From null at suse.de Wed Apr 1 12:41:34 2026 From: null at suse.de (SUSE-MANAGER-UPDATES) Date: Wed, 01 Apr 2026 12:41:34 -0000 Subject: SUSE-SU-2026:1162-1: important: Security update for python-tornado Message-ID: <177504729405.568.16909836922947828424@634a8d224e68> # Security update for python-tornado Announcement ID: SUSE-SU-2026:1162-1 Release Date: 2026-03-31T22:02:19Z Rating: important References: * bsc#1254903 * bsc#1254905 * bsc#1259553 * bsc#1259630 Cross-References: * CVE-2025-67724 * CVE-2025-67725 * CVE-2026-31958 CVSS scores: * CVE-2025-67724 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-67724 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2025-67724 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2025-67725 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-67725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-67725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31958 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31958 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-31958 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Desktop 12 * SUSE Linux Enterprise Desktop 12 SP1 * SUSE Linux Enterprise Desktop 12 SP2 * SUSE Linux Enterprise Desktop 12 SP3 * SUSE Linux Enterprise Desktop 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 * SUSE Manager Client Tools for SLE 12 An update that solves three vulnerabilities and has one security fix can now be installed. ## Description: This update for python-tornado fixes the following issues: * CVE-2025-67724: missing validation of the supplied reason phrase (bsc#1254903). * CVE-2025-67725: Denial of Service (DoS) via maliciously crafted HTTP request caused by the HTTPHeaders.add method (bsc#1254905). * CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553). * incomplete validation of cookie attributes allows for injection of user- controlled values in other cookie attributes (bsc#1259630). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 12 zypper in -t patch SUSE-SLE-Manager-Tools-12-2026-1162=1 ## Package List: * SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * python3-tornado-4.2.1-17.18.1 * python-tornado-debuginfo-4.2.1-17.18.1 * python-tornado-debugsource-4.2.1-17.18.1 * python-tornado-4.2.1-17.18.1 ## References: * https://www.suse.com/security/cve/CVE-2025-67724.html * https://www.suse.com/security/cve/CVE-2025-67725.html * https://www.suse.com/security/cve/CVE-2026-31958.html * https://bugzilla.suse.com/show_bug.cgi?id=1254903 * https://bugzilla.suse.com/show_bug.cgi?id=1254905 * https://bugzilla.suse.com/show_bug.cgi?id=1259553 * https://bugzilla.suse.com/show_bug.cgi?id=1259630 -------------- next part -------------- An HTML attachment was scrubbed... URL: From null at suse.de Wed Apr 8 12:30:09 2026 From: null at suse.de (SUSE-MANAGER-UPDATES) Date: Wed, 08 Apr 2026 12:30:09 -0000 Subject: SUSE-SU-2026:1209-1: important: Security update for bind Message-ID: <177565140964.15968.17873725881142260212@634a8d224e68> # Security update for bind Announcement ID: SUSE-SU-2026:1209-1 Release Date: 2026-04-08T07:12:48Z Rating: important References: * bsc#1260805 Cross-References: * CVE-2026-1519 CVSS scores: * CVE-2026-1519 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-1519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-1519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 An update that solves one vulnerability can now be installed. ## Description: This update for bind fixes the following issues: * CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-MultiLinuxManagerTools-SLE-Micro-5-2026-1209=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2026-1209=1 ## Package List: * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (aarch64 ppc64le s390x x86_64) * libirs1601-debuginfo-9.16.6-150000.12.88.1 * libisccfg1600-9.16.6-150000.12.88.1 * libisc1606-debuginfo-9.16.6-150000.12.88.1 * libisccfg1600-debuginfo-9.16.6-150000.12.88.1 * libns1604-9.16.6-150000.12.88.1 * bind-debuginfo-9.16.6-150000.12.88.1 * libbind9-1600-9.16.6-150000.12.88.1 * libisc1606-9.16.6-150000.12.88.1 * libns1604-debuginfo-9.16.6-150000.12.88.1 * bind-utils-debuginfo-9.16.6-150000.12.88.1 * libdns1605-debuginfo-9.16.6-150000.12.88.1 * libdns1605-9.16.6-150000.12.88.1 * libisccc1600-debuginfo-9.16.6-150000.12.88.1 * bind-utils-9.16.6-150000.12.88.1 * libbind9-1600-debuginfo-9.16.6-150000.12.88.1 * libirs1601-9.16.6-150000.12.88.1 * libisccc1600-9.16.6-150000.12.88.1 * bind-debugsource-9.16.6-150000.12.88.1 * SUSE Multi-Linux Manager Client Tools for SLE Micro 5 (noarch) * python3-bind-9.16.6-150000.12.88.1 * SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64) * libisccfg1600-9.16.6-150000.12.88.1 * libns1604-9.16.6-150000.12.88.1 * libbind9-1600-9.16.6-150000.12.88.1 * libisc1606-9.16.6-150000.12.88.1 * libns1604-debuginfo-9.16.6-150000.12.88.1 * libdns1605-9.16.6-150000.12.88.1 * bind-utils-9.16.6-150000.12.88.1 * libirs1601-9.16.6-150000.12.88.1 * libisccc1600-9.16.6-150000.12.88.1 * SUSE Manager Client Tools for SLE Micro 5 (aarch64_ilp32) * libisc1606-64bit-9.16.6-150000.12.88.1 * libisccfg1600-64bit-9.16.6-150000.12.88.1 * libbind9-1600-64bit-9.16.6-150000.12.88.1 * libdns1605-64bit-9.16.6-150000.12.88.1 * libisccc1600-64bit-9.16.6-150000.12.88.1 * libirs1601-64bit-9.16.6-150000.12.88.1 * SUSE Manager Client Tools for SLE Micro 5 (noarch) * python3-bind-9.16.6-150000.12.88.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1519.html * https://bugzilla.suse.com/show_bug.cgi?id=1260805 -------------- next part -------------- An HTML attachment was scrubbed... URL: