openSUSE-SU-2026:21220-1: moderate: Security update for dhcpcd
openSUSE-SU-2026:21216-1: moderate: Security update for libslirp
openSUSE-SU-2026:21211-1: moderate: Security update for ffmpeg-7
openSUSE-SU-2026:21207-1: moderate: Security update for GraphicsMagick
openSUSE-SU-2026:21210-1: important: Security update for google-osconfig-agent
openSUSE-SU-2026:21201-1: important: Security update for jackson-annotations, jackson-core, jackson-databind
openSUSE-SU-2026:21221-1: moderate: Security update for jline3
openSUSE-SU-2026:21204-1: important: Security update for gstreamer-plugins-bad
openSUSE-SU-2026:21196-1: important: Security update for pacemaker
openSUSE-SU-2026:21192-1: important: Security update for dnsmasq
openSUSE-SU-2026:21205-1: important: Security update for docker-stable
openSUSE-SU-2026:21218-1: important: Security update for perl-List-SomeUtils-XS
openSUSE-SU-2026:21202-1: moderate: Security update for lcms2
SUSE-SU-2026:2729-1: moderate: Security update for python-lxml
SUSE-SU-2026:2731-1: moderate: Security update for editorconfig-core-c
SUSE-SU-2026:2733-1: important: Security update for buildah
openSUSE-SU-2026:0228-1: moderate: Security update for nilfs-utils
SUSE-SU-2026:2735-1: important: Security update for apache2
openSUSE-SU-2026:11180-1: moderate: python311-mistune-3.3.2-1.1 on GA media
openSUSE-SU-2026:11176-1: moderate: kitty-0.47.4-2.1 on GA media
openSUSE-SU-2026:11179-1: moderate: perl-List-SomeUtils-XS-0.590.0-1.1 on GA media
openSUSE-SU-2026:11175-1: moderate: kernel-devel-7.1.2-1.1 on GA media
openSUSE-SU-2026:11178-1: moderate: openQA-5.1782995932.ffeb09be-1.1 on GA media
openSUSE-SU-2026:11177-1: moderate: krb5-1.22.2-4.1 on GA media
SUSE-SU-2026:2743-1: important: Security update for gstreamer-plugins-bad
SUSE-SU-2026:2744-1: important: Security update for gstreamer-plugins-bad
SUSE-SU-2026:2745-1: moderate: Security update for firewalld-legacy
SUSE-SU-2026:2742-1: important: Security update for pacemaker
SUSE-SU-2026:2751-1: moderate: Security update for tracker-miners
SUSE-SU-2026:2749-1: important: Security update for perl-DBI
openSUSE-SU-2026:21220-1: moderate: Security update for dhcpcd
openSUSE security update: security update for dhcpcd
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21220-1
Rating: moderate
References:
* bsc#1268761
Cross-References:
* CVE-2025-70102
CVSS scores:
* CVE-2025-70102 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-70102 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves one vulnerability and has one bug fix can now be installed.
Description:
This update for dhcpcd fixes the following issue
Update to 10.3.2:
- CVE-2025-70102: NULL pointer dereference in `parse_option()` when processing a specially crafted configuration input
(bsc#1268761).
Changes for dhcpcd:
* options: Ensure ldop is not NULL dereferenced
* DHCP: Don't run double EXPIRE hooks on carrier loss
* DHCP: free the state when dropping on state NONE
* BSD: don't send uninitialised memory using
ps_root_indirectioctl
* Fix fallback_time option
* IPv4: Ignore DHCP state when building routes
* route: Routes may not have an interface assinged
* options: Ensure that an overly long bitflag string does not
crash
* options: Don't assume vsio options have an argument
* common: Cast via uintptr_t rather than unsigned long in UNCONST
* privsep: Ensure we recv for real after a successful recv
MSG_PEEK
* DHCP: Add parentheses to macro definitions
* ipv6nd: empty IPV6RA_EXPIRE eloop queue when dropping
* privsep: enforce message boundaries with MSG_EOR on our
messages
* Protocols will notify when dhcpcd can exit
* DHCP: Don't request T1 and T2
* DHCP: Don't request a lease time
* DHCP6: Don't exit if using DHCP4 INFORM in non manager mode
* ND: Route Information Option prefix is optional
* ipv6: respect slaac hwaddr to really use the hwaddr
* When stopping all interfaces at exit and releasing,
remove persistance
* NetBSD: Delete RTF_CONNECTED route when changing it
* privsep: Drain the log when the root process is exiting
* eloop: vastly reworked, kqueue and epoll support on by default
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1147=1
Package List:
- openSUSE Leap 16.0:
dhcpcd-10.3.2-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2025-70102.html
openSUSE-SU-2026:21216-1: moderate: Security update for libslirp
openSUSE security update: security update for libslirp
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21216-1
Rating: moderate
References:
* bsc#1268903
Cross-References:
* CVE-2026-9539
CVSS scores:
* CVE-2026-9539 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves one vulnerability and has one bug fix can now be installed.
Description:
This update for libslirp fixes the following issue
- CVE-2026-9539: TCP URG out of bounds heap read information leak (bsc#1268903).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1142=1
Package List:
- openSUSE Leap 16.0:
libslirp-devel-4.8.0+2-160000.3.1
libslirp0-4.8.0+2-160000.3.1
References:
* https://www.suse.com/security/cve/CVE-2026-9539.html
openSUSE-SU-2026:21211-1: moderate: Security update for ffmpeg-7
openSUSE security update: security update for ffmpeg-7
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21211-1
Rating: moderate
References:
* bsc#1220545
* bsc#1234030
* bsc#1237561
* bsc#1249393
* bsc#1249431
* bsc#1262237
Cross-References:
* CVE-2023-6601
* CVE-2024-35366
* CVE-2025-10256
* CVE-2025-1594
* CVE-2025-25473
* CVE-2025-9951
* CVE-2026-40962
CVSS scores:
* CVE-2023-6601 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2024-35366 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-35366 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-10256 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-10256 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-1594 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-1594 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-25473 ( SUSE ): 0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
* CVE-2025-25473 ( SUSE ): 0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-9951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2025-9951 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-40962 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-40962 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 7 vulnerabilities and has 6 bug fixes can now be installed.
Description:
This update for ffmpeg-7 fixes the following issues
- CVE-2026-40962: inadequate CENC subsample bounds checks can lead to an integer overflow (bsc#1262237).
Changes for ffmpeg-7:
- Update to version 7.1.4:
* Codec, format, filter and various other bugfixes.
* lavc/aarch64: Fix addp overflow in ff_pred16x16_plane_neon_10
* swscale/output: Fix integer overflow in yuv2ya16_X_c_template()
* avformat/avformat: clear FFFormatContext packet queue when
closing a muxer
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1137=1
Package List:
- openSUSE Leap 16.0:
ffmpeg-7-7.1.4-160000.1.1
ffmpeg-7-libavcodec-devel-7.1.4-160000.1.1
ffmpeg-7-libavdevice-devel-7.1.4-160000.1.1
ffmpeg-7-libavfilter-devel-7.1.4-160000.1.1
ffmpeg-7-libavformat-devel-7.1.4-160000.1.1
ffmpeg-7-libavutil-devel-7.1.4-160000.1.1
ffmpeg-7-libpostproc-devel-7.1.4-160000.1.1
ffmpeg-7-libswresample-devel-7.1.4-160000.1.1
ffmpeg-7-libswscale-devel-7.1.4-160000.1.1
libavcodec61-7.1.4-160000.1.1
libavdevice61-7.1.4-160000.1.1
libavfilter10-7.1.4-160000.1.1
libavformat61-7.1.4-160000.1.1
libavutil59-7.1.4-160000.1.1
libpostproc58-7.1.4-160000.1.1
libswresample5-7.1.4-160000.1.1
libswscale8-7.1.4-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2023-6601.html
* https://www.suse.com/security/cve/CVE-2024-35366.html
* https://www.suse.com/security/cve/CVE-2025-10256.html
* https://www.suse.com/security/cve/CVE-2025-1594.html
* https://www.suse.com/security/cve/CVE-2025-25473.html
* https://www.suse.com/security/cve/CVE-2025-9951.html
* https://www.suse.com/security/cve/CVE-2026-40962.html
openSUSE-SU-2026:21207-1: moderate: Security update for GraphicsMagick
openSUSE security update: security update for graphicsmagick
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21207-1
Rating: moderate
References:
* bsc#1268125
Cross-References:
* CVE-2026-46523
CVSS scores:
* CVE-2026-46523 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-46523 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves one vulnerability and has one bug fix can now be installed.
Description:
This update for GraphicsMagick fixes the following issue
- CVE-2026-46523: heap-use-after-free via a crafted MSL image (bsc#1268125).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1133=1
Package List:
- openSUSE Leap 16.0:
GraphicsMagick-1.3.45-160000.8.1
GraphicsMagick-devel-1.3.45-160000.8.1
libGraphicsMagick++-Q16-12-1.3.45-160000.8.1
libGraphicsMagick++-devel-1.3.45-160000.8.1
libGraphicsMagick-Q16-3-1.3.45-160000.8.1
libGraphicsMagick3-config-1.3.45-160000.8.1
libGraphicsMagickWand-Q16-2-1.3.45-160000.8.1
perl-GraphicsMagick-1.3.45-160000.8.1
References:
* https://www.suse.com/security/cve/CVE-2026-46523.html
openSUSE-SU-2026:21210-1: important: Security update for google-osconfig-agent
openSUSE security update: security update for google-osconfig-agent
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21210-1
Rating: important
References:
* bsc#1210938
* bsc#1251453
* bsc#1251704
* bsc#1260264
* bsc#1262926
* bsc#1264923
* bsc#1265762
* bsc#1266171
* bsc#1266603
Cross-References:
* CVE-2023-45288
* CVE-2025-22868
* CVE-2025-47911
* CVE-2025-58190
* CVE-2026-33186
* CVE-2026-33814
* CVE-2026-34986
* CVE-2026-39821
* CVE-2026-39827
* CVE-2026-39828
* CVE-2026-39829
* CVE-2026-39830
* CVE-2026-39831
* CVE-2026-39832
* CVE-2026-39833
* CVE-2026-39834
* CVE-2026-39835
* CVE-2026-41506
* CVE-2026-42508
* CVE-2026-46595
* CVE-2026-46597
* CVE-2026-46598
CVSS scores:
* CVE-2023-45288 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-45288 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-22868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22868 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-47911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-47911 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58190 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34986 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
* CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41506 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-41506 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 22 vulnerabilities and has 9 bug fixes can now be installed.
Description:
This update for google-osconfig-agent fixes the following issues
- CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers.
- CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents
(bsc#1251453).
- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially
crafted input (bsc#1251704).
