<div class="container">
<h1>Security update for python313</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2026:20543-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2026-02-19T11:59:12Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1257029">bsc#1257029</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1257031">bsc#1257031</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1257042">bsc#1257042</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1257046">bsc#1257046</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1257181">bsc#1257181</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-11468.html">CVE-2025-11468</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-15282.html">CVE-2025-15282</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-0672.html">CVE-2026-0672</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-0865.html">CVE-2026-0865</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2026-1299.html">CVE-2026-1299</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-11468</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.1</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-11468</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-11468</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.7</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-15282</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.9</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-15282</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-15282</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.0</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-0672</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.7</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-0672</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-0672</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.0</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-0865</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.9</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-0865</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-0865</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.9</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-1299</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.3</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-1299</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.2</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2026-1299</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.0</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Micro 6.2</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves five vulnerabilities can now be installed.</p>
<h2>Description:</h2>
<p>This update for python313 fixes the following issues:</p>
<p>Update to version 3.13.12.</p>
<p>Security issues fixed:</p>
<ul>
<li>CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable
characters (bsc#1257029).</li>
<li>CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046).</li>
<li>CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel
(bsc#1257031).</li>
<li>CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042).</li>
<li>CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in <code>BytesGenerator</code>
(bsc#1257181).</li>
</ul>
<p>Other updates and bugfixes:</p>
<ul>
<li>
<p>Update to version 3.13.12.</p>
</li>
<li>
<p>Library</p>
<ul>
<li>gh-144380: Improve performance of io.BufferedReader line
iteration by ~49%.</li>
<li>gh-144169: Fix three crashes when non-string keyword
arguments are supplied to objects in the ast module.</li>
<li>gh-144100: Fixed a crash in ctypes when using a deprecated
POINTER(str) type in argtypes. Instead of aborting, ctypes
now raises a proper Python exception when the pointer
target type is unresolved.</li>
<li>gh-144050: Fix stat.filemode() in the pure-Python
implementation to avoid misclassifying invalid mode values
as block devices.</li>
<li>gh-144023: Fixed validation of file descriptor 0 in posix
functions when used with follow_symlinks parameter.</li>
<li>gh-143999: Fix an issue where inspect.getgeneratorstate()
and inspect.getcoroutinestate() could fail for generators
wrapped by types.coroutine() in the suspended state.</li>
<li>gh-143706: Fix multiprocessing forkserver so that sys.argv
is correctly set before <strong>main</strong> is preloaded. Previously,
sys.argv was empty during main module import in forkserver
child processes. This fixes a regression introduced in
3.13.8 and 3.14.1. Root caused by Aaron Wieczorek, test
provided by Thomas Watson, thanks!</li>
<li>gh-143638: Forbid reentrant calls of the pickle.Pickler and
pickle.Unpickler methods for the C implementation.
Previously, this could cause crash or data corruption, now
concurrent calls of methods of the same object raise
RuntimeError.</li>
<li>gh-78724: Raise RuntimeError's when user attempts to call
methods on half-initialized Struct objects, For example,
created by Struct.<strong>new</strong>(Struct). Patch by Sergey
B Kirpichev.</li>
<li>gh-143602: Fix a inconsistency issue in write() that leads
to unexpected buffer overwrite by deduplicating the buffer
exports.</li>
<li>gh-143547: Fix sys.unraisablehook() when the hook raises an
exception and changes sys.unraisablehook(): hold a strong
reference to the old hook. Patch by Victor Stinner.</li>
<li>gh-143378: Fix use-after-free crashes when a BytesIO object
is concurrently mutated during write() or writelines().</li>
<li>gh-143346: Fix incorrect wrapping of the Base64 data in
plistlib._PlistWriter when the indent contains a mix of
tabs and spaces.</li>
<li>gh-143310: tkinter: fix a crash when a Python list is
mutated during the conversion to a Tcl object (e.g., when
setting a Tcl variable). Patch by Benedikt Tran.</li>
<li>gh-143309: Fix a crash in os.execve() on non-Windows
platforms when given a custom environment mapping which is
then mutated during parsing. Patch by Benedikt Tran.</li>
<li>gh-143308: pickle: fix use-after-free crashes when
a PickleBuffer is concurrently mutated by a custom buffer
callback during pickling. Patch by Benedikt Tran and Aaron
Wieczorek.</li>
<li>gh-143237: Fix support of named pipes in the rotating
logging handlers.</li>
<li>gh-143249: Fix possible buffer leaks in Windows overlapped
I/O on error handling.</li>
<li>gh-143241: zoneinfo: fix infinite loop in
ZoneInfo.from_file when parsing a malformed TZif file.
