SUSE 5697 Published by

SUSE distributed a batch of security updates targeting multiple packages across openSUSE and SUSE Linux Enterprise, ranging from moderate to important severity ratings. The important updates address vulnerabilities in widely used software including Apache2, Docker-stable, Pacemaker, Google OS Config Agent, the Jackson Java libraries, and the GStreamer plugins-bad component. Moderate security advisories cover dhcpcd, libslirp, FFmpeg 7, GraphicsMagick, jline3, lcms2, Python lxml, editorconfig-core-c, Buildah, and various kernel and tooling patches on GA media.

openSUSE-SU-2026:21220-1: moderate: Security update for dhcpcd
openSUSE-SU-2026:21216-1: moderate: Security update for libslirp
openSUSE-SU-2026:21211-1: moderate: Security update for ffmpeg-7
openSUSE-SU-2026:21207-1: moderate: Security update for GraphicsMagick
openSUSE-SU-2026:21210-1: important: Security update for google-osconfig-agent
openSUSE-SU-2026:21201-1: important: Security update for jackson-annotations, jackson-core, jackson-databind
openSUSE-SU-2026:21221-1: moderate: Security update for jline3
openSUSE-SU-2026:21204-1: important: Security update for gstreamer-plugins-bad
openSUSE-SU-2026:21196-1: important: Security update for pacemaker
openSUSE-SU-2026:21192-1: important: Security update for dnsmasq
openSUSE-SU-2026:21205-1: important: Security update for docker-stable
openSUSE-SU-2026:21218-1: important: Security update for perl-List-SomeUtils-XS
openSUSE-SU-2026:21202-1: moderate: Security update for lcms2
SUSE-SU-2026:2729-1: moderate: Security update for python-lxml
SUSE-SU-2026:2731-1: moderate: Security update for editorconfig-core-c
SUSE-SU-2026:2733-1: important: Security update for buildah
openSUSE-SU-2026:0228-1: moderate: Security update for nilfs-utils
SUSE-SU-2026:2735-1: important: Security update for apache2
openSUSE-SU-2026:11180-1: moderate: python311-mistune-3.3.2-1.1 on GA media
openSUSE-SU-2026:11176-1: moderate: kitty-0.47.4-2.1 on GA media
openSUSE-SU-2026:11179-1: moderate: perl-List-SomeUtils-XS-0.590.0-1.1 on GA media
openSUSE-SU-2026:11175-1: moderate: kernel-devel-7.1.2-1.1 on GA media
openSUSE-SU-2026:11178-1: moderate: openQA-5.1782995932.ffeb09be-1.1 on GA media
openSUSE-SU-2026:11177-1: moderate: krb5-1.22.2-4.1 on GA media
SUSE-SU-2026:2743-1: important: Security update for gstreamer-plugins-bad
SUSE-SU-2026:2744-1: important: Security update for gstreamer-plugins-bad
SUSE-SU-2026:2745-1: moderate: Security update for firewalld-legacy
SUSE-SU-2026:2742-1: important: Security update for pacemaker
SUSE-SU-2026:2751-1: moderate: Security update for tracker-miners
SUSE-SU-2026:2749-1: important: Security update for perl-DBI




openSUSE-SU-2026:21220-1: moderate: Security update for dhcpcd


openSUSE security update: security update for dhcpcd
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21220-1
Rating: moderate
References:

* bsc#1268761

Cross-References:

* CVE-2025-70102

CVSS scores:

* CVE-2025-70102 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-70102 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for dhcpcd fixes the following issue

Update to 10.3.2:

- CVE-2025-70102: NULL pointer dereference in `parse_option()` when processing a specially crafted configuration input
(bsc#1268761).

Changes for dhcpcd:

* options: Ensure ldop is not NULL dereferenced
* DHCP: Don't run double EXPIRE hooks on carrier loss
* DHCP: free the state when dropping on state NONE
* BSD: don't send uninitialised memory using
ps_root_indirectioctl
* Fix fallback_time option
* IPv4: Ignore DHCP state when building routes
* route: Routes may not have an interface assinged
* options: Ensure that an overly long bitflag string does not
crash
* options: Don't assume vsio options have an argument
* common: Cast via uintptr_t rather than unsigned long in UNCONST
* privsep: Ensure we recv for real after a successful recv
MSG_PEEK
* DHCP: Add parentheses to macro definitions
* ipv6nd: empty IPV6RA_EXPIRE eloop queue when dropping
* privsep: enforce message boundaries with MSG_EOR on our
messages
* Protocols will notify when dhcpcd can exit
* DHCP: Don't request T1 and T2
* DHCP: Don't request a lease time
* DHCP6: Don't exit if using DHCP4 INFORM in non manager mode
* ND: Route Information Option prefix is optional
* ipv6: respect slaac hwaddr to really use the hwaddr
* When stopping all interfaces at exit and releasing,
remove persistance
* NetBSD: Delete RTF_CONNECTED route when changing it
* privsep: Drain the log when the root process is exiting
* eloop: vastly reworked, kqueue and epoll support on by default

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1147=1

Package List:

- openSUSE Leap 16.0:

dhcpcd-10.3.2-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-70102.html



openSUSE-SU-2026:21216-1: moderate: Security update for libslirp


openSUSE security update: security update for libslirp
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21216-1
Rating: moderate
References:

* bsc#1268903

Cross-References:

* CVE-2026-9539

CVSS scores:

* CVE-2026-9539 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for libslirp fixes the following issue

- CVE-2026-9539: TCP URG out of bounds heap read information leak (bsc#1268903).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1142=1

Package List:

- openSUSE Leap 16.0:

libslirp-devel-4.8.0+2-160000.3.1
libslirp0-4.8.0+2-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-9539.html



openSUSE-SU-2026:21211-1: moderate: Security update for ffmpeg-7


openSUSE security update: security update for ffmpeg-7
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21211-1
Rating: moderate
References:

* bsc#1220545
* bsc#1234030
* bsc#1237561
* bsc#1249393
* bsc#1249431
* bsc#1262237

Cross-References:

* CVE-2023-6601
* CVE-2024-35366
* CVE-2025-10256
* CVE-2025-1594
* CVE-2025-25473
* CVE-2025-9951
* CVE-2026-40962

CVSS scores:

* CVE-2023-6601 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2024-35366 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-35366 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-10256 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-10256 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-1594 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-1594 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-25473 ( SUSE ): 0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N
* CVE-2025-25473 ( SUSE ): 0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-9951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2025-9951 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-40962 ( SUSE ): 4.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-40962 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 7 vulnerabilities and has 6 bug fixes can now be installed.

Description:

This update for ffmpeg-7 fixes the following issues

- CVE-2026-40962: inadequate CENC subsample bounds checks can lead to an integer overflow (bsc#1262237).

Changes for ffmpeg-7:

- Update to version 7.1.4:
* Codec, format, filter and various other bugfixes.
* lavc/aarch64: Fix addp overflow in ff_pred16x16_plane_neon_10
* swscale/output: Fix integer overflow in yuv2ya16_X_c_template()
* avformat/avformat: clear FFFormatContext packet queue when
closing a muxer

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1137=1

Package List:

- openSUSE Leap 16.0:

ffmpeg-7-7.1.4-160000.1.1
ffmpeg-7-libavcodec-devel-7.1.4-160000.1.1
ffmpeg-7-libavdevice-devel-7.1.4-160000.1.1
ffmpeg-7-libavfilter-devel-7.1.4-160000.1.1
ffmpeg-7-libavformat-devel-7.1.4-160000.1.1
ffmpeg-7-libavutil-devel-7.1.4-160000.1.1
ffmpeg-7-libpostproc-devel-7.1.4-160000.1.1
ffmpeg-7-libswresample-devel-7.1.4-160000.1.1
ffmpeg-7-libswscale-devel-7.1.4-160000.1.1
libavcodec61-7.1.4-160000.1.1
libavdevice61-7.1.4-160000.1.1
libavfilter10-7.1.4-160000.1.1
libavformat61-7.1.4-160000.1.1
libavutil59-7.1.4-160000.1.1
libpostproc58-7.1.4-160000.1.1
libswresample5-7.1.4-160000.1.1
libswscale8-7.1.4-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2023-6601.html
* https://www.suse.com/security/cve/CVE-2024-35366.html
* https://www.suse.com/security/cve/CVE-2025-10256.html
* https://www.suse.com/security/cve/CVE-2025-1594.html
* https://www.suse.com/security/cve/CVE-2025-25473.html
* https://www.suse.com/security/cve/CVE-2025-9951.html
* https://www.suse.com/security/cve/CVE-2026-40962.html



openSUSE-SU-2026:21207-1: moderate: Security update for GraphicsMagick


openSUSE security update: security update for graphicsmagick
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21207-1
Rating: moderate
References:

* bsc#1268125

Cross-References:

* CVE-2026-46523

CVSS scores:

* CVE-2026-46523 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-46523 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for GraphicsMagick fixes the following issue

- CVE-2026-46523: heap-use-after-free via a crafted MSL image (bsc#1268125).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1133=1

Package List:

- openSUSE Leap 16.0:

GraphicsMagick-1.3.45-160000.8.1
GraphicsMagick-devel-1.3.45-160000.8.1
libGraphicsMagick++-Q16-12-1.3.45-160000.8.1
libGraphicsMagick++-devel-1.3.45-160000.8.1
libGraphicsMagick-Q16-3-1.3.45-160000.8.1
libGraphicsMagick3-config-1.3.45-160000.8.1
libGraphicsMagickWand-Q16-2-1.3.45-160000.8.1
perl-GraphicsMagick-1.3.45-160000.8.1

References:

* https://www.suse.com/security/cve/CVE-2026-46523.html



openSUSE-SU-2026:21210-1: important: Security update for google-osconfig-agent


openSUSE security update: security update for google-osconfig-agent
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21210-1
Rating: important
References:

* bsc#1210938
* bsc#1251453
* bsc#1251704
* bsc#1260264
* bsc#1262926
* bsc#1264923
* bsc#1265762
* bsc#1266171
* bsc#1266603

Cross-References:

* CVE-2023-45288
* CVE-2025-22868
* CVE-2025-47911
* CVE-2025-58190
* CVE-2026-33186
* CVE-2026-33814
* CVE-2026-34986
* CVE-2026-39821
* CVE-2026-39827
* CVE-2026-39828
* CVE-2026-39829
* CVE-2026-39830
* CVE-2026-39831
* CVE-2026-39832
* CVE-2026-39833
* CVE-2026-39834
* CVE-2026-39835
* CVE-2026-41506
* CVE-2026-42508
* CVE-2026-46595
* CVE-2026-46597
* CVE-2026-46598

CVSS scores:

* CVE-2023-45288 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-45288 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-22868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22868 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-47911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-47911 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58190 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34986 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
* CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41506 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-41506 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 22 vulnerabilities and has 9 bug fixes can now be installed.

