding SafeVarargs annotations. * Further generify MemberSubstitution API. * Update to v1.17.2 * Changes of v1.17.2 * Update Class File API integration to include support for several omitted byte codes. * Adjust attach API emulation for OpenJ9 to not create subfolder if temporary folder is set explicitly. * Update to v1.17.1 * Changes of v1.17.1 * Fix bug in MemberSubstitution were argument indices were resolved by one digit off. * Update Class File API integration to avoid that parameter annotations are lost. Changes in byaccj: * add -std=gnu11 to CFLAGS to fix gcc15 compile time error, and to still allow build on SLE / Leap 15 Changes in apache-commons-logging: * Upgrade to 1.3.5 * Fixed Bugs * Javadoc is missing its Overview page. * Remove -nouses directive from maven-bundle-plugin. OSGi package imports now state 'uses' definitions for package imports, this doesn't affect JPMS (from org.apache.commons:commons-parent:80). * Changes * Bump org.apache.commons:commons-parent from 72 to 81 #285, #287, #295, #298, #303, #310, #339. * Bump org.apache.commons:commons-lang3 from 3.16.0 to 3.17.0 #288 [test]. * Bump log4j2.version from 2.23.1 to 2.24.3 #292, #299, #319, #328. * Removed: * Remove "cobertura" plugin use JaCoco, Cobertura is unmaintained. * LOGGING-193: Update Log4j 2 OSGi imports #268. * Fix PMD UnnecessaryFullyQualifiedName in SimpleLog. * Fix NullPointerException in SimpleLog#write(Object) on null Changes in apache-commons-cli: * Update to 1.10.0 * New Features * CLI-339: Help formatter extension in the new package #314. * CommandLine.Builder implements Supplier. * DefaultParser.Builder implements Supplier. * CLI-340: Add CommandLine.getParsedOptionValues() #334. * CLI-333: org.apache.commons.cli.Option.Builder implements Supplier