Patch by Fatih Celik.</li>
<li>gh-142830: sqlite3: fix use-after-free crashes when the
connection's callbacks are mutated during a callback
execution. Patch by Benedikt Tran.</li>
<li>gh-143200: xml.etree.ElementTree: fix use-after-free
crashes in <strong>getitem</strong>() and <strong>setitem</strong>() methods of
Element when the element is concurrently mutated. Patch by
Benedikt Tran.</li>
<li>gh-142195: Updated timeout evaluation logic in subprocess
to be compatible with deterministic environments like
Shadow where time moves exactly as requested.</li>
<li>gh-143145: Fixed a possible reference leak in ctypes when
constructing results with multiple output parameters on
error.</li>
<li>gh-122431: Corrected the error message in
readline.append_history_file() to state that nelements must
be non-negative instead of positive.</li>
<li>gh-143004: Fix a potential use-after-free in
collections.Counter.update() when user code mutates the
Counter during an update.</li>
<li>gh-143046: The asyncio REPL no longer prints copyright and
version messages in the quiet mode (-q). Patch by Bartosz
Slawecki.</li>
<li>gh-140648: The asyncio REPL now respects the -I flag
(isolated mode). Previously, it would load and execute
PYTHONSTARTUP even if the flag was set. Contributed by
Bartosz Slawecki.</li>
<li>gh-142991: Fixed socket operations such as recvfrom() and
sendto() for FreeBSD divert(4) socket.</li>
<li>gh-143010: Fixed a bug in mailbox where the precise timing
of an external event could result in the library opening an
existing file instead of a file it expected to create.</li>
<li>gh-142881: Fix concurrent and reentrant call of
atexit.unregister().</li>
<li>gh-112127: Fix possible use-after-free in
atexit.unregister() when the callback is unregistered
during comparison.</li>
<li>gh-142783: Fix zoneinfo use-after-free with descriptor
_weak_cache. a descriptor as _weak_cache could cause
crashes during object creation. The fix ensures proper
reference counting for descriptor-provided objects.</li>
<li>gh-142754: Add the ownerDocument attribute to
xml.dom.minidom elements and attributes created by directly
instantiating the Element or Attr class. Note that this way
of creating nodes is not supported; creator functions like
xml.dom.Document.documentElement() should be used instead.</li>
<li>gh-142784: The asyncio REPL now properly closes the loop
upon the end of interactive session. Previously, it could
cause surprising warnings. Contributed by Bartosz Slawecki.</li>
<li>gh-142555: array: fix a crash in a[i] = v when converting
i to an index via i.<strong>index</strong> or i.<strong>float</strong> mutates the
array.</li>
<li>gh-142594: Fix crash in TextIOWrapper.close() when the
underlying buffer's closed property calls detach().</li>
<li>gh-142451: hmac: Ensure that the HMAC.block_size attribute
is correctly copied by HMAC.copy. Patch by Benedikt Tran.</li>
<li>gh-142495: collections.defaultdict now prioritizes
<strong>setitem</strong>() when inserting default values from
default_factory. This prevents race conditions where
a default value would overwrite a value set before
default_factory returns.</li>
<li>gh-142651: unittest.mock: fix a thread safety issue where
Mock.call_count may return inaccurate values when the mock
is called concurrently from multiple threads.</li>
<li>gh-142595: Added type check during initialization of the
decimal module to prevent a crash in case of broken stdlib.