Description:

This update for google-osconfig-agent fixes the following issues

- CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers.
- CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents
(bsc#1251453).
- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially
crafted input (bsc#1251704).
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
header (bsc#1260264).
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265762).
- CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of
service (bsc#1262926).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege escalation (bsc#1266603).
- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
(bsc#1266171).
- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
(bsc#1266171).
- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
(bsc#1266171).
- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266171).
- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
(bsc#1266171).
- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
(bsc#1266171).
- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266171).
- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266171).
- CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during
smart-HTTP clone and fetch operations (bsc#1264923).

Changes for google-osconfig-agent:

- Update to version 20260615.01
* Upgrade golang.org/x/crypto & golang.org/x/net (#1006)
- from version 20260615.00
* Add unit tests for ospatch_apt_upgrade.go (#938)
- Update to version 20260611.00
* Add unit tests for policies/policies.go PART 5 (#998)
- from version 20260610.00
* Add unit tests for policies/policies.go PART 4 (#997)
- from version 20260609.02
* squash commits (#936)
- from version 20260609.01
* Add unit tests for policies/policies.go PART 3 (#996)
- from version 20260609.00
* Add unit tests for policies/policies.go PART 2 (#991)
- from version 20260602.01
* Align format of dates and timestamp collected across Windows packages (#973)
- from version 20260602.00
* Add unit tests for config/config,go (#979)
- from version 20260528.00
* Bump github.com/containerd/containerd (#990)
- from version 20260521.00
* Cover agentconfig functionality by unit tests (#925)
- from version 20260520.04
* Add unit tests for policies/googet.go (#961)
* Bump github.com/go-git/go-git/v5 (#987)
- from version 20260520.02
* Add unit tests for policies/yum.go (#952)
* Add unit tests for policies/apt.go PART 3 (#951)
- from version 20260520.00
* Add unit tests for policies/zypper.go (#953)
- from version 20260519.00
* Add unit tests for policies/policies.go PART 1 (#949)
- from version 20260513.01
* Bump github.com/go-git/go-git/v5 (#981), this also updates
golang.org/x/net to v0.53.0 (bsc#1265762, CVE-2026-33814)
- from version 20260513.00
* upgrade a few packages (#980)
- from version 20260512.02
* Add/improve unit tests for agentendpoint/exec_task.go (#933)
- from version 20260512.01
* Cover google_update.go by unit tests (#941)
- from version 20260512.00
* Change zone for arm64 builds because of stockout (#978)
- Update to version 20260511.00
* switch to t2a-standard-2 on ARM package build (#977)
- from version 20260505.03
* Cover zypper_patch by unit tests (#958)
- from version 20260505.02
* Remove unused functions DisableAutoUpdates (#970)
- from version 20260505.01
* Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#966)
- from version 20260505.00
* Upgrade a few dependencies across the repo (#968)
+ github.com/go-git/go-git/v5 5.16.2->5.18.0 (bsc#1264923, CVE-2026-41506)
+ github.com/go-jose/go-jose/v4 4.1.3->4.1.4 (bsc#1262926, CVE-2026-34986)
+ github.com/go-viper/mapstructure/v2 2.3.0->2.4.0
+ go.opentelemetry.io/otel 1.40.0->1.41.0
+ go.opentelemetry.io/otel/sdk 1.39.0->1.43.0
- from version 20260504.01
* bump github.com/docker/cli to 29.2.0 (#962)
- from version 20260504.00
* Bump github.com/opencontainers/selinux (#960)
- Update to version 20260428.00
* Add/improve unit tests for agentendpoint/agentendpoint.go (#930)
- from version 20260427.03
* Cover config/file.go by unit tests (#935)
- from version 20260422.01
* Cover patch_linux.go by unit tests (#932)
- from version 20260422.00
* upgrade grpc package in main package and e2e tests (#959)
(bsc#1260264, CVE-2026-33186)
- from version 20260417.04
* Bump OSV-Scalibr version to v0.4.3 (#956)
- from version 20260417.03
* Add unit tests for updates_linux.go (#937)
- from version 20260417.02
* Add zone to CreateDisk step (#955)
- from version 20260417.01
* Change disk type for deb11 (#954)
- from version 20260417.00
* Add unit tests for policies/apt.go PART 1 (#950)
- from version 20260410.02
* Add unit tests for packages/pty_linux.go (#943)
- from version 20260410.01
* fix disk type for arm workflows (#948)
- from version 20260410.00
* Change machine type for arm based workflows (#946)
- Update to version 20260330.00
* bump timeouts for all workflows (#940)
- from version 20260326.00
* Cover exec_resource.go by unit tests (#934)
- from version 20260318.00
* Integrate OSConfig agent with ReportVmInventory (#923)
- from version 20260313.02
* remove cacheonly flag from yum upgrade (#924)
- from version 20260313.01
* conditions python version override (#927)
- from version 20260313.00
* Fix presubmits by explicitly set python version for rpm based systems (#926)
- from version 20260311.00
* Bump osconfig version (#922)
- from version 20260309.02
* Extend OSV scalibr extractor (#921)
- from version 20260309.01
* upgrade golang.org/x/crypto and it's transitive deps (#918)
- from version 20260309.00
* Add purl to pkg info (#920)
- from version 20260306.00
* Add 'Type' field to PkgInfo (#919)
- from version 20260303.01
* Upgrade go.opentelemetry.io/otel/sdk (#913)
- from version 20260303.00
* Bump github.com/vbatts/tar-split from 0.11.5 to 0.12.2 (#908)
- from version 20260302.00
* Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.7 (#906)
- from version 20260126.00
* Bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.39.0 (#905)
* Bump github.com/sirupsen/logrus (#894)
- Update to version 20260119.00
* Bump cloud.google.com/go/storage from 1.56.0 to 1.58.0 (#899)
- Update to version 20251230.00
* chore: Migrate gsutil usage to gcloud storage (#904)
- from version 20251223.00
* fix e2e tests for report inventory (#903)
- from version 20251222.01
* Revert "Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)" (#902)
- from version 20251222.00
* Bump golang to the new version (#900)
- from version 20251218.00
* add new CODEOWNERS (#901)
- from version 20251217.00
* Bump cloud.google.com/go/longrunning from 0.6.3 to 0.7.0 (#882)
- Bump the golang compiler version to 1.24.5
- Update to version 20251202.00
* Revert "Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)" (#893)
- Update to version 20251201.00
* Revert "Bump github.com/containerd/containerd (#890)" (#892)
- Update to version 20251126.00
* Bump github.com/containerd/containerd (#890)
* Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.5 (#887)
- Update to version 20251028.00
* Bump go.opentelemetry.io/otel/sdk/metric from 1.35.0 to 1.38.0 (#886)
* Bump github.com/tidwall/pretty from 1.2.0 to 1.2.1 (#880)
- from version 20251023.02
* Create multiple_os.yaml (#883)
- from version 20251023.00
* Bump github.com/docker/go-connections from 0.4.0 to 0.6.0 (#877)
* Add test runner for e2e tests (#876)
- Update to version 20250925.00
* Bump cloud.google.com/go/auth/oauth2adapt from 0.2.7 to 0.2.8 (#870)
* Bump google.golang.org/protobuf from 1.36.6 to 1.36.9 (#874)
* Bump go.opentelemetry.io/otel from 1.35.0 to 1.38.0 (#872)
* Bump github.com/golang/glog from 1.2.4 to 1.2.5 (#830)
- Update to version 20250902.01
* Bump github.com/googleapis/enterprise-certificate-proxy (#829)
- from version 20250902.00
* update github.com/go-jose/go-jose/v4 (#869)
* Upgrade scalibr and other deps (#866)
- from version 20250901.00
* Fix possibility of path traversal for zip and tar archival (#868)
- from version 20250825.00
* set CODEOWNERS file as required by org (#863)
- from version 20250819.00
* Fix/rhel10 build centos image (#860)
- from version 20250814.00
* Fix/rhel10 build image (#859)
- from version 20250813.00
* Fix: Add RHEL 10 support to RPM startup script (#858)
- from version 20250811.00
* Remove old/sles-15-sp4-sap as image is deprecated (#857)
- Update to version 20250806.00
* Fixed JSON identifier for the universe domain (#855)
- from version 20250729.00
* Bump github.com/google/s2a-go from 0.1.8 to 0.1.9 (#828)
- from version 20250725.02
* Update utils.go (#854)
* Upgrade golang.org/x/oauth2 package to the latest. (#853)
* Bump golang.org/x/time from 0.9.0 to 0.12.0 (#839)
- from version 20250725.01
* Bump golang.org/x/oauth2 (#848)
* Port fix for debian 11 to goo package manager. (#852)
- from version 20250725.00
* Update Golang version in common.sh and skip backports
repo for debian 11 (#850)
- from version 20250723.01
* Add workflows to build package for el10 (#849)
- from version 20250721.00
* Make OS Config agent TPC aware (#846)
- from version 20250718.00
* Create workflows for new Debian 13. (#847)
- Update to version 20250703.00
* Fix sles images (#844)
- from version 20250702.00
* Remove rhel-sap 8-4 add rhel-sap 8-10 (#843)
- from version 20250701.00
* Bump the go_modules group across 1 directory with 2 updates (#840)
- Update to version 20250606.00
* Change base docker images Google's official base images. (#838)
- Update to version 20250523.01
* Add a simple no-op OS policy for user testing (#837)
- from version 20250523.00
* Introduce scalibr inventory extractor for dpkg/rpm/cos
os/filesystem extractors (linux) (#834)
* Trace GetInstalledPackages memory levels (#835)
- from version 20250520.00
- Update to version 20250513.00
* Fix rpm extractor, handle (none) value correctly. (#833)
- from version 20250512.01
* Bump github.com/envoyproxy/go-control-plane from 0.13.1 to 0.13.4 (#816)
- from version 20250512.00
* Bump golang.org/x/net from 0.39.0 to 0.40.0 (#819)
- from version 20250508.01
* cosmetic refactoring to osinfo package (#826)
- from version 20250508.00
* Refactor /inventory with dependency injection (#825)
* Add debian, ubuntu (InstalledDebPackages) snapshots (#821)
* cover packages_linux.go file with tests (#824)
* Add debian (10,11,12) GetPackageUpdates output snapshots (#822)
- from version 20250507.00
* Add InstalledRPMPackages snapshot tests (#823)
- from version 20250506.02
* Yum tests: simplify initialization of exit errors (#820)
- from version 20250506.01
* Improve test coverage for gem package manager (#818)
- from version 20250506.00
* after go/x/crypto update 0.32.0 -> 0.37.0 (#817)
- from version 20250505.01
* Improve packages package coverage (#814)
* Bump golang.org/x/net from 0.34.0 to 0.39.0 (#807)
- from version 20250505.00
* Bump golang.org/x/crypto from 0.32.0 to 0.37.0 (#806)
- from version 20250430.00
* Snapshot YumUpdates (GetPackageUpdates) output (#813)
- from version 20250428.00
* Snapshot ZypperPatches, ZypperUpdates (GetPackageUpdates) output
for sles 12, 15 testdata (#812)
- from version 20250423.00
* Introduce MatchSnapshot large test results matcher function, snapshot
apt-deb GetPackageUpdates (#811)
- from version 20250416.02

