SUSE-SU-2026:20576-1: important: Security update for cockpit-machines, cockpit
SLE-UPDATES
null at suse.de
Thu Mar 5 16:45:55 UTC 2026
# Security update for cockpit-machines, cockpit
Announcement ID: SUSE-SU-2026:20576-1
Release Date: 2026-02-17T14:20:44Z
Rating: important
References:
* bsc#1221342
* bsc#1236149
* bsc#1239759
* bsc#1248250
* bsc#1249828
* bsc#1249830
* bsc#1257324
* bsc#1257325
Cross-References:
* CVE-2025-13465
CVSS scores:
* CVE-2025-13465 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-13465 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-13465 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13465 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products:
* SUSE Linux Enterprise Server 16.0
* SUSE Linux Enterprise Server for SAP Applications 16.0
An update that solves one vulnerability and has seven fixes can now be
installed.
## Description:
This update for cockpit-machines, cockpit fixes the following issues:
* CVE-2025-13465: Update the lodash dependencie to avoid prototype pollution.
(bsc#1257324)
Changes in cockpit-machines:
* Update to 346
* 346
* Performance improvements
* Translation updates
* 345
* New virtual machines don't get SPICE graphics anymore
* Support for network port forwarding
* Bug fixes and translation updates
* Update to 344
* 344
* Port forwarding for user session VMs
* "Shutdown and restart" action
* Faster startup
* 343
* Memory usage now shows numbers reported by the guest (RHEL-116731)
* Update to 342
* 342
* Bug fixes and translation updates
* 341
* Improved UX for Disks and Network interface tables
* Bug fixes and translation updates
* 340
* Use exclusive VNC connections with "Remote resizing"
* Update to 339
* 339
* Serial consoles now keep their content and stay alive
* No longer copies qemu.conf values into VM definitions
* 338
* Translation and dependency updates
* Detachable VNC console
* Update to 337
* 337
* Bug fixes and translation updates
* 336
* Graphical VNC and serial consoles improvements
* Control VNC console resizing and scaling
* Bug fixes and translation updates
* 335
* Bug fixes and translation updates
* 334
* Bug fixes and translation updates
Changes in cockpit:
* Update to 354
* changes since 351
* 354
* Convert documentation to AsciiDoc
* Work around Firefox 146/147 bug (rhbz#2422331)
* Bug fixes
* 353
* Networking: Suggest prefix length and gateway address
* Bug fixes and translation updates
* 352
* Shown a warning if the last shutdown/reboot was unclean
* Bug fixes and translation updates
* Update to 351
* Changes since 349
* 351
* Firewall ports can be deleted individually
* 350
* networking: fix renaming of bridges and other groups (RHEL-117883)
* bridge: fix OpenSSH_10.2p1 host key detection
* Update to 349
* Changes since 346
* 349
* Package manifests: add any test
* Bug fixes and translation updates
* 348
* Bug fixes and translation updates
* 347
* Site-specific branding support
* Update to 346
* Changes since 344
* 346
* Support branding Cockpit pages
* Storage: Support for Stratis "V2" pools
* 345
* Translation and dependency updates
* Shorter IPv6 addresses
* IPv6 addresses for WireGuard
* Update to 344
* Changes since 340
* 344
* Bug fixes and translation updates
* 343
* login: Improve error message for unsupported shells
* cockpit: Handle file access issues with files in machines.d
* Translation updates
* 342
* systemd: ensure update() is called at least once for tuned-dialog
* Translation updates
* 341
* services: show link to podman page for quadlets
* Bug fixes and translation updates
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 16.0
zypper in -t patch SUSE-SLES-16.0-291=1
* SUSE Linux Enterprise Server for SAP Applications 16.0
zypper in -t patch SUSE-SLES-16.0-291=1
## Package List:
* SUSE Linux Enterprise Server 16.0 (noarch)
* cockpit-system-354-160000.1.1
* cockpit-doc-354-160000.1.1
* cockpit-kdump-354-160000.1.1
* cockpit-machines-346-160000.1.1
* cockpit-firewalld-354-160000.1.1
* cockpit-packagekit-354-160000.1.1
* cockpit-storaged-354-160000.1.1
* cockpit-selinux-354-160000.1.1
* cockpit-networkmanager-354-160000.1.1
* cockpit-bridge-354-160000.1.1
* SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64)
* cockpit-ws-debuginfo-354-160000.1.1
* cockpit-debugsource-354-160000.1.1
* cockpit-ws-selinux-354-160000.1.1
* cockpit-devel-354-160000.1.1
* cockpit-ws-354-160000.1.1
* cockpit-354-160000.1.1
* SUSE Linux Enterprise Server for SAP Applications 16.0 (noarch)
* cockpit-system-354-160000.1.1
* cockpit-doc-354-160000.1.1
* cockpit-kdump-354-160000.1.1
* cockpit-machines-346-160000.1.1
* cockpit-firewalld-354-160000.1.1
* cockpit-packagekit-354-160000.1.1
* cockpit-storaged-354-160000.1.1
* cockpit-selinux-354-160000.1.1
* cockpit-networkmanager-354-160000.1.1
* cockpit-bridge-354-160000.1.1
* SUSE Linux Enterprise Server for SAP Applications 16.0 (ppc64le x86_64)
* cockpit-ws-debuginfo-354-160000.1.1
* cockpit-debugsource-354-160000.1.1
* cockpit-ws-selinux-354-160000.1.1
* cockpit-devel-354-160000.1.1
* cockpit-ws-354-160000.1.1
* cockpit-354-160000.1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-13465.html
* https://bugzilla.suse.com/show_bug.cgi?id=1221342
* https://bugzilla.suse.com/show_bug.cgi?id=1236149
* https://bugzilla.suse.com/show_bug.cgi?id=1239759
* https://bugzilla.suse.com/show_bug.cgi?id=1248250
* https://bugzilla.suse.com/show_bug.cgi?id=1249828
* https://bugzilla.suse.com/show_bug.cgi?id=1249830
* https://bugzilla.suse.com/show_bug.cgi?id=1257324
* https://bugzilla.suse.com/show_bug.cgi?id=1257325
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260305/13f8f18f/attachment.htm>
More information about the sle-updates
mailing list