Patch by Sergey B Kirpichev.</li>
<li>gh-142517: The non-compat32 email policies now correctly
handle refolding encoded words that contain bytes that can
not be decoded in their specified character set. Previously
this resulted in an encoding exception during folding.</li>
<li>gh-112527: The help text for required options in argparse
no longer extended with "(default: None)".</li>
<li>gh-142315: Pdb can now run scripts from anonymous pipes
used in process substitution. Patch by Bartosz Slawecki.</li>
<li>gh-142282: Fix winreg.QueryValueEx() to not accidentally
read garbage buffer under race condition.</li>
<li>gh-75949: Fix argparse to preserve | separators in mutually
exclusive groups when the usage line wraps due to length.</li>
<li>gh-68552: MisplacedEnvelopeHeaderDefect and Missing header
name defects are now correctly passed to the handle_defect
method of policy in FeedParser.</li>
<li>gh-142006: Fix a bug in the email.policy.default folding
algorithm which incorrectly resulted in a doubled newline
when a line ending at exactly max_line_length was followed
by an unfoldable token.</li>
<li>gh-105836: Fix asyncio.run_coroutine_threadsafe() leaving
underlying cancelled asyncio task running.</li>
<li>gh-139971: pydoc: Ensure that the link to the online
documentation of a stdlib module is correct.</li>
<li>gh-139262: Some keystrokes can be swallowed in the new
PyREPL on Windows, especially when used together with the
ALT key. Fix by Chris Eibl.</li>
<li>gh-138897: Improved license/copyright/credits display in
the REPL: now uses a pager.</li>
<li>gh-79986: Add parsing for References and In-Reply-To
headers to the email library that parses the header content
as lists of message id tokens. This prevents them from
being folded incorrectly.</li>
<li>gh-109263: Starting a process from spawn context in
multiprocessing no longer sets the start method globally.</li>
<li>gh-90871: Fixed an off by one error concerning the backlog
parameter in create_unix_server(). Contributed by Christian
Harries.</li>
<li>gh-133253: Fix thread-safety issues in linecache.</li>
<li>gh-132715: Skip writing objects during marshalling once
a failure has occurred.</li>
<li>gh-127529: Correct behavior of
asyncio.selector_events.BaseSelectorEventLoop._accept_connection()
in handling ConnectionAbortedError in a loop. This improves
performance on OpenBSD.</li>
</ul>
</li>
<li>
<p>IDLE</p>
<ul>
<li>gh-143774: Better explain the operation of Format / Format
Paragraph.</li>
</ul>
</li>
<li>
<p>Core and Builtins</p>
<ul>
<li>gh-144307: Prevent a reference leak in module teardown at
interpreter finalization.</li>
<li>gh-144194: Fix error handling in perf jitdump
initialization on memory allocation failure.</li>
<li>gh-141805: Fix crash in set when objects with the same hash
are concurrently added to the set after removing an element
with the same hash while the set still contains elements
with the same hash.</li>
<li>gh-143670: Fixes a crash in ga_repr_items_list function.</li>
<li>gh-143377: Fix a crash in _interpreters.capture_exception()
when the exception is incorrectly formatted. Patch by
Benedikt Tran.</li>
<li>gh-143189: Fix crash when inserting a non-str key into
a split table dictionary when the key matches an existing
key in the split table but has no corresponding value in
the dict.</li>
<li>gh-143228: Fix use-after-free in perf trampoline when
toggling profiling while threads are running or during
interpreter finalization with daemon threads active. The
fix uses reference counting to ensure trampolines are not
freed while any code object could still reference them.