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1136=1

Package List:

- openSUSE Leap 16.0:

google-osconfig-agent-20260615.01-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2023-45288.html
* https://www.suse.com/security/cve/CVE-2025-22868.html
* https://www.suse.com/security/cve/CVE-2025-47911.html
* https://www.suse.com/security/cve/CVE-2025-58190.html
* https://www.suse.com/security/cve/CVE-2026-33186.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-34986.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39828.html
* https://www.suse.com/security/cve/CVE-2026-39829.html
* https://www.suse.com/security/cve/CVE-2026-39830.html
* https://www.suse.com/security/cve/CVE-2026-39831.html
* https://www.suse.com/security/cve/CVE-2026-39832.html
* https://www.suse.com/security/cve/CVE-2026-39833.html
* https://www.suse.com/security/cve/CVE-2026-39834.html
* https://www.suse.com/security/cve/CVE-2026-39835.html
* https://www.suse.com/security/cve/CVE-2026-41506.html
* https://www.suse.com/security/cve/CVE-2026-42508.html
* https://www.suse.com/security/cve/CVE-2026-46595.html
* https://www.suse.com/security/cve/CVE-2026-46597.html
* https://www.suse.com/security/cve/CVE-2026-46598.html



openSUSE-SU-2026:21201-1: important: Security update for jackson-annotations, jackson-core, jackson-databind


openSUSE security update: security update for jackson-annotations, jackson-core, jackson-databind
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21201-1
Rating: important
References:

* bsc#1268603
* bsc#1268897
* bsc#1268898
* bsc#1268899
* bsc#1268902

Cross-References:

* CVE-2026-54512
* CVE-2026-54513
* CVE-2026-54514
* CVE-2026-54515

CVSS scores:

* CVE-2026-54512 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-54513 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-54514 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-54515 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 4 vulnerabilities and has 5 bug fixes can now be installed.

Description:

This update for jackson-annotations, jackson-core, jackson-databind fixes the following issues

- CVE-2026-54512: jackson-databind has a PolymorphicTypeValidator bypass via generic type parameters that allows
arbitrary class instantiation (bsc#1268897).
- CVE-2026-54513: jackson-databind has an array subtype allowlist bypass in BasicPolymorphicTypeValidator (bsc#1268898).
- CVE-2026-54514: InetSocketAddress deserialization triggers eager DNS resolution (bsc#1268899).
- CVE-2026-54515: jackson-databind has case-insensitive deserialization bypasses per-property @JsonIgnoreProperties
(bsc#1268902).
- document length constraint bypass in blocking, async, and DataInput parsers (bsc#1268603).

Changes for jackson-annotations:

- Update to 2.18.8
* No changes since 2.17.3

Changes for jackson-core:

- Update to 2.18.8
* Changes of 2.18.8
+ #1611: Apply number-length validator on streaming integer path
of async parser
* Changes of 2.18.7
+ #1570: Fail parsing from 'DataInput' if 'StreamReadConstraints
.getMaxDocumentLength()' set
(bsc#1268603, GHSA-2m67-wjpj-xhg9)
+ #1600: Rework 3rd party licenses in jar
+ #1602: 'UTF8DataInputJsonParser' needs to enforce
'StreamReadConstraints.maxNameLength' limit
* Changes of 2.18.6
+ #1512: Number-parsing fix for 'UTF8DataInputJsonParser'
+ #1548: 'StreamReadConstraints.maxDocumentLength' not checked
when creating parser with fixed buffer
+ #1555: Enforce 'StreamReadConstraints.maxNumberLength' for
non-blocking (async) parser
* Changes of 2.18.5
+ #1433: 'JsonParser#getNumberType()' throws
'JsonParseException' when the current token is non-numeric
instead of returning null
+ #1446: Invalid package reference to "java.lang.foreign" from
'com.fasterxml.jackson.core:jackson-core' (from
'FastDoubleParser')
* Changes of 2.18.3
+ #1391: Fix issue where the parser can read back old number
state when parsing later numbers
+ #1397: Jackson changes additional values to infinite in case
of special JSON structures and existing infinite values
+ #1398: Fix issue that feature
COMBINE_UNICODE_SURROGATES_IN_UTF8 doesn't work when custom
characterEscape is used
* Changes of 2.18.2
+ #1359: Non-surrogate characters being incorrectly combined
when 'JsonWriteFeature.COMBINE_UNICODE_SURROGATES_IN_UTF8' is
enabled
* Changes of 2.18.1
+ #1353: Use fastdoubleparser 1.0.90
* Changes of 2.18.
+ #223: 'UTF8JsonGenerator' writes supplementary characters as a
surrogate pair: should use 4-byte encoding
+ #1230: Improve performance of 'float' and 'double' parsing
from 'TextBuffer'
+ #1251: 'InternCache' replace synchronized with 'ReentrantLock'
- the cache size limit is no longer strictly enforced for
performance reasons but we should never go far about the limit
+ #1252: 'ThreadLocalBufferManager' replace synchronized with
'ReentrantLock'
+ #1257: Increase InternCache default max size from 100 to 200
+ #1262: Add diagnostic method 'pooledCount()' in 'RecyclerPool'
+ #1264: Rename shaded 'ch.randelshofer:fastdoubleparser'
classes to prevent use by downstream consumers
+ #1271: Deprecate 'LockFreePool' implementation in 2.18 (remove
from 3.0)
+ #1274: 'NUL'-corrupted keys, values on JSON serialization
+ #1277: Add back Java 22 optimisation in FastDoubleParser
+ #1284: Optimize 'JsonParser.getDoubleValue()/getFloatValue()
/getDecimalValue()' to avoid String allocation
+ #1305: Make helper methods of 'WriterBasedJsonGenerator'
non-final to allow overriding
+ #1310: Add new 'StreamReadConstraints' ('maxTokenCount') to
limit maximum number of Tokens allowed per document#
+ #1331: Update to FastDoubleParser v1.0.1 to fix 'BigDecimal'
decoding proble

Changes for jackson-databind:

- Update to 2.18.8
* Changes of 2.18.8
+ #5950: Improve 'UUIDeserializer' error handling
+ #5951: Improve 'InetSocketAddress' deserialization
(bsc#1268899, CVE-2026-54514)
+ #5969: '@JsonView' by-passed for some "setterless" creator
properties
+ #5971: '@JsonView' by-passed for unwrapped creator parameters
+ #5974: '@JsonIgnore' on Record property ignored with
'PropertyNamingStrategy'
+ #5981: 'BasicPolymorphicTypeValidator' setting
'allowIfSubTypeIsArray()' should validate element type
(bsc#1268898, CVE-2026-54513)
+ #5988: 'PolymorphicTypeValidator' needs to validate generic
type parameters too (bsc#1268897, CVE-2026-54512)
+ #5993: 'UPPER_SNAKE_CASE' / 'LOWER_CASE' 'NamingStrategyImpls'
fold case using JVM default locale (Turkish-I bug)
* Changes of 2.18.4
+ #4628: '@JsonIgnore' and '@JsonProperty.access=READ_ONLY' on
Record property ignored for deserialization
+ #5049: Duplicate creator property "b" (index 0 vs 1) on simple
java record
* Changes of 2.18.3
+ #4444: The 'KeyDeserializer' specified in the class with
'@JsonDeserialize(keyUsing = ...)' is overwritten by the
'KeyDeserializer' specified in the 'ObjectMapper'.
+ #4827: Subclassed Throwable deserialization fails since
v2.18.0 - no creator index for property 'cause'
+ #4844: Fix wrapped array handling wrt 'null' by
'StdDeserializer'
+ #4848: Avoid type pollution in 'StringCollectionDeserializer'
+ #4860: 'ConstructorDetector.USE_PROPERTIES_BASED' does not
work with multiple constructors since 2.18
+ #4878: When serializing a Map via
Converter(StdDelegatingSerializer), a NullPointerException is
thrown due to missing key serializer
+ #4908: Deserialization behavior change with @JsonCreator and
@ConstructorProperties between 2.17 and 2.18
+ #4917: 'BigDecimal' deserialization issue when using
'@JsonCreator'
+ #4920: Creator properties are ignored on abstract types when
collecting bean properties, breaking AsExternalTypeDeserializer
+ #4922: Failing '@JsonMerge' with a custom Map
+ #4932: Conversion of 'MissingNode' throws
'JsonProcessingException'
* Changes of 2.18.2
+ #4733: Wrong serialization of Type Ids for certain types of
Enum values
+ #4742: Deserialization with Builder, External type id,
'@JsonCreator' failing
+ #4777: 'StdValueInstantiator.withArgsCreator' is now set for
creators with no arguments
+ #4783 Possibly wrong behavior of @JsonMerge
+ #4787: Wrong 'String.format()' in 'StdDelegatingDeserializer'
hides actual error
+ #4788: 'EnumFeature.WRITE_ENUMS_TO_LOWERCASE' overrides
'@JsonProperty' values
+ #4790: Fix '@JsonAnySetter' issue with "setter" method
(related to #4639)
+ #4807: Improve 'FactoryBasedEnumDeserializer' to work better
with XML module
+ #4810: Deserialization using '@JsonCreator' with renamed
property failing (since 2.18)
* Changes of 2.18.1
+ #4508: Deserialized JsonAnySetter field in Kotlin data class
is null
+ #4639: @JsonAnySetter on field ignoring unrecognized
properties if they are declared before the last recognized
properties in JSON
+ #4718: Should not fail on trying to serialize
'java.time.DateTimeException'
+ #4724: Deserialization behavior change with Records,
'@JsonCreator' and '@JsonValue' between 2.17 and 2.18
+ #4727: Eclipse having issues due'module-info' class "lost" on
2.18.0 jars
+ #4741: When 'Include.NON_DEFAULT' setting is used on POJO,
empty values are not included in json if default is 'null'
+ #4749: Fixed a problem with
'StdDelegatingSerializer#serializeWithType' looking up the
serializer with the wrong argument
* Changes of 2.18.0
+ #562: Allow '@JsonAnySetter' to flow through Creators
+ #806: Problem with 'NamingStrategy', creator methods with
implicit names
+ #2977: Incompatible 'FAIL_ON_MISSING_PRIMITIVE_PROPERTIES' and
field level '@JsonProperty'
+ #3120: Return 'ListIterator' from 'ArrayNode.elements()'
+ #3241: 'constructorDetector' seems to invalidate
'defaultSetterInfo' for nullability
+ #3439: Java Record '@JsonAnySetter' value is null after
deserialization
+ #4085: '@JsonView' does not work on class-level for records
+ #4119: Exception when deserialization uses a record with a
constructor property with 'access=READ_ONLY'
+ #4356: 'BeanDeserializerModifier::updateBuilder()' doesn't
work for beans with Creator methods
+ #4407: 'null' type id handling does not work with
'writeTypePrefix()'
+ #4452: '@JsonProperty' not serializing field names properly on
'@JsonCreator' in Record
+ #4453: Allow JSON Integer to deserialize into a single-arg
constructor of parameter type 'double'
+ #4456: Rework locking in 'DeserializerCache'
+ #4458: Rework synchronized block from 'BeanDeserializerBase'
+ #4464: When 'Include.NON_DEFAULT' setting is used, 'isEmpty()'
method is not called on the serializer
+ #4472: Rework synchronized block in 'TypeDeserializerBase'
+ #4483: Remove 'final' on method BeanSerializer.serialize()
+ #4515: Rewrite Bean Property Introspection logic in Jackson
2.x
+ #4545: Unexpected deserialization behavior with
'@JsonCreator', '@JsonProperty' and javac '-parameters'
+ #4570: Deprecate 'ObjectMapper.canDeserialize()'/'ObjectMapper
.canSerialize()'
+ #4580: Add 'MapperFeature
.SORT_CREATOR_PROPERTIES_BY_DECLARATION_ORDER' to use Creator
properties' declaration order for sorting
+ #4584: Provide extension point for detecting "primary"
Constructor for Kotlin (and similar) data classes
+ #4602: Possible wrong use of _arrayDelegateDeserializer in
BeanDeserializerBase::deserializeFromObjectUsingNonDefault()
+ #4617: Record property serialization order not preserved
+ #4626: '@JsonIgnore' on Record property ignored for
deserialization, if there is getter override
+ #4630: '@JsonIncludeProperties', '@JsonIgnoreProperties'
ignored when serializing Records, if there is getter override
+ #4634: '@JsonAnySetter' not working when annotated on both
constructor parameter & field
+ #4678: Java records don't serialize with 'MapperFeature
.REQUIRE_SETTERS_FOR_GETTERS'
+ #4688: Should allow deserializing with no-arg
'@JsonCreator(mode = DELEGATING)'
+ #4694: Deserializing 'BigDecimal' with large number of
decimals result in incorrect value
+ #4699: Add extra 'writeNumber()' method in 'TokenBuffer'
+ #4709: Add 'JacksonCollectors' with 'toArrayNode()'
implementation
+ Fix #5962: Case-insensitive deserialization may use wrong
@JsonIgnoreProperties (bsc#1268902, CVE-2026-54515)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1124=1

Package List:

- openSUSE Leap 16.0:

jackson-annotations-2.18.8-160000.1.1
jackson-annotations-javadoc-2.18.8-160000.1.1
jackson-core-2.18.8-160000.1.1
jackson-core-javadoc-2.18.8-160000.1.1
jackson-databind-2.18.8-160000.1.1
jackson-databind-javadoc-2.18.8-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-54512.html
* https://www.suse.com/security/cve/CVE-2026-54513.html
* https://www.suse.com/security/cve/CVE-2026-54514.html
* https://www.suse.com/security/cve/CVE-2026-54515.html



openSUSE-SU-2026:21221-1: moderate: Security update for jline3


openSUSE security update: security update for jline3
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21221-1
Rating: moderate
References:

* bsc#1269021

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that has one bug fix can now be installed.

Description:

This update for jline3 fixes the following issues:

Changes in jline3:

* unauthenticated remote memory exhaustion via unbounded Telnet 'NEW-ENVIRON variables (bsc#1269021)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1148=1

Package List:

- openSUSE Leap 16.0:

jline3-3.30.13-160000.3.1
jline3-builtins-3.30.13-160000.3.1
jline3-console-3.30.13-160000.3.1
jline3-console-ui-3.30.13-160000.3.1
jline3-curses-3.30.13-160000.3.1
jline3-jansi-3.30.13-160000.3.1
jline3-jansi-core-3.30.13-160000.3.1
jline3-javadoc-3.30.13-160000.3.1
jline3-native-3.30.13-160000.3.1
jline3-reader-3.30.13-160000.3.1
jline3-remote-telnet-3.30.13-160000.3.1
jline3-style-3.30.13-160000.3.1
jline3-terminal-3.30.13-160000.3.1
jline3-terminal-jansi-3.30.13-160000.3.1
jline3-terminal-jna-3.30.13-160000.3.1
jline3-terminal-jni-3.30.13-160000.3.1



openSUSE-SU-2026:21204-1: important: Security update for gstreamer-plugins-bad


openSUSE security update: security update for gstreamer-plugins-bad
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21204-1
Rating: important
References:

* bsc#1268401

Cross-References:

* CVE-2026-52719

CVSS scores:

* CVE-2026-52719 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for gstreamer-plugins-bad fixes the following issue

- CVE-2026-52719: gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read via JPEG segment length validation in VA
decoder (bsc#1268401).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1128=1

Package List:

- openSUSE Leap 16.0:

gstreamer-plugins-bad-1.26.7-160000.2.1
gstreamer-plugins-bad-chromaprint-1.26.7-160000.2.1
gstreamer-plugins-bad-devel-1.26.7-160000.2.1
gstreamer-plugins-bad-lang-1.26.7-160000.2.1
gstreamer-transcoder-1.26.7-160000.2.1
gstreamer-transcoder-devel-1.26.7-160000.2.1
libgstadaptivedemux-1_0-0-1.26.7-160000.2.1
libgstanalytics-1_0-0-1.26.7-160000.2.1
libgstbadaudio-1_0-0-1.26.7-160000.2.1
libgstbasecamerabinsrc-1_0-0-1.26.7-160000.2.1
libgstcodecparsers-1_0-0-1.26.7-160000.2.1
libgstcodecs-1_0-0-1.26.7-160000.2.1
libgstcuda-1_0-0-1.26.7-160000.2.1
libgstdxva-1_0-0-1.26.7-160000.2.1
libgstinsertbin-1_0-0-1.26.7-160000.2.1
libgstisoff-1_0-0-1.26.7-160000.2.1
libgstmpegts-1_0-0-1.26.7-160000.2.1
libgstmse-1_0-0-1.26.7-160000.2.1
libgstphotography-1_0-0-1.26.7-160000.2.1
libgstplay-1_0-0-1.26.7-160000.2.1
libgstplayer-1_0-0-1.26.7-160000.2.1
libgstsctp-1_0-0-1.26.7-160000.2.1
libgsttranscoder-1_0-0-1.26.7-160000.2.1
libgsturidownloader-1_0-0-1.26.7-160000.2.1
libgstva-1_0-0-1.26.7-160000.2.1
libgstvulkan-1_0-0-1.26.7-160000.2.1
libgstwayland-1_0-0-1.26.7-160000.2.1
libgstwebrtc-1_0-0-1.26.7-160000.2.1
libgstwebrtcnice-1_0-0-1.26.7-160000.2.1
typelib-1_0-CudaGst-1_0-1.26.7-160000.2.1
typelib-1_0-GstAnalytics-1_0-1.26.7-160000.2.1
typelib-1_0-GstBadAudio-1_0-1.26.7-160000.2.1
typelib-1_0-GstCodecs-1_0-1.26.7-160000.2.1
typelib-1_0-GstCuda-1_0-1.26.7-160000.2.1
typelib-1_0-GstDxva-1_0-1.26.7-160000.2.1
typelib-1_0-GstInsertBin-1_0-1.26.7-160000.2.1
typelib-1_0-GstMpegts-1_0-1.26.7-160000.2.1
typelib-1_0-GstMse-1_0-1.26.7-160000.2.1
typelib-1_0-GstPlay-1_0-1.26.7-160000.2.1
typelib-1_0-GstPlayer-1_0-1.26.7-160000.2.1
typelib-1_0-GstTranscoder-1_0-1.26.7-160000.2.1
typelib-1_0-GstVa-1_0-1.26.7-160000.2.1
typelib-1_0-GstVulkan-1_0-1.26.7-160000.2.1
typelib-1_0-GstVulkanWayland-1_0-1.26.7-160000.2.1
typelib-1_0-GstVulkanXCB-1_0-1.26.7-160000.2.1
typelib-1_0-GstWebRTC-1_0-1.26.7-160000.2.1

References:

* https://www.suse.com/security/cve/CVE-2026-52719.html



openSUSE-SU-2026:21196-1: important: Security update for pacemaker


openSUSE security update: security update for pacemaker
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21196-1
Rating: important
References:

* bsc#1268381

Cross-References:

* CVE-2026-10649

CVSS scores:

* CVE-2026-10649 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for pacemaker fixes the following issues:

- CVE-2026-10649: Fixed denial of service via integer overflow in remote message decompression (bsc#1268381).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1108=1

Package List:

- openSUSE Leap 16.0:

pacemaker-3.0.0+20250218.64cd85422c-160000.4.1
pacemaker-cli-3.0.0+20250218.64cd85422c-160000.4.1
pacemaker-cts-3.0.0+20250218.64cd85422c-160000.4.1
pacemaker-devel-3.0.0+20250218.64cd85422c-160000.4.1
pacemaker-libs-3.0.0+20250218.64cd85422c-160000.4.1
pacemaker-remote-3.0.0+20250218.64cd85422c-160000.4.1
pacemaker-schemas-3.0.0+20250218.64cd85422c-160000.4.1
python3-pacemaker-3.0.0+20250218.64cd85422c-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2026-10649.html



openSUSE-SU-2026:21192-1: important: Security update for dnsmasq


openSUSE security update: security update for dnsmasq
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21192-1
Rating: important
References:

* bsc#1268764

Cross-References:

* CVE-2026-12725
* CVE-2026-2291
* CVE-2026-6507

CVSS scores:

* CVE-2026-12725 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-12725 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-2291 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-2291 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-6507 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-6507 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has one bug fix can now be installed.