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
header (bsc#1260264).
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265762).
- CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of
service (bsc#1262926).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege escalation (bsc#1266603).
- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
(bsc#1266171).
- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
(bsc#1266171).
- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
(bsc#1266171).
- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266171).
- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
(bsc#1266171).
- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
(bsc#1266171).
- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266171).
- CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during
smart-HTTP clone and fetch operations (bsc#1264923).
Changes for google-osconfig-agent:
- Update to version 20260615.01
* Upgrade golang.org/x/crypto & golang.org/x/net (#1006)
- from version 20260615.00
* Add unit tests for ospatch_apt_upgrade.go (#938)
- Update to version 20260611.00
* Add unit tests for policies/policies.go PART 5 (#998)
- from version 20260610.00
* Add unit tests for policies/policies.go PART 4 (#997)
- from version 20260609.02
* squash commits (#936)
- from version 20260609.01
* Add unit tests for policies/policies.go PART 3 (#996)
- from version 20260609.00
* Add unit tests for policies/policies.go PART 2 (#991)
- from version 20260602.01
* Align format of dates and timestamp collected across Windows packages (#973)
- from version 20260602.00
* Add unit tests for config/config,go (#979)
- from version 20260528.00
* Bump github.com/containerd/containerd (#990)
- from version 20260521.00
* Cover agentconfig functionality by unit tests (#925)
- from version 20260520.04
* Add unit tests for policies/googet.go (#961)
* Bump github.com/go-git/go-git/v5 (#987)
- from version 20260520.02
* Add unit tests for policies/yum.go (#952)
* Add unit tests for policies/apt.go PART 3 (#951)
- from version 20260520.00
* Add unit tests for policies/zypper.go (#953)
- from version 20260519.00
* Add unit tests for policies/policies.go PART 1 (#949)
- from version 20260513.01
* Bump github.com/go-git/go-git/v5 (#981), this also updates
golang.org/x/net to v0.53.0 (bsc#1265762, CVE-2026-33814)
- from version 20260513.00
* upgrade a few packages (#980)
- from version 20260512.02
* Add/improve unit tests for agentendpoint/exec_task.go (#933)
- from version 20260512.01
* Cover google_update.go by unit tests (#941)
- from version 20260512.00
* Change zone for arm64 builds because of stockout (#978)
- Update to version 20260511.00
* switch to t2a-standard-2 on ARM package build (#977)
- from version 20260505.03
* Cover zypper_patch by unit tests (#958)
- from version 20260505.02
* Remove unused functions DisableAutoUpdates (#970)
- from version 20260505.01
* Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#966)
- from version 20260505.00
* Upgrade a few dependencies across the repo (#968)
+ github.com/go-git/go-git/v5 5.16.2->5.18.0 (bsc#1264923, CVE-2026-41506)
+ github.com/go-jose/go-jose/v4 4.1.3->4.1.4 (bsc#1262926, CVE-2026-34986)
+ github.com/go-viper/mapstructure/v2 2.3.0->2.4.0
+ go.opentelemetry.io/otel 1.40.0->1.41.0
+ go.opentelemetry.io/otel/sdk 1.39.0->1.43.0
- from version 20260504.01
* bump github.com/docker/cli to 29.2.0 (#962)
- from version 20260504.00
* Bump github.com/opencontainers/selinux (#960)
- Update to version 20260428.00
* Add/improve unit tests for agentendpoint/agentendpoint.go (#930)
- from version 20260427.03
* Cover config/file.go by unit tests (#935)
- from version 20260422.01
* Cover patch_linux.go by unit tests (#932)
- from version 20260422.00
* upgrade grpc package in main package and e2e tests (#959)
(bsc#1260264, CVE-2026-33186)
- from version 20260417.04
* Bump OSV-Scalibr version to v0.4.3 (#956)
- from version 20260417.03
* Add unit tests for updates_linux.go (#937)
- from version 20260417.02
* Add zone to CreateDisk step (#955)
- from version 20260417.01
* Change disk type for deb11 (#954)
- from version 20260417.00
* Add unit tests for policies/apt.go PART 1 (#950)
- from version 20260410.02
* Add unit tests for packages/pty_linux.go (#943)
- from version 20260410.01
* fix disk type for arm workflows (#948)
- from version 20260410.00
* Change machine type for arm based workflows (#946)
- Update to version 20260330.00
* bump timeouts for all workflows (#940)
- from version 20260326.00
* Cover exec_resource.go by unit tests (#934)
- from version 20260318.00
* Integrate OSConfig agent with ReportVmInventory (#923)
- from version 20260313.02
* remove cacheonly flag from yum upgrade (#924)
- from version 20260313.01
* conditions python version override (#927)
- from version 20260313.00
* Fix presubmits by explicitly set python version for rpm based systems (#926)
- from version 20260311.00
* Bump osconfig version (#922)
- from version 20260309.02
* Extend OSV scalibr extractor (#921)
- from version 20260309.01
* upgrade golang.org/x/crypto and it's transitive deps (#918)
- from version 20260309.00
* Add purl to pkg info (#920)
- from version 20260306.00
* Add 'Type' field to PkgInfo (#919)
- from version 20260303.01
* Upgrade go.opentelemetry.io/otel/sdk (#913)
- from version 20260303.00
* Bump github.com/vbatts/tar-split from 0.11.5 to 0.12.2 (#908)
- from version 20260302.00
* Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.7 (#906)
- from version 20260126.00
* Bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.39.0 (#905)
* Bump github.com/sirupsen/logrus (#894)
- Update to version 20260119.00
* Bump cloud.google.com/go/storage from 1.56.0 to 1.58.0 (#899)
- Update to version 20251230.00
* chore: Migrate gsutil usage to gcloud storage (#904)
- from version 20251223.00
* fix e2e tests for report inventory (#903)
- from version 20251222.01
* Revert "Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)" (#902)
- from version 20251222.00
* Bump golang to the new version (#900)
- from version 20251218.00
* add new CODEOWNERS (#901)
- from version 20251217.00
* Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)
- Bump the golang compiler version to 1.24.5
- Update to version 20251202.00
* Revert "Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)" (#893)
- Update to version 20251201.00
* Revert "Bump github.com/containerd/containerd (#890)" (#892)
- Update to version 20251126.00
* Bump github.com/containerd/containerd (#890)
* Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)
- Update to version 20251028.00
* Bump go.opentelemetry.io/otel/sdk/metric from 1.35.0 to 1.38.0 (#886)
* Bump github.com/tidwall/pretty from 1.2.0 to 1.2.1 (#880)
- from version 20251023.02
* Create multiple_os.yaml (#883)
- from version 20251023.00
* Bump github.com/docker/go-connections from 0.4.0 to 0.6.0 (#877)
* Add test runner for e2e tests (#876)
- Update to version 20250925.00
* Bump cloud.google.com/go/auth/oauth2adapt from 0.2.7 to 0.2.8 (#870)
* Bump google.golang.org/protobuf from 1.36.6 to 1.36.9 (#874)
* Bump go.opentelemetry.io/otel from 1.35.0 to 1.38.0 (#872)
* Bump github.com/golang/glog from 1.2.4 to 1.2.5 (#830)
- Update to version 20250902.01
* Bump github.com/googleapis/enterprise-certificate-proxy (#829)
- from version 20250902.00
* update github.com/go-jose/go-jose/v4 (#869)
* Upgrade scalibr and other deps (#866)
- from version 20250901.00
* Fix possibility of path traversal for zip and tar archival (#868)
- from version 20250825.00
* set CODEOWNERS file as required by org (#863)
- from version 20250819.00
* Fix/rhel10 build centos image (#860)
- from version 20250814.00
* Fix/rhel10 build image (#859)
- from version 20250813.00
* Fix: Add RHEL 10 support to RPM startup script (#858)
- from version 20250811.00
* Remove old/sles-15-sp4-sap as image is deprecated (#857)
- Update to version 20250806.00
* Fixed JSON identifier for the universe domain (#855)
- from version 20250729.00
* Bump github.com/google/s2a-go from 0.1.8 to 0.1.9 (#828)
- from version 20250725.02
* Update utils.go (#854)
* Upgrade golang.org/x/oauth2 package to the latest. (#853)
* Bump golang.org/x/time from 0.9.0 to 0.12.0 (#839)
- from version 20250725.01
* Bump golang.org/x/oauth2 (#848)
* Port fix for debian 11 to goo package manager. (#852)
- from version 20250725.00
* Update Golang version in common.sh and skip backports
repo for debian 11 (#850)
- from version 20250723.01
* Add workflows to build package for el10 (#849)
- from version 20250721.00
* Make OS Config agent TPC aware (#846)
- from version 20250718.00
* Create workflows for new Debian 13. (#847)
- Update to version 20250703.00
* Fix sles images (#844)
- from version 20250702.00
* Remove rhel-sap 8-4 add rhel-sap 8-10 (#843)
- from version 20250701.00
* Bump the go_modules group across 1 directory with 2 updates (#840)
- Update to version 20250606.00
* Change base docker images Google's official base images. (#838)
- Update to version 20250523.01
* Add a simple no-op OS policy for user testing (#837)
- from version 20250523.00
* Introduce scalibr inventory extractor for dpkg/rpm/cos
os/filesystem extractors (linux) (#834)
* Trace GetInstalledPackages memory levels (#835)
- from version 20250520.00
- Update to version 20250513.00
* Fix rpm extractor, handle (none) value correctly. (#833)
- from version 20250512.01
* Bump github.com/envoyproxy/go-control-plane from 0.13.1 to 0.13.4 (#816)
- from version 20250512.00
* Bump golang.org/x/net from 0.39.0 to 0.40.0 (#819)
- from version 20250508.01
* cosmetic refactoring to osinfo package (#826)
- from version 20250508.00
* Refactor /inventory with dependency injection (#825)
* Add debian, ubuntu (InstalledDebPackages) snapshots (#821)
* cover packages_linux.go file with tests (#824)
* Add debian (10,11,12) GetPackageUpdates output snapshots (#822)
- from version 20250507.00
* Add InstalledRPMPackages snapshot tests (#823)
- from version 20250506.02
* Yum tests: simplify initialization of exit errors (#820)
- from version 20250506.01
* Improve test coverage for gem package manager (#818)
- from version 20250506.00
* after go/x/crypto update 0.32.0 -> 0.37.0 (#817)
- from version 20250505.01
* Improve packages package coverage (#814)
* Bump golang.org/x/net from 0.34.0 to 0.39.0 (#807)
- from version 20250505.00
* Bump golang.org/x/crypto from 0.32.0 to 0.37.0 (#806)
- from version 20250430.00
* Snapshot YumUpdates (GetPackageUpdates) output (#813)
- from version 20250428.00
* Snapshot ZypperPatches, ZypperUpdates (GetPackageUpdates) output
for sles 12, 15 testdata (#812)
- from version 20250423.00
* Introduce MatchSnapshot large test results matcher function, snapshot
apt-deb GetPackageUpdates (#811)
- from version 20250416.02
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1136=1
Package List:
- openSUSE Leap 16.0:
google-osconfig-agent-20260615.01-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2023-45288.html
* https://www.suse.com/security/cve/CVE-2025-22868.html
* https://www.suse.com/security/cve/CVE-2025-47911.html
* https://www.suse.com/security/cve/CVE-2025-58190.html
* https://www.suse.com/security/cve/CVE-2026-33186.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-34986.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39828.html
* https://www.suse.com/security/cve/CVE-2026-39829.html
* https://www.suse.com/security/cve/CVE-2026-39830.html
* https://www.suse.com/security/cve/CVE-2026-39831.html
* https://www.suse.com/security/cve/CVE-2026-39832.html
* https://www.suse.com/security/cve/CVE-2026-39833.html
* https://www.suse.com/security/cve/CVE-2026-39834.html
* https://www.suse.com/security/cve/CVE-2026-39835.html
* https://www.suse.com/security/cve/CVE-2026-41506.html
* https://www.suse.com/security/cve/CVE-2026-42508.html
* https://www.suse.com/security/cve/CVE-2026-46595.html
* https://www.suse.com/security/cve/CVE-2026-46597.html
* https://www.suse.com/security/cve/CVE-2026-46598.html
openSUSE-SU-2026:21201-1: important: Security update for jackson-annotations, jackson-core, jackson-databind
openSUSE security update: security update for jackson-annotations, jackson-core, jackson-databind
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21201-1
Rating: important
References:
* bsc#1268603
* bsc#1268897
* bsc#1268898
* bsc#1268899
* bsc#1268902
Cross-References:
* CVE-2026-54512
* CVE-2026-54513
* CVE-2026-54514
* CVE-2026-54515
CVSS scores:
* CVE-2026-54512 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-54513 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-54514 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-54515 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 4 vulnerabilities and has 5 bug fixes can now be installed.