Pach by Pablo Galindo</li>
<li>gh-142664: Fix a use-after-free crash in
memoryview.<strong>hash</strong> when the <strong>hash</strong> method of the
referenced object mutates that object or the view. Patch by
Benedikt Tran.</li>
<li>gh-142557: Fix a use-after-free crash in bytearray.<strong>mod</strong>
when the bytearray is mutated while formatting the %-style
arguments. Patch by Benedikt Tran.</li>
<li>gh-143195: Fix use-after-free crashes in bytearray.hex()
and memoryview.hex() when the separator's <strong>len</strong>() mutates
the original object. Patch by Benedikt Tran.</li>
<li>gh-143135: Set sys.flags.inspect to 1 when PYTHONINSPECT is</li>
<li>Previously, it was set to 0 in this case.</li>
<li>gh-143003: Fix an overflow of the shared empty buffer in
bytearray.extend() when <strong>length_hint</strong>() returns 0 for
non-empty iterator.</li>
<li>gh-143006: Fix a possible assertion error when comparing
negative non-integer float and int with the same number of
bits in the integer part.</li>
<li>gh-142776: Fix a file descriptor leak in import.c</li>
<li>gh-142829: Fix a use-after-free crash in
contextvars.Context comparison when a custom <strong>eq</strong> method
modifies the context via set().</li>
<li>gh-142766: Clear the frame of a generator when
generator.close() is called.</li>
<li>gh-142737: Tracebacks will be displayed in fallback mode
even if io.open() is lost. Previously, this would crash the
interpreter. Patch by Bartosz Slawecki.</li>
<li>gh-142554: Fix a crash in divmod() when
_pylong.int_divmod() does not return a tuple of length two
exactly. Patch by Benedikt Tran.</li>
<li>gh-142560: Fix use-after-free in bytearray search-like
methods (find(), count(), index(), rindex(), and rfind())
by marking the storage as exported which causes
reallocation attempts to raise BufferError. For contains(),
split(), and rsplit() the buffer protocol is used for this.</li>
<li>gh-142343: Fix SIGILL crash on m68k due to incorrect
assembly constraint.</li>
<li>gh-141732: Ensure the <strong>repr</strong>() for ExceptionGroup and
BaseExceptionGroup does not change when the exception
sequence that was original passed in to its constructor is
subsequently mutated.</li>
<li>gh-100964: Fix reference cycle in exhausted generator
frames. Patch by Savannah Ostrowski.</li>
<li>gh-140373: Correctly emit PY_UNWIND event when generator
object is closed. Patch by Mikhail Efimov.</li>
<li>gh-138568: Adjusted the built-in help() function so that
empty inputs are ignored in interactive mode.</li>
<li>gh-127773: Do not use the type attribute cache for types
with incompatible MRO.</li>
</ul>
</li>
<li>
<p>C API</p>
<ul>
<li>gh-142571: PyUnstable_CopyPerfMapFile() now checks that
opening the file succeeded before flushing.</li>
</ul>
</li>
<li>
<p>Build</p>
<ul>
<li>gh-142454: When calculating the digest of the JIT stencils
input, sort the hashed files by filenames before adding
their content to the hasher. This ensures deterministic
hash input and hence deterministic hash, independent on
filesystem order.</li>
<li>gh-141808: When running make clean-retain-profile, keep the
generated JIT stencils. That way, the stencils are not
generated twice when Profile-guided optimization (PGO) is
used. It also allows distributors to supply their own
pre-built JIT stencils.</li>
<li>gh-138061: Ensure reproducible builds by making JIT stencil
header generation deterministic.</li>
</ul>
</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Micro 6.2
<br/>
<code>zypper in -t patch SUSE-SL-Micro-6.2-300=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64)
<ul>
<li>python313-base-3.13.12-160000.1.1</li>
<li>python313-curses-debuginfo-3.13.12-160000.1.1</li>
<li>python313-debugsource-3.13.12-160000.1.1</li>
<li>python313-base-debuginfo-3.13.12-160000.1.1</li>
<li>python313-core-debugsource-3.13.12-160000.1.1</li>
<li>libpython3_13-1_0-debuginfo-3.13.12-160000.1.1</li>
<li>python313-curses-3.13.12-160000.1.1</li>
<li>libpython3_13-1_0-3.13.12-160000.1.1</li>
<li>python313-3.13.12-160000.1.1</li>
<li>python313-debuginfo-3.13.12-160000.1.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-11468.html">https://www.suse.com/security/cve/CVE-2025-11468.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-15282.html">https://www.suse.com/security/cve/CVE-2025-15282.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-0672.html">https://www.suse.com/security/cve/CVE-2026-0672.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-0865.html">https://www.suse.com/security/cve/CVE-2026-0865.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2026-1299.html">https://www.suse.com/security/cve/CVE-2026-1299.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1257029">https://bugzilla.suse.com/show_bug.cgi?id=1257029</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1257031">https://bugzilla.suse.com/show_bug.cgi?id=1257031</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1257042">https://bugzilla.suse.com/show_bug.cgi?id=1257042</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1257046">https://bugzilla.suse.com/show_bug.cgi?id=1257046</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1257181">https://bugzilla.suse.com/show_bug.cgi?id=1257181</a>
</li>
</ul>
</div>