Description:

This update for dnsmasq fixes the following issues

Update to 2.93:

- CVE-2026-12725: heap buffer overflow in `log_query()` when logging unsupported DS/DNSKEY replies (bsc#1268764).

Changes for dnsmasq:

* CVE-2026-12725, bsc#1268764: Heap buffer overflow in
`log_query()` when logging unsupported DS/DNSKEY replies.
* Fix a corner-case in DNSSEC validation with wildcards.
* Fix DNSSEC failure with spurious RRSIGs.
* Fix DNSSEC fail with CNAME replies to DS queries.
* Fix regression in 2.92 release which broke DHCPv6 when a DHCP
relay is in use.
* Modify the inotify implementation so that inotify watches are
only created after dnsmasq has changed permissions and userid.
* CVE-2026-2291: Rework storage allocation for domain names.

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1102=1

Package List:

- openSUSE Leap 16.0:

dnsmasq-2.93-160000.1.1
dnsmasq-utils-2.93-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-12725.html
* https://www.suse.com/security/cve/CVE-2026-2291.html
* https://www.suse.com/security/cve/CVE-2026-6507.html



openSUSE-SU-2026:21205-1: important: Security update for docker-stable


openSUSE security update: security update for docker-stable
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21205-1
Rating: important
References:

* bsc#1260279
* bsc#1265782
* bsc#1265907
* bsc#1265929
* bsc#1266625
* bsc#1267827

Cross-References:

* CVE-2026-33186
* CVE-2026-33814
* CVE-2026-33997
* CVE-2026-34040
* CVE-2026-39821
* CVE-2026-41567

CVSS scores:

* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33997 ( SUSE ): 8.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-34040 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-41567 ( SUSE ): 7.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 6 vulnerabilities and has 6 bug fixes can now be installed.

Description:

This update for docker-stable fixes the following issues

- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-
header (bsc#1260279).
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265782).
- CVE-2026-33997: moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation
(bsc#1265907).
- CVE-2026-34040: Authz zero length regression (bsc#1265929).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege escalation (bsc#1266625).
- CVE-2026-41567: arbitrary code execution with full daemon privileges when a user uploads a compressed archive into
that container (bsc#1267827).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1129=1

Package List:

- openSUSE Leap 16.0:

docker-stable-24.0.9_ce-160000.6.1
docker-stable-bash-completion-24.0.9_ce-160000.6.1
docker-stable-buildx-0.25.0-160000.6.1
docker-stable-fish-completion-24.0.9_ce-160000.6.1
docker-stable-rootless-extras-24.0.9_ce-160000.6.1
docker-stable-zsh-completion-24.0.9_ce-160000.6.1

References:

* https://www.suse.com/security/cve/CVE-2026-33186.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-33997.html
* https://www.suse.com/security/cve/CVE-2026-34040.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://www.suse.com/security/cve/CVE-2026-41567.html



openSUSE-SU-2026:21218-1: important: Security update for perl-List-SomeUtils-XS


openSUSE security update: security update for perl-list-someutils-xs
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21218-1
Rating: important
References:

* bsc#1269210

Cross-References:

* CVE-2026-12844

CVSS scores:

* CVE-2026-12844 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-12844 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for perl-List-SomeUtils-XS fixes the following issue

- CVE-2026-12844: heap buffer overflow in the `pairwise` function (bsc#1269210).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1144=1

Package List:

- openSUSE Leap 16.0:

perl-List-SomeUtils-XS-0.58-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-12844.html



openSUSE-SU-2026:21202-1: moderate: Security update for lcms2


openSUSE security update: security update for lcms2
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21202-1
Rating: moderate
References:

* bsc#1263703
* bsc#1264994

Cross-References:

* CVE-2026-41254
* CVE-2026-42798

CVSS scores:

* CVE-2026-41254 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-41254 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-42798 ( SUSE ): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for lcms2 fixes the following issues

- CVE-2026-41254: integer overflow in CubeSize in cmslut.c (bsc#1264994).
- CVE-2026-42798: integer overflow in ParseCube in cmscgats.c (bsc#1263703).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1125=1

Package List:

- openSUSE Leap 16.0:

lcms2-2.16-160000.4.1
liblcms2-2-2.16-160000.4.1
liblcms2-devel-2.16-160000.4.1
liblcms2-doc-2.16-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2026-41254.html
* https://www.suse.com/security/cve/CVE-2026-42798.html



SUSE-SU-2026:2729-1: moderate: Security update for python-lxml


# Security update for python-lxml

Announcement ID: SUSE-SU-2026:2729-1
Release Date: 2026-07-02T17:31:24Z
Rating: moderate
References:

* bsc#1263254

Cross-References:

* CVE-2026-41066

CVSS scores:

* CVE-2026-41066 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-41066 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-41066 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.4
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for python-lxml fixes the following issue

* CVE-2026-41066: information disclosure via untrusted XML input leading to
local file read (bsc#1263254).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-2729=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2729=1

## Package List:

* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* python311-lxml-devel-4.9.3-150400.8.11.1
* python-lxml-debugsource-4.9.3-150400.8.11.1
* python311-lxml-4.9.3-150400.8.11.1
* python311-lxml-debuginfo-4.9.3-150400.8.11.1
* Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* python-lxml-debugsource-4.9.3-150400.8.11.1
* python311-lxml-4.9.3-150400.8.11.1
* python311-lxml-debuginfo-4.9.3-150400.8.11.1

## References:

* https://www.suse.com/security/cve/CVE-2026-41066.html
* https://bugzilla.suse.com/show_bug.cgi?id=1263254



SUSE-SU-2026:2731-1: moderate: Security update for editorconfig-core-c


# Security update for editorconfig-core-c

Announcement ID: SUSE-SU-2026:2731-1
Release Date: 2026-07-02T17:36:35Z
Rating: moderate
References:

* bsc#1262131

Cross-References:

* CVE-2026-40489

CVSS scores:

* CVE-2026-40489 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40489 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40489 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for editorconfig-core-c fixes the following issue:

* CVE-2026-40489: improper use of `strcpy` can lead to a stack buffer overflow
(bsc#1262131).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2731=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2731=1

## Package List:

* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* libeditorconfig-devel-0.12.6-150600.3.6.1
* editorconfig-core-c-debugsource-0.12.6-150600.3.6.1
* editorconfig-debuginfo-0.12.6-150600.3.6.1
* editorconfig-0.12.6-150600.3.6.1
* libeditorconfig0-debuginfo-0.12.6-150600.3.6.1
* libeditorconfig0-0.12.6-150600.3.6.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libeditorconfig-devel-64bit-0.12.6-150600.3.6.1
* libeditorconfig0-64bit-debuginfo-0.12.6-150600.3.6.1
* libeditorconfig0-64bit-0.12.6-150600.3.6.1
* openSUSE Leap 15.6 (x86_64)
* libeditorconfig-devel-32bit-0.12.6-150600.3.6.1
* libeditorconfig0-32bit-debuginfo-0.12.6-150600.3.6.1
* libeditorconfig0-32bit-0.12.6-150600.3.6.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libeditorconfig0-debuginfo-0.12.6-150600.3.6.1
* editorconfig-core-c-debugsource-0.12.6-150600.3.6.1
* libeditorconfig0-0.12.6-150600.3.6.1

## References:

* https://www.suse.com/security/cve/CVE-2026-40489.html
* https://bugzilla.suse.com/show_bug.cgi?id=1262131



SUSE-SU-2026:2733-1: important: Security update for buildah


# Security update for buildah

Announcement ID: SUSE-SU-2026:2733-1
Release Date: 2026-07-02T18:05:10Z
Rating: important
References:

* bsc#1262953
* bsc#1266191
* bsc#1266648
* bsc#1267179

Cross-References:

* CVE-2025-22869
* CVE-2025-27144
* CVE-2025-47913
* CVE-2025-47914
* CVE-2025-52881
* CVE-2026-25680
* CVE-2026-25681
* CVE-2026-27136
* CVE-2026-34986
* CVE-2026-39821
* CVE-2026-39827
* CVE-2026-39828
* CVE-2026-39829
* CVE-2026-39830
* CVE-2026-39831
* CVE-2026-39832
* CVE-2026-39833
* CVE-2026-39834
* CVE-2026-39835
* CVE-2026-42502
* CVE-2026-42506
* CVE-2026-42508
* CVE-2026-46595
* CVE-2026-46597
* CVE-2026-46598

CVSS scores:

* CVE-2025-22869 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22869 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-27144 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-27144 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-27144 ( NVD ): 6.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-47913 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-47914 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-47914 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-52881 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-52881 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52881 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-52881 ( NVD ): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-25680 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-25680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25680 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-25681 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-25681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-25681 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-27136 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-27136 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-27136 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-34986 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39821 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39821 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39827 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39828 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39828 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-39828 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-39829 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39829 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39829 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39830 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39830 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-39830 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39831 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39831 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39832 ( SUSE ): 6.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
* CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39832 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39832 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
* CVE-2026-39833 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39833 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39834 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39834 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-39835 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39835 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-39835 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42502 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-42502 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42502 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42506 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-42506 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42506 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42508 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42508 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42508 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46595 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46595 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
* CVE-2026-46595 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
* CVE-2026-46597 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46597 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46598 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46598 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* Containers Module 15-SP7
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves 25 vulnerabilities can now be installed.