Description:
This update for jackson-annotations, jackson-core, jackson-databind fixes the following issues
- CVE-2026-54512: jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows
arbitrary class instantiation (bsc#1268897).
- CVE-2026-54513: jackson-databind has an array subtype allowlist bypass in BasicPolymorphicTypeValidator (bsc#1268898).
- CVE-2026-54514: InetSocketAddress deserialization triggers eager DNS resolution (bsc#1268899).
- CVE-2026-54515: jackson-databind has case-insensitive deserialization bypasses per-property @JsonIgnoreProperties
(bsc#1268902).
- document length constraint bypass in blocking, async, and DataInput parsers (bsc#1268603).
Changes for jackson-annotations:
- Update to 2.18.8
* No changes since 2.17.3
Changes for jackson-core:
- Update to 2.18.8
* Changes of 2.18.8
+ #1611: Apply number-length validator on streaming integer path
of async parser
* Changes of 2.18.7
+ #1570: Fail parsing from 'DataInput' if 'StreamReadConstraints
.getMaxDocumentLength()' set
(bsc#1268603, GHSA-2m67-wjpj-xhg9)
+ #1600: Rework 3rd party licenses in jar
+ #1602: 'UTF8DataInputJsonParser' needs to enforce
'StreamReadConstraints.maxNameLength' limit
* Changes of 2.18.6
+ #1512: Number-parsing fix for 'UTF8DataInputJsonParser'
+ #1548: 'StreamReadConstraints.maxDocumentLength' not checked
when creating parser with fixed buffer
+ #1555: Enforce 'StreamReadConstraints.maxNumberLength' for
non-blocking (async) parser
* Changes of 2.18.5
+ #1433: 'JsonParser#getNumberType()' throws
'JsonParseException' when the current token is non-numeric
instead of returning null
+ #1446: Invalid package reference to "java.lang.foreign" from
'com.fasterxml.jackson.core:jackson-core' (from
'FastDoubleParser')
* Changes of 2.18.3
+ #1391: Fix issue where the parser can read back old number
state when parsing later numbers
+ #1397: Jackson changes additional values to infinite in case
of special JSON structures and existing infinite values
+ #1398: Fix issue that feature
COMBINE_UNICODE_SURROGATES_IN_UTF8 doesn't work when custom
characterEscape is used
* Changes of 2.18.2
+ #1359: Non-surrogate characters being incorrectly combined
when 'JsonWriteFeature.COMBINE_UNICODE_SURROGATES_IN_UTF8' is
enabled
* Changes of 2.18.1
+ #1353: Use fastdoubleparser 1.0.90
* Changes of 2.18.
+ #223: 'UTF8JsonGenerator' writes supplementary characters as a
surrogate pair: should use 4-byte encoding
+ #1230: Improve performance of 'float' and 'double' parsing
from 'TextBuffer'
+ #1251: 'InternCache' replace synchronized with 'ReentrantLock'
- the cache size limit is no longer strictly enforced for
performance reasons but we should never go far about the limit
+ #1252: 'ThreadLocalBufferManager' replace synchronized with
'ReentrantLock'
+ #1257: Increase InternCache default max size from 100 to 200
+ #1262: Add diagnostic method 'pooledCount()' in 'RecyclerPool'
+ #1264: Rename shaded 'ch.randelshofer:fastdoubleparser'
classes to prevent use by downstream consumers
+ #1271: Deprecate 'LockFreePool' implementation in 2.18 (remove
from 3.0)
+ #1274: 'NUL'-corrupted keys, values on JSON serialization
+ #1277: Add back Java 22 optimisation in FastDoubleParser
+ #1284: Optimize 'JsonParser.getDoubleValue()/getFloatValue()
/getDecimalValue()' to avoid String allocation
+ #1305: Make helper methods of 'WriterBasedJsonGenerator'
non-final to allow overriding
+ #1310: Add new 'StreamReadConstraints' ('maxTokenCount') to
limit maximum number of Tokens allowed per document#
+ #1331: Update to FastDoubleParser v1.0.1 to fix 'BigDecimal'
decoding proble
Changes for jackson-databind:
- Update to 2.18.8
* Changes of 2.18.8
+ #5950: Improve 'UUIDeserializer' error handling
+ #5951: Improve 'InetSocketAddress' deserialization
(bsc#1268899, CVE-2026-54514)
+ #5969: '@JsonView' by-passed for some "setterless" creator
properties
+ #5971: '@JsonView' by-passed for unwrapped creator parameters
+ #5974: '@JsonIgnore' on Record property ignored with
'PropertyNamingStrategy'
+ #5981: 'BasicPolymorphicTypeValidator' setting
'allowIfSubTypeIsArray()' should validate element type
(bsc#1268898, CVE-2026-54513)
+ #5988: 'PolymorphicTypeValidator' needs to validate generic
type parameters too (bsc#1268897, CVE-2026-54512)
+ #5993: 'UPPER_SNAKE_CASE' / 'LOWER_CASE' 'NamingStrategyImpls'
fold case using JVM default locale (Turkish-I bug)
* Changes of 2.18.4
+ #4628: '@JsonIgnore' and '@JsonProperty.access=READ_ONLY' on
Record property ignored for deserialization
+ #5049: Duplicate creator property "b" (index 0 vs 1) on simple
java record
* Changes of 2.18.3
+ #4444: The 'KeyDeserializer' specified in the class with
'@JsonDeserialize(keyUsing = ...)' is overwritten by the
'KeyDeserializer' specified in the 'ObjectMapper'.
+ #4827: Subclassed Throwable deserialization fails since
v2.18.0 - no creator index for property 'cause'
+ #4844: Fix wrapped array handling wrt 'null' by
'StdDeserializer'
+ #4848: Avoid type pollution in 'StringCollectionDeserializer'
+ #4860: 'ConstructorDetector.USE_PROPERTIES_BASED' does not
work with multiple constructors since 2.18
+ #4878: When serializing a Map via
Converter(StdDelegatingSerializer), a NullPointerException is
thrown due to missing key serializer
+ #4908: Deserialization behavior change with @JsonCreator and
@ConstructorProperties between 2.17 and 2.18
+ #4917: 'BigDecimal' deserialization issue when using
'@JsonCreator'
+ #4920: Creator properties are ignored on abstract types when
collecting bean properties, breaking AsExternalTypeDeserializer
+ #4922: Failing '@JsonMerge' with a custom Map
+ #4932: Conversion of 'MissingNode' throws
'JsonProcessingException'
* Changes of 2.18.2
+ #4733: Wrong serialization of Type Ids for certain types of
Enum values
+ #4742: Deserialization with Builder, External type id,
'@JsonCreator' failing
+ #4777: 'StdValueInstantiator.withArgsCreator' is now set for
creators with no arguments
+ #4783 Possibly wrong behavior of @JsonMerge
+ #4787: Wrong 'String.format()' in 'StdDelegatingDeserializer'
hides actual error
+ #4788: 'EnumFeature.WRITE_ENUMS_TO_LOWERCASE' overrides
'@JsonProperty' values
+ #4790: Fix '@JsonAnySetter' issue with "setter" method
(related to #4639)
+ #4807: Improve 'FactoryBasedEnumDeserializer' to work better
with XML module
+ #4810: Deserialization using '@JsonCreator' with renamed
property failing (since 2.18)
* Changes of 2.18.1
+ #4508: Deserialized JsonAnySetter field in Kotlin data class
is null
+ #4639: @JsonAnySetter on field ignoring unrecognized
properties if they are declared before the last recognized
properties in JSON
+ #4718: Should not fail on trying to serialize
'java.time.DateTimeException'
+ #4724: Deserialization behavior change with Records,
'@JsonCreator' and '@JsonValue' between 2.17 and 2.18
+ #4727: Eclipse having issues due'module-info' class "lost" on
2.18.0 jars
+ #4741: When 'Include.NON_DEFAULT' setting is used on POJO,
empty values are not included in json if default is 'null'
+ #4749: Fixed a problem with
'StdDelegatingSerializer#serializeWithType' looking up the
serializer with the wrong argument
* Changes of 2.18.0
+ #562: Allow '@JsonAnySetter' to flow through Creators
+ #806: Problem with 'NamingStrategy', creator methods with
implicit names
+ #2977: Incompatible 'FAIL_ON_MISSING_PRIMITIVE_PROPERTIES' and
field level '@JsonProperty'
+ #3120: Return 'ListIterator' from 'ArrayNode.elements()'
+ #3241: 'constructorDetector' seems to invalidate
'defaultSetterInfo' for nullability
+ #3439: Java Record '@JsonAnySetter' value is null after
deserialization
+ #4085: '@JsonView' does not work on class-level for records
+ #4119: Exception when deserialization uses a record with a
constructor property with 'access=READ_ONLY'
+ #4356: 'BeanDeserializerModifier::updateBuilder()' doesn't
work for beans with Creator methods
+ #4407: 'null' type id handling does not work with
'writeTypePrefix()'
+ #4452: '@JsonProperty' not serializing field names properly on
'@JsonCreator' in Record
+ #4453: Allow JSON Integer to deserialize into a single-arg
constructor of parameter type 'double'
+ #4456: Rework locking in 'DeserializerCache'
+ #4458: Rework synchronized block from 'BeanDeserializerBase'
+ #4464: When 'Include.NON_DEFAULT' setting is used, 'isEmpty()'
method is not called on the serializer
+ #4472: Rework synchronized block in 'TypeDeserializerBase'
+ #4483: Remove 'final' on method BeanSerializer.serialize()
