<div class="container">

    <h1>Security update for libsolv, libzypp, zypper</h1>

    <table class="table table-striped table-bordered">

        <tbody>

        <tr>

            <th>Announcement ID:</th>

            <td>SUSE-SU-2026:21738-1</td>

        </tr>

        <tr>

            <th>Release Date:</th>

            <td>2026-05-21T09:23:01Z</td>

        </tr>

        <tr>

            <th>Rating:</th>

            <td>important</td>

        </tr>

        <tr>

            <th>References:</th>

            <td>

                <ul>

                        <li style="display: inline;">

                            <a href="https://bugzilla.suse.com/show_bug.cgi?id=1265223">bsc#1265223</a>

                        </li>

                        <li style="display: inline;">

                            <a href="https://jira.suse.com/browse/PED-11922">jsc#PED-11922</a>

                        </li>

                </ul>

            </td>

        </tr>

            <tr>

                <th>

                    Cross-References:

                </th>

                <td>

                    <ul>

                        <li style="display: inline;">

                            <a href="https://www.suse.com/security/cve/CVE-2026-44933.html">CVE-2026-44933</a>

                        </li>

                    </ul>

                </td>

            </tr>

            <tr>

                <th>CVSS scores:</th>

                <td>

                    <ul class="list-group">

                            <li class="list-group-item">

                                <span class="cvss-reference">CVE-2026-44933</span>

                                <span class="cvss-source">

                                    (

                                        SUSE

                                    ):

                                </span>

                                <span class="cvss-score">8.5</span>

                                <span class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N</span>

                            </li>

                            <li class="list-group-item">

                                <span class="cvss-reference">CVE-2026-44933</span>

                                <span class="cvss-source">

                                    (

                                        SUSE

                                    ):

                                </span>

                                <span class="cvss-score">7.8</span>

                                <span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>

                            </li>

                            <li class="list-group-item">

                                <span class="cvss-reference">CVE-2026-44933</span>

                                <span class="cvss-source">

                                    (

                                        NVD

                                    ):

                                </span>

                                <span class="cvss-score">8.5</span>

                                <span class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X</span>

                            </li>

                            <li class="list-group-item">

                                <span class="cvss-reference">CVE-2026-44933</span>

                                <span class="cvss-source">

                                    (

                                        NVD

                                    ):

                                </span>

                                <span class="cvss-score">7.8</span>

                                <span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>

                            </li>

                    </ul>

                </td>

            </tr>

        <tr>

            <th>Affected Products:</th>

            <td>

                <ul class="list-group">

                        <li class="list-group-item">SUSE Linux Micro 6.1</li>

                </ul>

            </td>

        </tr>

        </tbody>

    </table>

    <p>An update that solves one vulnerability and contains one feature can now be installed.</p>

        <h2>Description:</h2>

    <p>This update for libsolv, libzypp, zypper fixes the following issues:</p>

<ul>

<li>CVE-2026-44933: prevent configured scripts from escaping the sigcheck directory (bsc#1265223)</li>

</ul>

<p>Changes in libsolv:</p>

<ul>

<li>update to version 0.7.37:  <ul>

<li>fix parsing of sha512 checksums in debian repositories</li>

<li>improve speed of dirpool_add_dir makeing parsing of filelists.xml twice as fast</li>

<li>fix parsing of recommands in the old Mandriva synthesis format</li>

</ul>

</li>

</ul>

<p>Changes in libzypp:</p>

<ul>

<li>update to version 17.38.9:<ul>

<li>Mandatory signature verification plugin support (jsc#PED-11922)</li>

</ul>

</li>

</ul>

<p>Changes in zypper:</p>

<ul>

<li>update to version 1.14.97:</li>

<li>Add --filter-version-change to zypper lu.

     Adds filtering by version change significance to reduce noise in update listings. 

     Supports levels: rebuild (hides rebuild-only changes) and package (hides all release-only changes).</li>

</ul>

        <h2>Special Instructions and Notes:</h2>

        <ul>

        </ul>

    <h2>Patch Instructions:</h2>

    <p>

        To install this SUSE  update use the SUSE recommended

        installation methods like YaST online_update or "zypper patch".<br/>

        Alternatively you can run the command listed for your product:

    </p>

    <ul class="list-group">

            <li class="list-group-item">

                SUSE Linux Micro 6.1

                        <br/>

                        <code>zypper in -t patch SUSE-SLE-Micro-6.1-538=1</code>

            </li>

    </ul>

    <h2>Package List:</h2>

    <ul>

                <li>

                    SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64)

                    <ul>

                            <li>zypper-1.14.97-slfo.1.1_1.1</li>

                            <li>zypper-debugsource-1.14.97-slfo.1.1_1.1</li>

                            <li>libzypp-debugsource-17.38.9-slfo.1.1_1.1</li>

                            <li>libsolv-tools-base-debuginfo-0.7.37-slfo.1.1_1.1</li>

                            <li>libsolv-debugsource-0.7.37-slfo.1.1_1.1</li>

                            <li>libzypp-debuginfo-17.38.9-slfo.1.1_1.1</li>

                            <li>libzypp-17.38.9-slfo.1.1_1.1</li>

                            <li>zypper-debuginfo-1.14.97-slfo.1.1_1.1</li>

                            <li>libsolv-tools-base-0.7.37-slfo.1.1_1.1</li>

                    </ul>

                </li>

                <li>

                    SUSE Linux Micro 6.1 (noarch)

                    <ul>

                            <li>zypper-needs-restarting-1.14.97-slfo.1.1_1.1</li>

                    </ul>

                </li>

    </ul>

        <h2>References:</h2>

        <ul>

                    <li>

                        <a href="https://www.suse.com/security/cve/CVE-2026-44933.html">https://www.suse.com/security/cve/CVE-2026-44933.html</a>

                    </li>

                    <li>

                        <a href="https://bugzilla.suse.com/show_bug.cgi?id=1265223">https://bugzilla.suse.com/show_bug.cgi?id=1265223</a>

                    </li>

                    <li>

                        <a href="https://jira.suse.com/browse/PED-11922">https://jira.suse.com/browse/PED-11922</a>

                    </li>

        </ul>

</div>