## Description:

This update for buildah fixes the following issues

* CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506:
golang.org/x/net/html: multiple issues when parsing HTML files
(bsc#1267179).
* CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3:
crafted JWE input with a missing encrypted key can lead to a denial of
service (bsc#1262953).
* CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only
Punycode-encoded labels allows for validation bypass and privilege
escalation (bsc#1266648).
* CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS
in golang.org/x/crypto/ssh (bsc#1266191).
* CVE-2026-39828: Invoking bypass of certificate restrictions in
golang.org/x/crypto/ssh (bsc#1266191).
* CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in
golang.org/x/crypto/ssh (bsc#1266191).
* CVE-2026-39830: Invoking client can cause server deadlock on unexpected
responses in golang.org/x/crypto/ssh (bsc#1266191).
* CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical
interaction in golang.org/x/crypto/ssh (bsc#1266191).
* CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in
golang.org/x/crypto/ssh/agent (bsc#1266191).
* CVE-2026-39833: Invoking key constraints not enforced in
golang.org/x/crypto/ssh/agent (bsc#1266191).
* CVE-2026-39834: Invoking infinite loop on large channel writes in
golang.org/x/crypto/ssh (bsc#1266191).
* CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in
golang.org/x/crypto/ssh (bsc#1266191).
* CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in
golang.org/x/crypto/ssh/knownhosts (bsc#1266191).
* CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip
enforcement in golang.org/x/crypto/ssh (bsc#1266191).
* CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in
golang.org/x/crypto/ssh (bsc#1266191).
* CVE-2026-46598: Invoking pathological inputs can lead to client panic in
golang.org/x/crypto/ssh/agent (bsc#1266191).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2733=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2733=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2733=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2733=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2733=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2733=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2733=1

* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-2733=1

## Package List:

* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.62.1
* openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.62.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.62.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* buildah-1.35.5-150500.3.62.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* buildah-1.35.5-150500.3.62.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* buildah-1.35.5-150500.3.62.1
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150500.3.62.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* buildah-1.35.5-150500.3.62.1

## References:

* https://www.suse.com/security/cve/CVE-2025-22869.html
* https://www.suse.com/security/cve/CVE-2025-27144.html
* https://www.suse.com/security/cve/CVE-2025-47913.html
* https://www.suse.com/security/cve/CVE-2025-47914.html
* https://www.suse.com/security/cve/CVE-2025-52881.html
* https://www.suse.com/security/cve/CVE-2026-25680.html
* https://www.suse.com/security/cve/CVE-2026-25681.html
* https://www.suse.com/security/cve/CVE-2026-27136.html
* https://www.suse.com/security/cve/CVE-2026-34986.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39828.html
* https://www.suse.com/security/cve/CVE-2026-39829.html
* https://www.suse.com/security/cve/CVE-2026-39830.html
* https://www.suse.com/security/cve/CVE-2026-39831.html
* https://www.suse.com/security/cve/CVE-2026-39832.html
* https://www.suse.com/security/cve/CVE-2026-39833.html
* https://www.suse.com/security/cve/CVE-2026-39834.html
* https://www.suse.com/security/cve/CVE-2026-39835.html
* https://www.suse.com/security/cve/CVE-2026-42502.html
* https://www.suse.com/security/cve/CVE-2026-42506.html
* https://www.suse.com/security/cve/CVE-2026-42508.html
* https://www.suse.com/security/cve/CVE-2026-46595.html
* https://www.suse.com/security/cve/CVE-2026-46597.html
* https://www.suse.com/security/cve/CVE-2026-46598.html
* https://bugzilla.suse.com/show_bug.cgi?id=1262953
* https://bugzilla.suse.com/show_bug.cgi?id=1266191
* https://bugzilla.suse.com/show_bug.cgi?id=1266648
* https://bugzilla.suse.com/show_bug.cgi?id=1267179



openSUSE-SU-2026:0228-1: moderate: Security update for nilfs-utils


openSUSE Security Update: Security update for nilfs-utils
_______________________________

Announcement ID: openSUSE-SU-2026:0228-1
Rating: moderate
References: #1268553
Cross-References: CVE-2026-55392
CVSS scores:
CVE-2026-55392 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for nilfs-utils fixes the following issues:

- CVE-2026-55392: Fixed undefined behavior in nilfs_sb_is_valid()
(bsc#1268553)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-228=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

libnilfs0-2.2.9-bp157.2.3.1
libnilfscleaner0-2.2.9-bp157.2.3.1
libnilfsgc0-2.2.9-bp157.2.3.1
nilfs-utils-2.2.9-bp157.2.3.1
nilfs-utils-devel-2.2.9-bp157.2.3.1

References:

https://www.suse.com/security/cve/CVE-2026-55392.html
https://bugzilla.suse.com/1268553



SUSE-SU-2026:2735-1: important: Security update for apache2


# Security update for apache2

Announcement ID: SUSE-SU-2026:2735-1
Release Date: 2026-07-02T22:36:37Z
Rating: important
References:

* bsc#1267503
* bsc#1267955
* bsc#1267956
* bsc#1267962
* bsc#1267963
* bsc#1267965
* bsc#1267969
* bsc#1267970
* bsc#1267971
* bsc#1267972
* bsc#1267976
* bsc#1267977
* bsc#1267978

Cross-References:

* CVE-2026-29167
* CVE-2026-29170
* CVE-2026-34355
* CVE-2026-34356
* CVE-2026-42535
* CVE-2026-42536
* CVE-2026-43951
* CVE-2026-44119
* CVE-2026-44185
* CVE-2026-44186
* CVE-2026-44631
* CVE-2026-48913
* CVE-2026-49975

CVSS scores:

* CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-29167 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-29170 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34355 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34356 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42535 ( SUSE ): 7.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-42535 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-42536 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43951 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-43951 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-44119 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-44119 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-44185 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-44185 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-44186 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-44186 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-44631 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-44631 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-48913 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-48913 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-49975 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
* CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-49975 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves 13 vulnerabilities can now be installed.

## Description:

This update for apache2 fixes the following issues

* CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976).
* CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977).
* CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978).
* CVE-2026-34356: malicious backend servers can lead to a heap-based buffer
overflow (bsc#1267955).
* CVE-2026-42535: malicious path manipulation can lead to child process
crashes (bsc#1267956).
* CVE-2026-42536: processing untrusted content can lead to a heap-based buffer
overflow (bsc#1267962).
* CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause
crash (bsc#1267963).
* CVE-2026-44119: improper privilege management can lead to an unauthorized
read (bsc#1267965).
* CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request`
(bsc#1267969).
* CVE-2026-44186: responses from an attacker-controlled FTP backend can lead
to resource exhaustion and a denial of service (bsc#1267970).
* CVE-2026-44631: crafted regular expression can lead to a buffer underwrite
(bsc#1267971).
* CVE-2026-48913: file handle exhaustion during request processing in
mod_http2 can lead to a use-after-free (bsc#1267972).
* CVE-2026-49975: Fix cookie header accounting against LimitRequestFields
(bsc#1267503).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2735=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2735=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2735=1

## Package List:

* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* apache2-worker-2.4.66-150600.5.55.1
* apache2-event-debugsource-2.4.66-150600.5.55.1
* apache2-utils-debugsource-2.4.66-150600.5.55.1
* apache2-event-debuginfo-2.4.66-150600.5.55.1
* apache2-debuginfo-2.4.66-150600.5.55.1
* apache2-devel-2.4.66-150600.5.55.1
* apache2-utils-2.4.66-150600.5.55.1
* apache2-worker-debugsource-2.4.66-150600.5.55.1
* apache2-prefork-2.4.66-150600.5.55.1
* apache2-event-2.4.66-150600.5.55.1
* apache2-prefork-debugsource-2.4.66-150600.5.55.1
* apache2-debugsource-2.4.66-150600.5.55.1
* apache2-worker-debuginfo-2.4.66-150600.5.55.1
* apache2-2.4.66-150600.5.55.1
* apache2-prefork-debuginfo-2.4.66-150600.5.55.1
* apache2-utils-debuginfo-2.4.66-150600.5.55.1
* openSUSE Leap 15.6 (noarch)
* apache2-manual-2.4.66-150600.5.55.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* apache2-manual-2.4.66-150600.5.55.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* apache2-worker-2.4.66-150600.5.55.1
* apache2-utils-debugsource-2.4.66-150600.5.55.1
* apache2-debuginfo-2.4.66-150600.5.55.1
* apache2-devel-2.4.66-150600.5.55.1
* apache2-utils-2.4.66-150600.5.55.1
* apache2-worker-debugsource-2.4.66-150600.5.55.1
* apache2-prefork-2.4.66-150600.5.55.1
* apache2-worker-debuginfo-2.4.66-150600.5.55.1
* apache2-debugsource-2.4.66-150600.5.55.1
* apache2-prefork-debugsource-2.4.66-150600.5.55.1
* apache2-2.4.66-150600.5.55.1
* apache2-prefork-debuginfo-2.4.66-150600.5.55.1
* apache2-utils-debuginfo-2.4.66-150600.5.55.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* apache2-worker-2.4.66-150600.5.55.1
* apache2-utils-debugsource-2.4.66-150600.5.55.1
* apache2-debuginfo-2.4.66-150600.5.55.1
* apache2-devel-2.4.66-150600.5.55.1
* apache2-utils-2.4.66-150600.5.55.1
* apache2-worker-debugsource-2.4.66-150600.5.55.1
* apache2-prefork-2.4.66-150600.5.55.1
* apache2-prefork-debugsource-2.4.66-150600.5.55.1
* apache2-debugsource-2.4.66-150600.5.55.1
* apache2-worker-debuginfo-2.4.66-150600.5.55.1
* apache2-2.4.66-150600.5.55.1
* apache2-prefork-debuginfo-2.4.66-150600.5.55.1
* apache2-utils-debuginfo-2.4.66-150600.5.55.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* apache2-manual-2.4.66-150600.5.55.1