+ #4515: Rewrite Bean Property Introspection logic in Jackson
2.x
+ #4545: Unexpected deserialization behavior with
'@JsonCreator', '@JsonProperty' and javac '-parameters'
+ #4570: Deprecate 'ObjectMapper.canDeserialize()'/'ObjectMapper
.canSerialize()'
+ #4580: Add 'MapperFeature
.SORT_CREATOR_PROPERTIES_BY_DECLARATION_ORDER' to use Creator
properties' declaration order for sorting
+ #4584: Provide extension point for detecting "primary"
Constructor for Kotlin (and similar) data classes
+ #4602: Possible wrong use of _arrayDelegateDeserializer in
BeanDeserializerBase::deserializeFromObjectUsingNonDefault()
+ #4617: Record property serialization order not preserved
+ #4626: '@JsonIgnore' on Record property ignored for
deserialization, if there is getter override
+ #4630: '@JsonIncludeProperties', '@JsonIgnoreProperties'
ignored when serializing Records, if there is getter override
+ #4634: '@JsonAnySetter' not working when annotated on both
constructor parameter & field
+ #4678: Java records don't serialize with 'MapperFeature
.REQUIRE_SETTERS_FOR_GETTERS'
+ #4688: Should allow deserializing with no-arg
'@JsonCreator(mode = DELEGATING)'
+ #4694: Deserializing 'BigDecimal' with large number of
decimals result in incorrect value
+ #4699: Add extra 'writeNumber()' method in 'TokenBuffer'
+ #4709: Add 'JacksonCollectors' with 'toArrayNode()'
implementation
+ Fix #5962: Case-insensitive deserialization may use wrong
@JsonIgnoreProperties (bsc#1268902, CVE-2026-54515)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1124=1
Package List:
- openSUSE Leap 16.0:
jackson-annotations-2.18.8-160000.1.1
jackson-annotations-javadoc-2.18.8-160000.1.1
jackson-core-2.18.8-160000.1.1
jackson-core-javadoc-2.18.8-160000.1.1
jackson-databind-2.18.8-160000.1.1
jackson-databind-javadoc-2.18.8-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2026-54512.html
* https://www.suse.com/security/cve/CVE-2026-54513.html
* https://www.suse.com/security/cve/CVE-2026-54514.html
* https://www.suse.com/security/cve/CVE-2026-54515.html
openSUSE-SU-2026:21221-1: moderate: Security update for jline3
openSUSE security update: security update for jline3
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21221-1
Rating: moderate
References:
* bsc#1269021
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that has one bug fix can now be installed.
Description:
This update for jline3 fixes the following issues:
Changes in jline3:
* unauthenticated remote memory exhaustion via unbounded Telnet 'NEW-ENVIRON variables (bsc#1269021)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1148=1
Package List:
- openSUSE Leap 16.0:
jline3-3.30.13-160000.3.1
jline3-builtins-3.30.13-160000.3.1
jline3-console-3.30.13-160000.3.1
jline3-console-ui-3.30.13-160000.3.1
jline3-curses-3.30.13-160000.3.1
jline3-jansi-3.30.13-160000.3.1
jline3-jansi-core-3.30.13-160000.3.1
jline3-javadoc-3.30.13-160000.3.1
jline3-native-3.30.13-160000.3.1
jline3-reader-3.30.13-160000.3.1
jline3-remote-telnet-3.30.13-160000.3.1
jline3-style-3.30.13-160000.3.1
jline3-terminal-3.30.13-160000.3.1
jline3-terminal-jansi-3.30.13-160000.3.1
jline3-terminal-jna-3.30.13-160000.3.1
jline3-terminal-jni-3.30.13-160000.3.1
openSUSE-SU-2026:21204-1: important: Security update for gstreamer-plugins-bad
openSUSE security update: security update for gstreamer-plugins-bad
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21204-1
Rating: important
References:
* bsc#1268401
Cross-References:
* CVE-2026-52719
CVSS scores:
* CVE-2026-52719 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves one vulnerability and has one bug fix can now be installed.
Description:
This update for gstreamer-plugins-bad fixes the following issue
- CVE-2026-52719: gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read via JPEG segment length validation in VA
decoder (bsc#1268401).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1128=1
Package List:
- openSUSE Leap 16.0:
gstreamer-plugins-bad-1.26.7-160000.2.1
gstreamer-plugins-bad-chromaprint-1.26.7-160000.2.1
gstreamer-plugins-bad-devel-1.26.7-160000.2.1
gstreamer-plugins-bad-lang-1.26.7-160000.2.1
gstreamer-transcoder-1.26.7-160000.2.1
gstreamer-transcoder-devel-1.26.7-160000.2.1
libgstadaptivedemux-1_0-0-1.26.7-160000.2.1
libgstanalytics-1_0-0-1.26.7-160000.2.1
libgstbadaudio-1_0-0-1.26.7-160000.2.1
libgstbasecamerabinsrc-1_0-0-1.26.7-160000.2.1
libgstcodecparsers-1_0-0-1.26.7-160000.2.1
libgstcodecs-1_0-0-1.26.7-160000.2.1
libgstcuda-1_0-0-1.26.7-160000.2.1
libgstdxva-1_0-0-1.26.7-160000.2.1
libgstinsertbin-1_0-0-1.26.7-160000.2.1
libgstisoff-1_0-0-1.26.7-160000.2.1
libgstmpegts-1_0-0-1.26.7-160000.2.1
libgstmse-1_0-0-1.26.7-160000.2.1
libgstphotography-1_0-0-1.26.7-160000.2.1
libgstplay-1_0-0-1.26.7-160000.2.1
libgstplayer-1_0-0-1.26.7-160000.2.1
libgstsctp-1_0-0-1.26.7-160000.2.1
libgsttranscoder-1_0-0-1.26.7-160000.2.1
libgsturidownloader-1_0-0-1.26.7-160000.2.1
libgstva-1_0-0-1.26.7-160000.2.1
libgstvulkan-1_0-0-1.26.7-160000.2.1
libgstwayland-1_0-0-1.26.7-160000.2.1
libgstwebrtc-1_0-0-1.26.7-160000.2.1
libgstwebrtcnice-1_0-0-1.26.7-160000.2.1
typelib-1_0-CudaGst-1_0-1.26.7-160000.2.1
typelib-1_0-GstAnalytics-1_0-1.26.7-160000.2.1
typelib-1_0-GstBadAudio-1_0-1.26.7-160000.2.1
typelib-1_0-GstCodecs-1_0-1.26.7-160000.2.1
typelib-1_0-GstCuda-1_0-1.26.7-160000.2.1
typelib-1_0-GstDxva-1_0-1.26.7-160000.2.1
typelib-1_0-GstInsertBin-1_0-1.26.7-160000.2.1
typelib-1_0-GstMpegts-1_0-1.26.7-160000.2.1
typelib-1_0-GstMse-1_0-1.26.7-160000.2.1
typelib-1_0-GstPlay-1_0-1.26.7-160000.2.1
typelib-1_0-GstPlayer-1_0-1.26.7-160000.2.1
typelib-1_0-GstTranscoder-1_0-1.26.7-160000.2.1
typelib-1_0-GstVa-1_0-1.26.7-160000.2.1
typelib-1_0-GstVulkan-1_0-1.26.7-160000.2.1
typelib-1_0-GstVulkanWayland-1_0-1.26.7-160000.2.1
typelib-1_0-GstVulkanXCB-1_0-1.26.7-160000.2.1
typelib-1_0-GstWebRTC-1_0-1.26.7-160000.2.1
References:
* https://www.suse.com/security/cve/CVE-2026-52719.html
openSUSE-SU-2026:21196-1: important: Security update for pacemaker
openSUSE security update: security update for pacemaker
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21196-1
Rating: important
References:
* bsc#1268381
Cross-References:
* CVE-2026-10649
CVSS scores:
* CVE-2026-10649 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves one vulnerability and has one bug fix can now be installed.
Description:
This update for pacemaker fixes the following issues:
- CVE-2026-10649: Fixed denial of service via integer overflow in remote message decompression (bsc#1268381).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1108=1
Package List:
- openSUSE Leap 16.0:
pacemaker-3.0.0+20250218.64cd85422c-160000.4.1
pacemaker-cli-3.0.0+20250218.64cd85422c-160000.4.1
pacemaker-cts-3.0.0+20250218.64cd85422c-160000.4.1
pacemaker-devel-3.0.0+20250218.64cd85422c-160000.4.1
pacemaker-libs-3.0.0+20250218.64cd85422c-160000.4.1
pacemaker-remote-3.0.0+20250218.64cd85422c-160000.4.1
pacemaker-schemas-3.0.0+20250218.64cd85422c-160000.4.1
python3-pacemaker-3.0.0+20250218.64cd85422c-160000.4.1
References:
* https://www.suse.com/security/cve/CVE-2026-10649.html
openSUSE-SU-2026:21192-1: important: Security update for dnsmasq
openSUSE security update: security update for dnsmasq
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21192-1
Rating: important
References:
* bsc#1268764
Cross-References:
* CVE-2026-12725
* CVE-2026-2291
* CVE-2026-6507
CVSS scores:
* CVE-2026-12725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-12725 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-2291 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-2291 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-6507 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-6507 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 3 vulnerabilities and has one bug fix can now be installed.
Description:
This update for dnsmasq fixes the following issues
Update to 2.93:
- CVE-2026-12725: heap buffer overflow in `log_query()` when logging unsupported DS/DNSKEY replies (bsc#1268764).
Changes for dnsmasq:
* CVE-2026-12725, bsc#1268764: Heap buffer overflow in
`log_query()` when logging unsupported DS/DNSKEY replies.
* Fix a corner-case in DNSSEC validation with wildcards.
* Fix DNSSEC failure with spurious RRSIGs.
* Fix DNSSEC fail with CNAME replies to DS queries.
* Fix regression in 2.92 release which broke DHCPv6 when a DHCP
relay is in use.