## References:

* https://www.suse.com/security/cve/CVE-2026-29167.html
* https://www.suse.com/security/cve/CVE-2026-29170.html
* https://www.suse.com/security/cve/CVE-2026-34355.html
* https://www.suse.com/security/cve/CVE-2026-34356.html
* https://www.suse.com/security/cve/CVE-2026-42535.html
* https://www.suse.com/security/cve/CVE-2026-42536.html
* https://www.suse.com/security/cve/CVE-2026-43951.html
* https://www.suse.com/security/cve/CVE-2026-44119.html
* https://www.suse.com/security/cve/CVE-2026-44185.html
* https://www.suse.com/security/cve/CVE-2026-44186.html
* https://www.suse.com/security/cve/CVE-2026-44631.html
* https://www.suse.com/security/cve/CVE-2026-48913.html
* https://www.suse.com/security/cve/CVE-2026-49975.html
* https://bugzilla.suse.com/show_bug.cgi?id=1267503
* https://bugzilla.suse.com/show_bug.cgi?id=1267955
* https://bugzilla.suse.com/show_bug.cgi?id=1267956
* https://bugzilla.suse.com/show_bug.cgi?id=1267962
* https://bugzilla.suse.com/show_bug.cgi?id=1267963
* https://bugzilla.suse.com/show_bug.cgi?id=1267965
* https://bugzilla.suse.com/show_bug.cgi?id=1267969
* https://bugzilla.suse.com/show_bug.cgi?id=1267970
* https://bugzilla.suse.com/show_bug.cgi?id=1267971
* https://bugzilla.suse.com/show_bug.cgi?id=1267972
* https://bugzilla.suse.com/show_bug.cgi?id=1267976
* https://bugzilla.suse.com/show_bug.cgi?id=1267977
* https://bugzilla.suse.com/show_bug.cgi?id=1267978



openSUSE-SU-2026:11180-1: moderate: python311-mistune-3.3.2-1.1 on GA media


# python311-mistune-3.3.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11180-1
Rating: moderate

Cross-References:

* CVE-2026-49851

CVSS scores:

* CVE-2026-49851 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-mistune-3.3.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-mistune 3.3.2-1.1
* python313-mistune 3.3.2-1.1
* python314-mistune 3.3.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-49851.html



openSUSE-SU-2026:11176-1: moderate: kitty-0.47.4-2.1 on GA media


# kitty-0.47.4-2.1 on GA media

Announcement ID: openSUSE-SU-2026:11176-1
Rating: moderate

Cross-References:

* CVE-2026-46604

CVSS scores:

* CVE-2026-46604 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the kitty-0.47.4-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* kitty 0.47.4-2.1
* kitty-shell-integration 0.47.4-2.1
* kitty-terminfo 0.47.4-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-46604.html



openSUSE-SU-2026:11179-1: moderate: perl-List-SomeUtils-XS-0.590.0-1.1 on GA media


# perl-List-SomeUtils-XS-0.590.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11179-1
Rating: moderate

Cross-References:

* CVE-2026-12844

CVSS scores:

* CVE-2026-12844 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-12844 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the perl-List-SomeUtils-XS-0.590.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* perl-List-SomeUtils-XS 0.590.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-12844.html



openSUSE-SU-2026:11175-1: moderate: kernel-devel-7.1.2-1.1 on GA media


# kernel-devel-7.1.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11175-1
Rating: moderate

Cross-References:

* CVE-2026-45866
* CVE-2026-52946
* CVE-2026-53325
* CVE-2026-53354

CVSS scores:

* CVE-2026-45866 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45866 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52946 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-53325 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-53325 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-53354 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53354 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the kernel-devel-7.1.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* kernel-devel 7.1.2-1.1
* kernel-macros 7.1.2-1.1
* kernel-source 7.1.2-1.1
* kernel-source-vanilla 7.1.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-45866.html
* https://www.suse.com/security/cve/CVE-2026-52946.html
* https://www.suse.com/security/cve/CVE-2026-53325.html
* https://www.suse.com/security/cve/CVE-2026-53354.html



openSUSE-SU-2026:11178-1: moderate: openQA-5.1782995932.ffeb09be-1.1 on GA media


# openQA-5.1782995932.ffeb09be-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11178-1
Rating: moderate

Cross-References:

* CVE-2026-26996
* CVE-2026-27904
* CVE-2026-6321

CVSS scores:

* CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27904 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-27904 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-6321 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-6321 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the openQA-5.1782995932.ffeb09be-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* openQA 5.1782995932.ffeb09be-1.1
* openQA-auto-update 5.1782995932.ffeb09be-1.1
* openQA-bootstrap 5.1782995932.ffeb09be-1.1
* openQA-client 5.1782995932.ffeb09be-1.1
* openQA-client-bash-completion 5.1782995932.ffeb09be-1.1
* openQA-client-zsh-completion 5.1782995932.ffeb09be-1.1
* openQA-common 5.1782995932.ffeb09be-1.1
* openQA-continuous-update 5.1782995932.ffeb09be-1.1
* openQA-devel 5.1782995932.ffeb09be-1.1
* openQA-doc 5.1782995932.ffeb09be-1.1
* openQA-llm-server 5.1782995932.ffeb09be-1.1
* openQA-local-db 5.1782995932.ffeb09be-1.1
* openQA-mcp 5.1782995932.ffeb09be-1.1
* openQA-munin 5.1782995932.ffeb09be-1.1
* openQA-python-scripts 5.1782995932.ffeb09be-1.1
* openQA-single-instance 5.1782995932.ffeb09be-1.1
* openQA-single-instance-nginx 5.1782995932.ffeb09be-1.1
* openQA-worker 5.1782995932.ffeb09be-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-26996.html
* https://www.suse.com/security/cve/CVE-2026-27904.html
* https://www.suse.com/security/cve/CVE-2026-6321.html



openSUSE-SU-2026:11177-1: moderate: krb5-1.22.2-4.1 on GA media


# krb5-1.22.2-4.1 on GA media

Announcement ID: openSUSE-SU-2026:11177-1
Rating: moderate

Cross-References:

* CVE-2026-11850

CVSS scores:

* CVE-2026-11850 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the krb5-1.22.2-4.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* krb5 1.22.2-4.1
* krb5-32bit 1.22.2-4.1
* krb5-client 1.22.2-4.1
* krb5-devel 1.22.2-4.1
* krb5-devel-32bit 1.22.2-4.1
* krb5-plugin-kdb-ldap 1.22.2-4.1
* krb5-plugin-preauth-otp 1.22.2-4.1
* krb5-plugin-preauth-pkinit 1.22.2-4.1
* krb5-plugin-preauth-spake 1.22.2-4.1
* krb5-server 1.22.2-4.1

## References:

* https://www.suse.com/security/cve/CVE-2026-11850.html



SUSE-SU-2026:2743-1: important: Security update for gstreamer-plugins-bad


# Security update for gstreamer-plugins-bad

Announcement ID: SUSE-SU-2026:2743-1
Release Date: 2026-07-03T11:23:55Z
Rating: important
References:

* bsc#1268401

Cross-References:

* CVE-2026-52719

CVSS scores:

* CVE-2026-52719 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-52719 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-52719 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for gstreamer-plugins-bad fixes the following issue

* CVE-2026-52719: gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read
via JPEG segment length validation in VA decoder (bsc#1268401).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2743=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2743=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2743=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2743=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2743=1

## Package List:

* openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64)
* gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-1.22.0-150500.3.31.1
* libgstva-1_0-0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstCuda-1_0-1.22.0-150500.3.31.1
* typelib-1_0-CudaGst-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstVa-1_0-1.22.0-150500.3.31.1
* gstreamer-transcoder-devel-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-transcoder-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-1.22.0-150500.3.31.1
* libgstplay-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debugsource-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstVulkan-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstVulkanXCB-1_0-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-1.22.0-150500.3.31.1
* libgstva-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstTranscoder-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstplay-1_0-0-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-1.22.0-150500.3.31.1
* gstreamer-transcoder-debuginfo-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstPlay-1_0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-devel-1.22.0-150500.3.31.1
* typelib-1_0-GstVulkanWayland-1_0-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.31.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libgstbadaudio-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-64bit-debuginfo-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-64bit-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-64bit-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstva-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstplay-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-64bit-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-chromaprint-64bit-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstva-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstplay-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-64bit-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-64bit-debuginfo-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-64bit-1.22.0-150500.3.31.1
* openSUSE Leap 15.5 (x86_64)
* libgstwayland-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstva-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstva-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstplay-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-32bit-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstplay-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-32bit-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-32bit-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-32bit-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-chromaprint-32bit-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-32bit-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-32bit-debuginfo-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-32bit-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-32bit-1.22.0-150500.3.31.1
* openSUSE Leap 15.5 (noarch)
* gstreamer-plugins-bad-lang-1.22.0-150500.3.31.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-1.22.0-150500.3.31.1
* libgstva-1_0-0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.31.1
* typelib-1_0-CudaGst-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstCuda-1_0-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstVa-1_0-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-1.22.0-150500.3.31.1
* libgstplay-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debugsource-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-1.22.0-150500.3.31.1
* libgstva-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstplay-1_0-0-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstPlay-1_0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-devel-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.31.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* gstreamer-plugins-bad-lang-1.22.0-150500.3.31.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.31.1
* libgstva-1_0-0-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.31.1
* typelib-1_0-CudaGst-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstCuda-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstVa-1_0-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-1.22.0-150500.3.31.1
* libgstplay-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debugsource-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-1.22.0-150500.3.31.1
* libgstva-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-1.22.0-150500.3.31.1
* libgstplay-1_0-0-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstPlay-1_0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-devel-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.31.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* gstreamer-plugins-bad-lang-1.22.0-150500.3.31.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-1.22.0-150500.3.31.1
* libgstva-1_0-0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstCuda-1_0-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-CudaGst-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstVa-1_0-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.31.1
* libgstplay-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debugsource-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-1.22.0-150500.3.31.1
* libgstva-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-1.22.0-150500.3.31.1
* libgstplay-1_0-0-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstPlay-1_0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-devel-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.31.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* gstreamer-plugins-bad-lang-1.22.0-150500.3.31.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstPlayer-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstMpegts-1_0-1.22.0-150500.3.31.1
* libgstva-1_0-0-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-chromaprint-1.22.0-150500.3.31.1
* typelib-1_0-CudaGst-1_0-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstCuda-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstInsertBin-1_0-1.22.0-150500.3.31.1
* typelib-1_0-GstVa-1_0-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstCodecs-1_0-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-1.22.0-150500.3.31.1
* libgstplay-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstwayland-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debugsource-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-1.22.0-150500.3.31.1
* libgsttranscoder-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstisoff-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-1.22.0-150500.3.31.1
* libgstcodecparsers-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstbasecamerabinsrc-1_0-0-1.22.0-150500.3.31.1
* libgstwebrtcnice-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstBadAudio-1_0-1.22.0-150500.3.31.1
* libgstwebrtc-1_0-0-1.22.0-150500.3.31.1
* libgstva-1_0-0-debuginfo-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-debuginfo-1.22.0-150500.3.31.1
* libgstphotography-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstinsertbin-1_0-0-debuginfo-1.22.0-150500.3.31.1
* typelib-1_0-GstWebRTC-1_0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcodecs-1_0-0-1.22.0-150500.3.31.1
* libgstbadaudio-1_0-0-1.22.0-150500.3.31.1
* libgstadaptivedemux-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstcuda-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstmpegts-1_0-0-1.22.0-150500.3.31.1
* libgstplay-1_0-0-1.22.0-150500.3.31.1
* libgsturidownloader-1_0-0-1.22.0-150500.3.31.1
* libgstplayer-1_0-0-debuginfo-1.22.0-150500.3.31.1
* libgstvulkan-1_0-0-1.22.0-150500.3.31.1
* typelib-1_0-GstPlay-1_0-1.22.0-150500.3.31.1
* gstreamer-plugins-bad-devel-1.22.0-150500.3.31.1
* libgstsctp-1_0-0-debuginfo-1.22.0-150500.3.31.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* gstreamer-plugins-bad-lang-1.22.0-150500.3.31.1