* Modify the inotify implementation so that inotify watches are
only created after dnsmasq has changed permissions and userid.
* CVE-2026-2291: Rework storage allocation for domain names.
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1102=1
Package List:
- openSUSE Leap 16.0:
dnsmasq-2.93-160000.1.1
dnsmasq-utils-2.93-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2026-12725.html
* https://www.suse.com/security/cve/CVE-2026-2291.html
* https://www.suse.com/security/cve/CVE-2026-6507.html
openSUSE-SU-2026:21205-1: important: Security update for docker-stable
openSUSE security update: security update for docker-stable
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21205-1
Rating: important
References:
* bsc#1260279
* bsc#1265782
* bsc#1265907
* bsc#1265929
* bsc#1266625
* bsc#1267827
Cross-References:
* CVE-2026-33186
* CVE-2026-33814
* CVE-2026-33997
* CVE-2026-34040
* CVE-2026-39821
* CVE-2026-41567
CVSS scores:
* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33997 ( SUSE ): 8.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-34040 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-41567 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 6 vulnerabilities and has 6 bug fixes can now be installed.
Description:
This update for docker-stable fixes the following issues
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
header (bsc#1260279).
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265782).
- CVE-2026-33997: moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation
(bsc#1265907).
- CVE-2026-34040: Authz zero length regression (bsc#1265929).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege escalation (bsc#1266625).
- CVE-2026-41567: arbitrary code execution with full daemon privileges when a user uploads a compressed archive into
that container (bsc#1267827).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1129=1
Package List:
- openSUSE Leap 16.0:
docker-stable-24.0.9_ce-160000.6.1
docker-stable-bash-completion-24.0.9_ce-160000.6.1
docker-stable-buildx-0.25.0-160000.6.1
docker-stable-fish-completion-24.0.9_ce-160000.6.1
docker-stable-rootless-extras-24.0.9_ce-160000.6.1
docker-stable-zsh-completion-24.0.9_ce-160000.6.1
References:
* https://www.suse.com/security/cve/CVE-2026-33186.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-33997.html
* https://www.suse.com/security/cve/CVE-2026-34040.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://www.suse.com/security/cve/CVE-2026-41567.html
openSUSE-SU-2026:21218-1: important: Security update for perl-List-SomeUtils-XS
openSUSE security update: security update for perl-list-someutils-xs
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21218-1
Rating: important
References:
* bsc#1269210
Cross-References:
* CVE-2026-12844
CVSS scores:
* CVE-2026-12844 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-12844 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves one vulnerability and has one bug fix can now be installed.
Description:
This update for perl-List-SomeUtils-XS fixes the following issue
- CVE-2026-12844: heap buffer overflow in the `pairwise` function (bsc#1269210).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1144=1
Package List:
- openSUSE Leap 16.0:
perl-List-SomeUtils-XS-0.58-160000.3.1
References:
* https://www.suse.com/security/cve/CVE-2026-12844.html
openSUSE-SU-2026:21202-1: moderate: Security update for lcms2
openSUSE security update: security update for lcms2
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21202-1
Rating: moderate
References:
* bsc#1263703
* bsc#1264994
Cross-References:
* CVE-2026-41254
* CVE-2026-42798
CVSS scores:
* CVE-2026-41254 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-41254 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-42798 ( SUSE ): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.
Description:
This update for lcms2 fixes the following issues
- CVE-2026-41254: integer overflow in CubeSize in cmslut.c (bsc#1264994).
- CVE-2026-42798: integer overflow in ParseCube in cmscgats.c (bsc#1263703).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1125=1
Package List:
- openSUSE Leap 16.0:
lcms2-2.16-160000.4.1
liblcms2-2-2.16-160000.4.1
liblcms2-devel-2.16-160000.4.1
liblcms2-doc-2.16-160000.4.1
References:
* https://www.suse.com/security/cve/CVE-2026-41254.html
* https://www.suse.com/security/cve/CVE-2026-42798.html
SUSE-SU-2026:2729-1: moderate: Security update for python-lxml
# Security update for python-lxml
Announcement ID: SUSE-SU-2026:2729-1
Release Date: 2026-07-02T17:31:24Z
Rating: moderate
References:
* bsc#1263254
Cross-References:
* CVE-2026-41066
CVSS scores:
* CVE-2026-41066 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-41066 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-41066 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* openSUSE Leap 15.4
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for python-lxml fixes the following issue
* CVE-2026-41066: information disclosure via untrusted XML input leading to
local file read (bsc#1263254).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-2729=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2729=1
## Package List:
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* python311-lxml-devel-4.9.3-150400.8.11.1
* python-lxml-debugsource-4.9.3-150400.8.11.1
* python311-lxml-4.9.3-150400.8.11.1
* python311-lxml-debuginfo-4.9.3-150400.8.11.1
* Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* python-lxml-debugsource-4.9.3-150400.8.11.1
* python311-lxml-4.9.3-150400.8.11.1
* python311-lxml-debuginfo-4.9.3-150400.8.11.1
## References:
* https://www.suse.com/security/cve/CVE-2026-41066.html
* https://bugzilla.suse.com/show_bug.cgi?id=1263254
SUSE-SU-2026:2731-1: moderate: Security update for editorconfig-core-c
# Security update for editorconfig-core-c
Announcement ID: SUSE-SU-2026:2731-1
Release Date: 2026-07-02T17:36:35Z
Rating: moderate
References:
* bsc#1262131
Cross-References:
* CVE-2026-40489
CVSS scores:
* CVE-2026-40489 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40489 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40489 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products:
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for editorconfig-core-c fixes the following issue:
* CVE-2026-40489: improper use of `strcpy` can lead to a stack buffer overflow
(bsc#1262131).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2731=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2731=1
## Package List:
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* libeditorconfig-devel-0.12.6-150600.3.6.1
* editorconfig-core-c-debugsource-0.12.6-150600.3.6.1
* editorconfig-debuginfo-0.12.6-150600.3.6.1
* editorconfig-0.12.6-150600.3.6.1
* libeditorconfig0-debuginfo-0.12.6-150600.3.6.1
* libeditorconfig0-0.12.6-150600.3.6.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libeditorconfig-devel-64bit-0.12.6-150600.3.6.1
* libeditorconfig0-64bit-debuginfo-0.12.6-150600.3.6.1
* libeditorconfig0-64bit-0.12.6-150600.3.6.1
* openSUSE Leap 15.6 (x86_64)
* libeditorconfig-devel-32bit-0.12.6-150600.3.6.1
* libeditorconfig0-32bit-debuginfo-0.12.6-150600.3.6.1
* libeditorconfig0-32bit-0.12.6-150600.3.6.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libeditorconfig0-debuginfo-0.12.6-150600.3.6.1
* editorconfig-core-c-debugsource-0.12.6-150600.3.6.1
* libeditorconfig0-0.12.6-150600.3.6.1
## References:
* https://www.suse.com/security/cve/CVE-2026-40489.html
* https://bugzilla.suse.com/show_bug.cgi?id=1262131
SUSE-SU-2026:2733-1: important: Security update for buildah
# Security update for buildah
Announcement ID: SUSE-SU-2026:2733-1
Release Date: 2026-07-02T18:05:10Z
Rating: important
References:
* bsc#1262953
* bsc#1266191
* bsc#1266648
* bsc#1267179
Cross-References:
* CVE-2025-22869
* CVE-2025-27144
* CVE-2025-47913
* CVE-2025-47914
* CVE-2025-52881
* CVE-2026-25680
* CVE-2026-25681
* CVE-2026-27136
* CVE-2026-34986
* CVE-2026-39821
* CVE-2026-39827
* CVE-2026-39828
* CVE-2026-39829
* CVE-2026-39830
* CVE-2026-39831
* CVE-2026-39832
* CVE-2026-39833
* CVE-2026-39834
* CVE-2026-39835
* CVE-2026-42502
* CVE-2026-42506
* CVE-2026-42508
* CVE-2026-46595
* CVE-2026-46597
* CVE-2026-46598
CVSS scores:
* CVE-2025-22869 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22869 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-27144 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-27144 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-27144 ( NVD ): 6.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-47913 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-47914 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-47914 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-52881 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-52881 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52881 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-52881 ( NVD ): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-25680 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-25680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25680 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-25681 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-25681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-25681 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-27136 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-27136 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-27136 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-34986 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39821 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39821 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39827 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39828 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39828 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-39828 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-39829 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39829 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39829 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39830 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39830 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-39830 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39831 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39831 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39832 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
* CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39832 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39832 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
* CVE-2026-39833 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39833 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39834 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39834 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-39835 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39835 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-39835 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42502 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-42502 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42502 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42506 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-42506 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42506 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42508 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42508 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42508 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46595 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46595 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
* CVE-2026-46595 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
* CVE-2026-46597 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46598 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46598 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* Containers Module 15-SP7
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves 25 vulnerabilities can now be installed.
## Description:
This update for buildah fixes the following issues
* CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506:
golang.org/x/net/html: multiple issues when parsing HTML files
(bsc#1267179).
* CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3:
crafted JWE input with a missing encrypted key can lead to a denial of
service (bsc#1262953).
* CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only
Punycode-encoded labels allows for validation bypass and privilege
escalation (bsc#1266648).
* CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS
in golang.org/x/crypto/ssh (bsc#1266191).
* CVE-2026-39828: Invoking bypass of certificate restrictions in
golang.org/x/crypto/ssh (bsc#1266191).
* CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in
golang.org/x/crypto/ssh (bsc#1266191).
* CVE-2026-39830: Invoking client can cause server deadlock on unexpected
responses in golang.org/x/crypto/ssh (bsc#1266191).
* CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical
interaction in golang.org/x/crypto/ssh (bsc#1266191).
* CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in
golang.org/x/crypto/ssh/agent (bsc#1266191).
* CVE-2026-39833: Invoking key constraints not enforced in
golang.org/x/crypto/ssh/agent (bsc#1266191).
* CVE-2026-39834: Invoking infinite loop on large channel writes in
golang.org/x/crypto/ssh (bsc#1266191).
* CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in
golang.org/x/crypto/ssh (bsc#1266191).
* CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in
golang.org/x/crypto/ssh/knownhosts (bsc#1266191).
* CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip
enforcement in golang.org/x/crypto/ssh (bsc#1266191).
* CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in
golang.org/x/crypto/ssh (bsc#1266191).
* CVE-2026-46598: Invoking pathological inputs can lead to client panic in
golang.org/x/crypto/ssh/agent (bsc#1266191).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2733=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2733=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2733=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2733=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2733=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2733=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2733=1
* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-2733=1
## Package List:
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.62.1
* openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.62.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.62.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* buildah-1.35.5-150500.3.62.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* buildah-1.35.5-150500.3.62.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* buildah-1.35.5-150500.3.62.1
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.62.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* buildah-1.35.5-150500.3.62.1
## References:
* https://www.suse.com/security/cve/CVE-2025-22869.html
* https://www.suse.com/security/cve/CVE-2025-27144.html
* https://www.suse.com/security/cve/CVE-2025-47913.html
* https://www.suse.com/security/cve/CVE-2025-47914.html
* https://www.suse.com/security/cve/CVE-2025-52881.html
* https://www.suse.com/security/cve/CVE-2026-25680.html
* https://www.suse.com/security/cve/CVE-2026-25681.html
* https://www.suse.com/security/cve/CVE-2026-27136.html
* https://www.suse.com/security/cve/CVE-2026-34986.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39828.html
* https://www.suse.com/security/cve/CVE-2026-39829.html
* https://www.suse.com/security/cve/CVE-2026-39830.html
* https://www.suse.com/security/cve/CVE-2026-39831.html
* https://www.suse.com/security/cve/CVE-2026-39832.html
* https://www.suse.com/security/cve/CVE-2026-39833.html
* https://www.suse.com/security/cve/CVE-2026-39834.html
* https://www.suse.com/security/cve/CVE-2026-39835.html
* https://www.suse.com/security/cve/CVE-2026-42502.html
* https://www.suse.com/security/cve/CVE-2026-42506.html
* https://www.suse.com/security/cve/CVE-2026-42508.html
* https://www.suse.com/security/cve/CVE-2026-46595.html
* https://www.suse.com/security/cve/CVE-2026-46597.html
* https://www.suse.com/security/cve/CVE-2026-46598.html
* https://bugzilla.suse.com/show_bug.cgi?id=1262953
* https://bugzilla.suse.com/show_bug.cgi?id=1266191
* https://bugzilla.suse.com/show_bug.cgi?id=1266648
* https://bugzilla.suse.com/show_bug.cgi?id=1267179
openSUSE-SU-2026:0228-1: moderate: Security update for nilfs-utils
openSUSE Security Update: Security update for nilfs-utils
_______________________________
Announcement ID: openSUSE-SU-2026:0228-1
Rating: moderate
References: #1268553
Cross-References: CVE-2026-55392
CVSS scores:
CVE-2026-55392 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that fixes one vulnerability is now available.
Description:
This update for nilfs-utils fixes the following issues:
- CVE-2026-55392: Fixed undefined behavior in nilfs_sb_is_valid()
(bsc#1268553)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-228=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):
libnilfs0-2.2.9-bp157.2.3.1
libnilfscleaner0-2.2.9-bp157.2.3.1
libnilfsgc0-2.2.9-bp157.2.3.1
nilfs-utils-2.2.9-bp157.2.3.1
nilfs-utils-devel-2.2.9-bp157.2.3.1
References:
https://www.suse.com/security/cve/CVE-2026-55392.html
https://bugzilla.suse.com/1268553
SUSE-SU-2026:2735-1: important: Security update for apache2
# Security update for apache2
Announcement ID: SUSE-SU-2026:2735-1
Release Date: 2026-07-02T22:36:37Z
Rating: important
References:
* bsc#1267503
* bsc#1267955
* bsc#1267956
* bsc#1267962
* bsc#1267963
* bsc#1267965
* bsc#1267969
* bsc#1267970
* bsc#1267971
* bsc#1267972
* bsc#1267976
* bsc#1267977
* bsc#1267978
Cross-References:
* CVE-2026-29167
* CVE-2026-29170
* CVE-2026-34355
* CVE-2026-34356
* CVE-2026-42535
* CVE-2026-42536
* CVE-2026-43951
* CVE-2026-44119
* CVE-2026-44185
* CVE-2026-44186
* CVE-2026-44631
* CVE-2026-48913
* CVE-2026-49975
CVSS scores:
* CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-29167 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-29170 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34356 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42535 ( SUSE ): 7.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-42535 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-42536 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43951 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-43951 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-44119 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-44119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-44185 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-44186 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-44186 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-44631 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-44631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-48913 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-48913 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-49975 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
* CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves 13 vulnerabilities can now be installed.
## Description:
This update for apache2 fixes the following issues
* CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976).
* CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977).
* CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978).
* CVE-2026-34356: malicious backend servers can lead to a heap-based buffer
overflow (bsc#1267955).
* CVE-2026-42535: malicious path manipulation can lead to child process
crashes (bsc#1267956).
* CVE-2026-42536: processing untrusted content can lead to a heap-based buffer
overflow (bsc#1267962).
* CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause
crash (bsc#1267963).
* CVE-2026-44119: improper privilege management can lead to an unauthorized
read (bsc#1267965).
* CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request`
(bsc#1267969).
* CVE-2026-44186: responses from an attacker-controlled FTP backend can lead
to resource exhaustion and a denial of service (bsc#1267970).
* CVE-2026-44631: crafted regular expression can lead to a buffer underwrite
(bsc#1267971).
* CVE-2026-48913: file handle exhaustion during request processing in
mod_http2 can lead to a use-after-free (bsc#1267972).
* CVE-2026-49975: Fix cookie header accounting against LimitRequestFields
(bsc#1267503).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2735=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2735=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2735=1
## Package List:
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* apache2-worker-2.4.66-150600.5.55.1
* apache2-event-debugsource-2.4.66-150600.5.55.1
* apache2-utils-debugsource-2.4.66-150600.5.55.1
* apache2-event-debuginfo-2.4.66-150600.5.55.1
* apache2-debuginfo-2.4.66-150600.5.55.1
* apache2-devel-2.4.66-150600.5.55.1
* apache2-utils-2.4.66-150600.5.55.1
* apache2-worker-debugsource-2.4.66-150600.5.55.1
* apache2-prefork-2.4.66-150600.5.55.1
* apache2-event-2.4.66-150600.5.55.1
* apache2-prefork-debugsource-2.4.66-150600.5.55.1
* apache2-debugsource-2.4.66-150600.5.55.1
* apache2-worker-debuginfo-2.4.66-150600.5.55.1
* apache2-2.4.66-150600.5.55.1
* apache2-prefork-debuginfo-2.4.66-150600.5.55.1
* apache2-utils-debuginfo-2.4.66-150600.5.55.1
* openSUSE Leap 15.6 (noarch)
* apache2-manual-2.4.66-150600.5.55.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* apache2-manual-2.4.66-150600.5.55.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* apache2-worker-2.4.66-150600.5.55.1
* apache2-utils-debugsource-2.4.66-150600.5.55.1
* apache2-debuginfo-2.4.66-150600.5.55.1
* apache2-devel-2.4.66-150600.5.55.1
* apache2-utils-2.4.66-150600.5.55.1
* apache2-worker-debugsource-2.4.66-150600.5.55.1
* apache2-prefork-2.4.66-150600.5.55.1
* apache2-worker-debuginfo-2.4.66-150600.5.55.1
* apache2-debugsource-2.4.66-150600.5.55.1
* apache2-prefork-debugsource-2.4.66-150600.5.55.1
* apache2-2.4.66-150600.5.55.1
* apache2-prefork-debuginfo-2.4.66-150600.5.55.1
* apache2-utils-debuginfo-2.4.66-150600.5.55.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* apache2-worker-2.4.66-150600.5.55.1
* apache2-utils-debugsource-2.4.66-150600.5.55.1
* apache2-debuginfo-2.4.66-150600.5.55.1
* apache2-devel-2.4.66-150600.5.55.1
* apache2-utils-2.4.66-150600.5.55.1
* apache2-worker-debugsource-2.4.66-150600.5.55.1
* apache2-prefork-2.4.66-150600.5.55.1
* apache2-prefork-debugsource-2.4.66-150600.5.55.1
* apache2-debugsource-2.4.66-150600.5.55.1
* apache2-worker-debuginfo-2.4.66-150600.5.55.1
* apache2-2.4.66-150600.5.55.1
* apache2-prefork-debuginfo-2.4.66-150600.5.55.1
* apache2-utils-debuginfo-2.4.66-150600.5.55.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* apache2-manual-2.4.66-150600.5.55.1
## References:
* https://www.suse.com/security/cve/CVE-2026-29167.html
* https://www.suse.com/security/cve/CVE-2026-29170.html
* https://www.suse.com/security/cve/CVE-2026-34355.html
* https://www.suse.com/security/cve/CVE-2026-34356.html
* https://www.suse.com/security/cve/CVE-2026-42535.html
* https://www.suse.com/security/cve/CVE-2026-42536.html
* https://www.suse.com/security/cve/CVE-2026-43951.html
* https://www.suse.com/security/cve/CVE-2026-44119.html
* https://www.suse.com/security/cve/CVE-2026-44185.html
* https://www.suse.com/security/cve/CVE-2026-44186.html
* https://www.suse.com/security/cve/CVE-2026-44631.html
* https://www.suse.com/security/cve/CVE-2026-48913.html
* https://www.suse.com/security/cve/CVE-2026-49975.html
* https://bugzilla.suse.com/show_bug.cgi?id=1267503
* https://bugzilla.suse.com/show_bug.cgi?id=1267955
* https://bugzilla.suse.com/show_bug.cgi?id=1267956
* https://bugzilla.suse.com/show_bug.cgi?id=1267962
* https://bugzilla.suse.com/show_bug.cgi?id=1267963
* https://bugzilla.suse.com/show_bug.cgi?id=1267965
* https://bugzilla.suse.com/show_bug.cgi?id=1267969
* https://bugzilla.suse.com/show_bug.cgi?id=1267970
* https://bugzilla.suse.com/show_bug.cgi?id=1267971
* https://bugzilla.suse.com/show_bug.cgi?id=1267972
* https://bugzilla.suse.com/show_bug.cgi?id=1267976
* https://bugzilla.suse.com/show_bug.cgi?id=1267977
* https://bugzilla.suse.com/show_bug.cgi?id=1267978
openSUSE-SU-2026:11180-1: moderate: python311-mistune-3.3.2-1.1 on GA media
# python311-mistune-3.3.2-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11180-1
Rating: moderate
Cross-References:
* CVE-2026-49851
CVSS scores:
* CVE-2026-49851 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the python311-mistune-3.3.2-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* python311-mistune 3.3.2-1.1
* python313-mistune 3.3.2-1.1
* python314-mistune 3.3.2-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-49851.html
openSUSE-SU-2026:11176-1: moderate: kitty-0.47.4-2.1 on GA media
# kitty-0.47.4-2.1 on GA media
Announcement ID: openSUSE-SU-2026:11176-1
Rating: moderate
Cross-References:
* CVE-2026-46604
CVSS scores:
* CVE-2026-46604 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the kitty-0.47.4-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* kitty 0.47.4-2.1
* kitty-shell-integration 0.47.4-2.1
* kitty-terminfo 0.47.4-2.1
## References:
* https://www.suse.com/security/cve/CVE-2026-46604.html
openSUSE-SU-2026:11179-1: moderate: perl-List-SomeUtils-XS-0.590.0-1.1 on GA media
# perl-List-SomeUtils-XS-0.590.0-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11179-1
Rating: moderate
Cross-References:
* CVE-2026-12844
CVSS scores:
* CVE-2026-12844 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-12844 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the perl-List-SomeUtils-XS-0.590.0-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* perl-List-SomeUtils-XS 0.590.0-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-12844.html
openSUSE-SU-2026:11175-1: moderate: kernel-devel-7.1.2-1.1 on GA media
# kernel-devel-7.1.2-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11175-1
Rating: moderate
Cross-References:
* CVE-2026-45866
* CVE-2026-52946
* CVE-2026-53325
* CVE-2026-53354
CVSS scores:
* CVE-2026-45866 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45866 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52946 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-53325 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-53325 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-53354 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53354 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 4 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the kernel-devel-7.1.2-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* kernel-devel 7.1.2-1.1
* kernel-macros 7.1.2-1.1
* kernel-source 7.1.2-1.1
* kernel-source-vanilla 7.1.2-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-45866.html
* https://www.suse.com/security/cve/CVE-2026-52946.html
* https://www.suse.com/security/cve/CVE-2026-53325.html
* https://www.suse.com/security/cve/CVE-2026-53354.html
openSUSE-SU-2026:11178-1: moderate: openQA-5.1782995932.ffeb09be-1.1 on GA media
# openQA-5.1782995932.ffeb09be-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11178-1
Rating: moderate
Cross-References:
* CVE-2026-26996
* CVE-2026-27904
* CVE-2026-6321
CVSS scores:
* CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27904 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-27904 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-6321 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-6321 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 3 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the openQA-5.1782995932.ffeb09be-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* openQA 5.1782995932.ffeb09be-1.1
* openQA-auto-update 5.1782995932.ffeb09be-1.1
* openQA-bootstrap 5.1782995932.ffeb09be-1.1
* openQA-client 5.1782995932.ffeb09be-1.1
* openQA-client-bash-completion 5.1782995932.ffeb09be-1.1
* openQA-client-zsh-completion 5.1782995932.ffeb09be-1.1
* openQA-common 5.1782995932.ffeb09be-1.1
* openQA-continuous-update 5.1782995932.ffeb09be-1.1
* openQA-devel 5.1782995932.ffeb09be-1.1
* openQA-doc 5.1782995932.ffeb09be-1.1
* openQA-llm-server 5.1782995932.ffeb09be-1.1
* openQA-local-db 5.1782995932.ffeb09be-1.1
* openQA-mcp 5.1782995932.ffeb09be-1.1
* openQA-munin 5.1782995932.ffeb09be-1.1
* openQA-python-scripts 5.1782995932.ffeb09be-1.1
* openQA-single-instance 5.1782995932.ffeb09be-1.1
* openQA-single-instance-nginx 5.1782995932.ffeb09be-1.1
* openQA-worker 5.1782995932.ffeb09be-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-26996.html
* https://www.suse.com/security/cve/CVE-2026-27904.html
* https://www.suse.com/security/cve/CVE-2026-6321.html
openSUSE-SU-2026:11177-1: moderate: krb5-1.22.2-4.1 on GA media
# krb5-1.22.2-4.1 on GA media
Announcement ID: openSUSE-SU-2026:11177-1
Rating: moderate
Cross-References:
* CVE-2026-11850
CVSS scores:
* CVE-2026-11850 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the krb5-1.22.2-4.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* krb5 1.22.2-4.1
* krb5-32bit 1.22.2-4.1
* krb5-client 1.22.2-4.1
* krb5-devel 1.22.2-4.1
* krb5-devel-32bit 1.22.2-4.1
* krb5-plugin-kdb-ldap 1.22.2-4.1
* krb5-plugin-preauth-otp 1.22.2-4.1
* krb5-plugin-preauth-pkinit 1.22.2-4.1
* krb5-plugin-preauth-spake 1.22.2-4.1
* krb5-server 1.22.2-4.1
## References:
* https://www.suse.com/security/cve/CVE-2026-11850.html
SUSE-SU-2026:2743-1: important: Security update for gstreamer-plugins-bad
# Security update for gstreamer-plugins-bad
Announcement ID: SUSE-SU-2026:2743-1
Release Date: 2026-07-03T11:23:55Z
Rating: important
References:
* bsc#1268401
Cross-References:
* CVE-2026-52719
CVSS scores:
* CVE-2026-52719 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-52719 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-52719 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves one vulnerability can now be installed.
## Description:
This update for gstreamer-plugins-bad fixes the following issue
* CVE-2026-52719: gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read
via JPEG segment length validation in VA decoder (bsc#1268401).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2743=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2743=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2743=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2743=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2743=1
## Package List:
* openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64)
* gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-1.22.0-150500.3.31.1
* libgstva-1_0-0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstCuda-1_0-1.22.0-150500.3.31.1
* typelib-1_0-CudaGst-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstVa-1_0-1.22.0-150500.3.31.1
* gstreamer-transcoder-devel-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-transcoder-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-1.22.0-150500.3.31.1
* libgstplay-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debugsource-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstVulkan-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstVulkanXCB-1_0-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-1.22.0-150500.3.31.1
* libgstva-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstTranscoder-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstplay-1_0-0-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-1.22.0-150500.3.31.1
* gstreamer-transcoder-debuginfo-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstPlay-1_0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-devel-1.22.0-150500.3.31.1
* typelib-1_0-GstVulkanWayland-1_0-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.31.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libgstbadaudio-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-64bit-debuginfo-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-64bit-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-64bit-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstva-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstplay-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-64bit-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-chromaprint-64bit-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstva-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstplay-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-64bit-1.22.0-150500.3.31.1
* openSUSE Leap 15.5 (x86_64)
* libgstwayland-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstva-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstva-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstplay-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-32bit-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstplay-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-32bit-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-32bit-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-32bit-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-chromaprint-32bit-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-32bit-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-32bit-1.22.0-150500.3.31.1
* openSUSE Leap 15.5 (noarch)
* gstreamer-plugins-bad-lang-1.22.0-150500.3.31.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-1.22.0-150500.3.31.1
* libgstva-1_0-0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.31.1
* typelib-1_0-CudaGst-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstCuda-1_0-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstVa-1_0-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-1.22.0-150500.3.31.1
* libgstplay-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debugsource-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-1.22.0-150500.3.31.1
* libgstva-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstplay-1_0-0-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstPlay-1_0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-devel-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.31.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* gstreamer-plugins-bad-lang-1.22.0-150500.3.31.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.31.1
* libgstva-1_0-0-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.31.1
* typelib-1_0-CudaGst-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstCuda-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstVa-1_0-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-1.22.0-150500.3.31.1
* libgstplay-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debugsource-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-1.22.0-150500.3.31.1
* libgstva-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-1.22.0-150500.3.31.1
* libgstplay-1_0-0-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstPlay-1_0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-devel-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.31.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* gstreamer-plugins-bad-lang-1.22.0-150500.3.31.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-1.22.0-150500.3.31.1
* libgstva-1_0-0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstCuda-1_0-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-CudaGst-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstVa-1_0-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.31.1
* libgstplay-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debugsource-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-1.22.0-150500.3.31.1
* libgstva-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-1.22.0-150500.3.31.1
* libgstplay-1_0-0-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstPlay-1_0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-devel-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.31.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* gstreamer-plugins-bad-lang-1.22.0-150500.3.31.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.31.1
* libgstva-1_0-0-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.31.1
* typelib-1_0-CudaGst-1_0-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstCuda-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstVa-1_0-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-1.22.0-150500.3.31.1
* libgstplay-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debugsource-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-1.22.0-150500.3.31.1
* libgstva-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-1.22.0-150500.3.31.1
* libgstplay-1_0-0-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstPlay-1_0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-devel-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.31.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* gstreamer-plugins-bad-lang-1.22.0-150500.3.31.1
## References:
* https://www.suse.com/security/cve/CVE-2026-52719.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268401
SUSE-SU-2026:2744-1: important: Security update for gstreamer-plugins-bad
# Security update for gstreamer-plugins-bad
Announcement ID: SUSE-SU-2026:2744-1
Release Date: 2026-07-03T11:25:07Z
Rating: important
References:
* bsc#1268401
Cross-References:
* CVE-2026-52719
CVSS scores:
* CVE-2026-52719 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-52719 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-52719 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Affected Products:
* Basesystem Module 15-SP7
* Desktop Applications Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for gstreamer-plugins-bad fixes the following issue
* CVE-2026-52719: gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read
via JPEG segment length validation in VA decoder (bsc#1268401).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2744=1
* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-2744=1
* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2744=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2744=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2744=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2744=1
## Package List:
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* libgsturidownloader-1_0-0-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstplay-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstPlay-1_0-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstVulkan-1_0-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstTranscoder-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstCuda-1_0-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-chromaprint-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstAnalytics-1_0-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-1.24.0-150600.4.6.1
* libgstva-1_0-0-1.24.0-150600.4.6.1
* libgstplay-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgsturidownloader-1_0-0-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-1.24.0-150600.4.6.1
* typelib-1_0-GstInsertBin-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstPlayer-1_0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-1.24.0-150600.4.6.1
* gstreamer-transcoder-devel-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-devel-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstMse-1_0-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstVulkanXCB-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstVulkanWayland-1_0-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstBadAudio-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstMpegts-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstDxva-1_0-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-1.24.0-150600.4.6.1
* gstreamer-transcoder-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstWebRTC-1_0-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-debuginfo-1.24.0-150600.4.6.1
* gstreamer-transcoder-debuginfo-1.24.0-150600.4.6.1
* libgstva-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-CudaGst-1_0-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstVa-1_0-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstCodecs-1_0-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-1.24.0-150600.4.6.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libgstplay-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-64bit-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-64bit-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-chromaprint-64bit-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstva-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgsturidownloader-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-64bit-1.24.0-150600.4.6.1
* libgsturidownloader-1_0-0-64bit-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-64bit-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstva-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstplay-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-64bit-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-64bit-1.24.0-150600.4.6.1
* openSUSE Leap 15.6 (x86_64)
* libgstdxva-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-32bit-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstva-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-32bit-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstplay-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstmse-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgsturidownloader-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstplay-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-32bit-1.24.0-150600.4.6.1
* libgsturidownloader-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstva-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstmse-1_0-0-32bit-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-chromaprint-32bit-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-32bit-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* openSUSE Leap 15.6 (noarch)
* gstreamer-plugins-bad-lang-1.24.0-150600.4.6.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libgsturidownloader-1_0-0-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-1.24.0-150600.4.6.1
* libgstplay-1_0-0-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstPlay-1_0-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstCuda-1_0-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstAnalytics-1_0-1.24.0-150600.4.6.1
* libgstva-1_0-0-1.24.0-150600.4.6.1
* libgstplay-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgsturidownloader-1_0-0-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-1.24.0-150600.4.6.1
* typelib-1_0-GstInsertBin-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstPlayer-1_0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-devel-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstMse-1_0-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstBadAudio-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstMpegts-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstDxva-1_0-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstWebRTC-1_0-1.24.0-150600.4.6.1
* typelib-1_0-CudaGst-1_0-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstva-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstVa-1_0-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstCodecs-1_0-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-1.24.0-150600.4.6.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* gstreamer-plugins-bad-lang-1.24.0-150600.4.6.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libgsturidownloader-1_0-0-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstPlay-1_0-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstCuda-1_0-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstAnalytics-1_0-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-1.24.0-150600.4.6.1
* libgstva-1_0-0-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgsturidownloader-1_0-0-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-1.24.0-150600.4.6.1
* typelib-1_0-GstInsertBin-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstPlayer-1_0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-devel-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstMse-1_0-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstBadAudio-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstMpegts-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstDxva-1_0-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstWebRTC-1_0-1.24.0-150600.4.6.1
* typelib-1_0-CudaGst-1_0-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstva-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstVa-1_0-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstCodecs-1_0-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-1.24.0-150600.4.6.1
* Desktop Applications Module 15-SP7 (noarch)
* gstreamer-plugins-bad-lang-1.24.0-150600.4.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libgsturidownloader-1_0-0-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-1.24.0-150600.4.6.1
* libgstplay-1_0-0-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstPlay-1_0-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstCuda-1_0-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstAnalytics-1_0-1.24.0-150600.4.6.1
* libgstva-1_0-0-1.24.0-150600.4.6.1
* libgstplay-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgsturidownloader-1_0-0-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-1.24.0-150600.4.6.1
* typelib-1_0-GstInsertBin-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstPlayer-1_0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-devel-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstMse-1_0-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstBadAudio-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstMpegts-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstDxva-1_0-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstWebRTC-1_0-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-CudaGst-1_0-1.24.0-150600.4.6.1
* libgstva-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstVa-1_0-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstCodecs-1_0-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-1.24.0-150600.4.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* gstreamer-plugins-bad-lang-1.24.0-150600.4.6.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* libgsttranscoder-1_0-0-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-1.24.0-150600.4.6.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libgstplayer-1_0-0-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-1.24.0-150600.4.6.1
* libgstplay-1_0-0-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-1.24.0-150600.4.6.1
* libgstplay-1_0-0-debuginfo-1.24.0-150600.4.6.1
## References:
* https://www.suse.com/security/cve/CVE-2026-52719.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268401
SUSE-SU-2026:2745-1: moderate: Security update for firewalld-legacy
# Security update for firewalld-legacy
Announcement ID: SUSE-SU-2026:2745-1
Release Date: 2026-07-03T11:34:34Z
Rating: moderate
References:
* bsc#1260903
Cross-References:
* CVE-2026-4948
CVSS scores:
* CVE-2026-4948 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-4948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-4948 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products:
* Basesystem Module 15-SP7
* Desktop Applications Module 15-SP7
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for firewalld-legacy fixes the following issue
* CVE-2026-4948: local unprivileged users can modify firewall state due to
D-Bus setter mis-authorizations (bsc#1260903).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2745=1
* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-2745=1
* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2745=1
* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-2745=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2745=1
## Package List:
* openSUSE Leap 15.6 (noarch)
* firewall-applet-1.3.4-150600.13.6.1
* firewalld-1.3.4-150600.13.6.1
* firewalld-lang-1.3.4-150600.13.6.1
* firewall-macros-1.3.4-150600.13.6.1
* python311-firewall-1.3.4-150600.13.6.1
* firewall-config-1.3.4-150600.13.6.1
* firewalld-test-1.3.4-150600.13.6.1
* python3-firewall-1.3.4-150600.13.6.1
* firewalld-zsh-completion-1.3.4-150600.13.6.1
* firewalld-bash-completion-1.3.4-150600.13.6.1
* Basesystem Module 15-SP7 (noarch)
* firewalld-1.3.4-150600.13.6.1
* firewalld-lang-1.3.4-150600.13.6.1
* python3-firewall-1.3.4-150600.13.6.1
* firewalld-zsh-completion-1.3.4-150600.13.6.1
* firewalld-bash-completion-1.3.4-150600.13.6.1
* Desktop Applications Module 15-SP7 (noarch)
* firewall-applet-1.3.4-150600.13.6.1
* firewall-config-1.3.4-150600.13.6.1
* Python 3 Module 15-SP7 (noarch)
* python311-firewall-1.3.4-150600.13.6.1
* Development Tools Module 15-SP7 (noarch)
* firewall-macros-1.3.4-150600.13.6.1
## References:
* https://www.suse.com/security/cve/CVE-2026-4948.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260903
SUSE-SU-2026:2742-1: important: Security update for pacemaker
# Security update for pacemaker
Announcement ID: SUSE-SU-2026:2742-1
Release Date: 2026-07-03T09:20:51Z
Rating: important
References:
* bsc#1268381
Cross-References:
* CVE-2026-10649
CVSS scores:
* CVE-2026-10649 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-10649 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-10649 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for pacemaker fixes the following issue
* CVE-2026-10649: denial of service via integer overflow in remote message
decompression (bsc#1268381).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-2742=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2742=1
## Package List:
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* pacemaker-remote-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-2.1.2+20211124.ada5c3b36-150400.4.39.1
* libpacemaker3-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* libpacemaker3-2.1.2+20211124.ada5c3b36-150400.4.39.1
* libpacemaker-devel-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-remote-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-debugsource-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-cli-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-cli-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* openSUSE Leap 15.4 (noarch)
* pacemaker-cts-2.1.2+20211124.ada5c3b36-150400.4.39.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* pacemaker-remote-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-2.1.2+20211124.ada5c3b36-150400.4.39.1
* libpacemaker3-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-debugsource-2.1.2+20211124.ada5c3b36-150400.4.39.1
* libpacemaker3-2.1.2+20211124.ada5c3b36-150400.4.39.1
* libpacemaker-devel-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-remote-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-cli-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-cli-2.1.2+20211124.ada5c3b36-150400.4.39.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (noarch)
* pacemaker-cts-2.1.2+20211124.ada5c3b36-150400.4.39.1
## References:
* https://www.suse.com/security/cve/CVE-2026-10649.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268381
SUSE-SU-2026:2751-1: moderate: Security update for tracker-miners
# Security update for tracker-miners
Announcement ID: SUSE-SU-2026:2751-1
Release Date: 2026-07-03T13:58:39Z
Rating: moderate
References:
* bsc#1257606
* bsc#1257607
* bsc#1257608
* bsc#1257609
Cross-References:
* CVE-2026-1764
* CVE-2026-1765
* CVE-2026-1766
* CVE-2026-1767
CVSS scores:
* CVE-2026-1764 ( SUSE ): 5.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-1764 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1764 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1765 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1765 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1766 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1766 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1766 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1767 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1767 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1767 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
An update that solves four vulnerabilities can now be installed.
## Description:
This update for tracker-miners fixes the following issues:
* CVE-2026-1764: heap buffer overflow leads to denial of service or
information disclosure when parsing MP3 files (bsc#1257606).
* CVE-2026-1765: denial of service and potential information disclosure via
crafted MP3 files (bsc#1257607).
* CVE-2026-1766: denial of service and information disclosure via malformed
MP3 files (bsc#1257608).
* CVE-2026-1767: heap buffer overflow leading to denial of service or
information disclosure via malformed MP3 ID3 tags (bsc#1257609).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2751=1
## Package List:
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* tracker-miner-files-3.2.2-150400.3.10.1
* tracker-miner-files-debuginfo-3.2.2-150400.3.10.1
* tracker-miners-debuginfo-3.2.2-150400.3.10.1
* tracker-miners-debugsource-3.2.2-150400.3.10.1
* tracker-miners-3.2.2-150400.3.10.1
* openSUSE Leap 15.4 (noarch)
* tracker-miners-lang-3.2.2-150400.3.10.1
## References:
* https://www.suse.com/security/cve/CVE-2026-1764.html
* https://www.suse.com/security/cve/CVE-2026-1765.html
* https://www.suse.com/security/cve/CVE-2026-1766.html
* https://www.suse.com/security/cve/CVE-2026-1767.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257606
* https://bugzilla.suse.com/show_bug.cgi?id=1257607
* https://bugzilla.suse.com/show_bug.cgi?id=1257608
* https://bugzilla.suse.com/show_bug.cgi?id=1257609
SUSE-SU-2026:2749-1: important: Security update for perl-DBI
# Security update for perl-DBI
Announcement ID: SUSE-SU-2026:2749-1
Release Date: 2026-07-03T13:04:50Z
Rating: important
References:
* bsc#1267849
* bsc#1267957
Cross-References:
* CVE-2026-10879
* CVE-2026-9698
CVSS scores:
* CVE-2026-10879 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-10879 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-10879 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-9698 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-9698 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-9698 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-9698 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Affected Products:
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves two vulnerabilities can now be installed.
## Description:
This update for perl-DBI fixes the following issues
* CVE-2026-9698: DBI versions before 1.648 for Perl saved errors in a limited-
sized buffer (bsc#1267957).
* CVE-2026-10879: SQL statements with more than 9 binders can cause an heap
overflow (bsc#1267849).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2749=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2749=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2749=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2749=1
## Package List:
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* perl-DBI-1.647.0-150600.12.11.1
* perl-DBI-debugsource-1.647.0-150600.12.11.1
* perl-DBI-debuginfo-1.647.0-150600.12.11.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* perl-DBI-1.647.0-150600.12.11.1
* perl-DBI-debugsource-1.647.0-150600.12.11.1
* perl-DBI-debuginfo-1.647.0-150600.12.11.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* perl-DBI-1.647.0-150600.12.11.1
* perl-DBI-debugsource-1.647.0-150600.12.11.1
* perl-DBI-debuginfo-1.647.0-150600.12.11.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* perl-DBI-1.647.0-150600.12.11.1
* perl-DBI-debugsource-1.647.0-150600.12.11.1
* perl-DBI-debuginfo-1.647.0-150600.12.11.1
## References:
* https://www.suse.com/security/cve/CVE-2026-10879.html
* https://www.suse.com/security/cve/CVE-2026-9698.html
* https://bugzilla.suse.com/show_bug.cgi?id=1267849
* https://bugzilla.suse.com/show_bug.cgi?id=1267957