## References:

* https://www.suse.com/security/cve/CVE-2026-52719.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268401



SUSE-SU-2026:2744-1: important: Security update for gstreamer-plugins-bad


# Security update for gstreamer-plugins-bad

Announcement ID: SUSE-SU-2026:2744-1
Release Date: 2026-07-03T11:25:07Z
Rating: important
References:

* bsc#1268401

Cross-References:

* CVE-2026-52719

CVSS scores:

* CVE-2026-52719 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-52719 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-52719 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Affected Products:

* Basesystem Module 15-SP7
* Desktop Applications Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for gstreamer-plugins-bad fixes the following issue

* CVE-2026-52719: gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read
via JPEG segment length validation in VA decoder (bsc#1268401).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2744=1

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-2744=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2744=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2744=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2744=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2744=1

## Package List:

* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* libgsturidownloader-1_0-0-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstplay-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstPlay-1_0-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstVulkan-1_0-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstTranscoder-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstCuda-1_0-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-chromaprint-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstAnalytics-1_0-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-1.24.0-150600.4.6.1
* libgstva-1_0-0-1.24.0-150600.4.6.1
* libgstplay-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-chromaprint-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgsturidownloader-1_0-0-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-1.24.0-150600.4.6.1
* typelib-1_0-GstInsertBin-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstPlayer-1_0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-1.24.0-150600.4.6.1
* gstreamer-transcoder-devel-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-devel-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstMse-1_0-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstVulkanXCB-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstVulkanWayland-1_0-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstBadAudio-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstMpegts-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstDxva-1_0-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-1.24.0-150600.4.6.1
* gstreamer-transcoder-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstWebRTC-1_0-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-debuginfo-1.24.0-150600.4.6.1
* gstreamer-transcoder-debuginfo-1.24.0-150600.4.6.1
* libgstva-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-CudaGst-1_0-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstVa-1_0-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstCodecs-1_0-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-1.24.0-150600.4.6.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libgstplay-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-64bit-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-64bit-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-chromaprint-64bit-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstva-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgsturidownloader-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-64bit-1.24.0-150600.4.6.1
* libgsturidownloader-1_0-0-64bit-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-64bit-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstva-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstplay-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-64bit-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-64bit-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-64bit-debuginfo-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-64bit-1.24.0-150600.4.6.1
* openSUSE Leap 15.6 (x86_64)
* libgstdxva-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-32bit-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstva-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-32bit-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstplay-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstmse-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgsturidownloader-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstplay-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-32bit-1.24.0-150600.4.6.1
* libgsturidownloader-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstva-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstmse-1_0-0-32bit-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-chromaprint-32bit-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-32bit-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-32bit-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-32bit-debuginfo-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-32bit-debuginfo-1.24.0-150600.4.6.1
* openSUSE Leap 15.6 (noarch)
* gstreamer-plugins-bad-lang-1.24.0-150600.4.6.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libgsturidownloader-1_0-0-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-1.24.0-150600.4.6.1
* libgstplay-1_0-0-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstPlay-1_0-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstCuda-1_0-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstAnalytics-1_0-1.24.0-150600.4.6.1
* libgstva-1_0-0-1.24.0-150600.4.6.1
* libgstplay-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgsturidownloader-1_0-0-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-1.24.0-150600.4.6.1
* typelib-1_0-GstInsertBin-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstPlayer-1_0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-devel-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstMse-1_0-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstBadAudio-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstMpegts-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstDxva-1_0-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstWebRTC-1_0-1.24.0-150600.4.6.1
* typelib-1_0-CudaGst-1_0-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstva-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstVa-1_0-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstCodecs-1_0-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-1.24.0-150600.4.6.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* gstreamer-plugins-bad-lang-1.24.0-150600.4.6.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libgsturidownloader-1_0-0-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstPlay-1_0-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstCuda-1_0-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstAnalytics-1_0-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-1.24.0-150600.4.6.1
* libgstva-1_0-0-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgsturidownloader-1_0-0-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-1.24.0-150600.4.6.1
* typelib-1_0-GstInsertBin-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstPlayer-1_0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-devel-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstMse-1_0-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstBadAudio-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstMpegts-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstDxva-1_0-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstWebRTC-1_0-1.24.0-150600.4.6.1
* typelib-1_0-CudaGst-1_0-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstva-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstVa-1_0-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstCodecs-1_0-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-1.24.0-150600.4.6.1
* Desktop Applications Module 15-SP7 (noarch)
* gstreamer-plugins-bad-lang-1.24.0-150600.4.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libgsturidownloader-1_0-0-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-1.24.0-150600.4.6.1
* libgstplay-1_0-0-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstPlay-1_0-1.24.0-150600.4.6.1
* libgstadaptivedemux-1_0-0-1.24.0-150600.4.6.1
* libgstcodecparsers-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstCuda-1_0-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstAnalytics-1_0-1.24.0-150600.4.6.1
* libgstva-1_0-0-1.24.0-150600.4.6.1
* libgstplay-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgsturidownloader-1_0-0-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-1.24.0-150600.4.6.1
* typelib-1_0-GstInsertBin-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstPlayer-1_0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debuginfo-1.24.0-150600.4.6.1
* libgstmse-1_0-0-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-devel-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstMse-1_0-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-1.24.0-150600.4.6.1
* libgstanalytics-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstBadAudio-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstMpegts-1_0-1.24.0-150600.4.6.1
* typelib-1_0-GstDxva-1_0-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.6.1
* libgstdxva-1_0-0-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstWebRTC-1_0-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstbadaudio-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-CudaGst-1_0-1.24.0-150600.4.6.1
* libgstva-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcuda-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-1.24.0-150600.4.6.1
* libgstvulkan-1_0-0-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-1.24.0-150600.4.6.1
* libgstsctp-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-1.24.0-150600.4.6.1
* libgstinsertbin-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstwebrtc-1_0-0-1.24.0-150600.4.6.1
* libgstwayland-1_0-0-debuginfo-1.24.0-150600.4.6.1
* typelib-1_0-GstVa-1_0-1.24.0-150600.4.6.1
* libgstwebrtcnice-1_0-0-1.24.0-150600.4.6.1
* typelib-1_0-GstCodecs-1_0-1.24.0-150600.4.6.1
* libgstmpegts-1_0-0-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstisoff-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstbasecamerabinsrc-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstcodecs-1_0-0-1.24.0-150600.4.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* gstreamer-plugins-bad-lang-1.24.0-150600.4.6.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* libgsttranscoder-1_0-0-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-1.24.0-150600.4.6.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libgstplayer-1_0-0-1.24.0-150600.4.6.1
* libgstplayer-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-1.24.0-150600.4.6.1
* libgstplay-1_0-0-1.24.0-150600.4.6.1
* libgsttranscoder-1_0-0-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debuginfo-1.24.0-150600.4.6.1
* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-debuginfo-1.24.0-150600.4.6.1
* libgstphotography-1_0-0-1.24.0-150600.4.6.1
* libgstplay-1_0-0-debuginfo-1.24.0-150600.4.6.1

## References:

* https://www.suse.com/security/cve/CVE-2026-52719.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268401



SUSE-SU-2026:2745-1: moderate: Security update for firewalld-legacy


# Security update for firewalld-legacy

Announcement ID: SUSE-SU-2026:2745-1
Release Date: 2026-07-03T11:34:34Z
Rating: moderate
References:

* bsc#1260903

Cross-References:

* CVE-2026-4948

CVSS scores:

* CVE-2026-4948 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-4948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-4948 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected Products:

* Basesystem Module 15-SP7
* Desktop Applications Module 15-SP7
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for firewalld-legacy fixes the following issue

* CVE-2026-4948: local unprivileged users can modify firewall state due to
D-Bus setter mis-authorizations (bsc#1260903).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2745=1

* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-2745=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2745=1

* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-2745=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2745=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* firewall-applet-1.3.4-150600.13.6.1
* firewalld-1.3.4-150600.13.6.1
* firewalld-lang-1.3.4-150600.13.6.1
* firewall-macros-1.3.4-150600.13.6.1
* python311-firewall-1.3.4-150600.13.6.1
* firewall-config-1.3.4-150600.13.6.1
* firewalld-test-1.3.4-150600.13.6.1
* python3-firewall-1.3.4-150600.13.6.1
* firewalld-zsh-completion-1.3.4-150600.13.6.1
* firewalld-bash-completion-1.3.4-150600.13.6.1
* Basesystem Module 15-SP7 (noarch)
* firewalld-1.3.4-150600.13.6.1
* firewalld-lang-1.3.4-150600.13.6.1
* python3-firewall-1.3.4-150600.13.6.1
* firewalld-zsh-completion-1.3.4-150600.13.6.1
* firewalld-bash-completion-1.3.4-150600.13.6.1
* Desktop Applications Module 15-SP7 (noarch)
* firewall-applet-1.3.4-150600.13.6.1
* firewall-config-1.3.4-150600.13.6.1
* Python 3 Module 15-SP7 (noarch)
* python311-firewall-1.3.4-150600.13.6.1
* Development Tools Module 15-SP7 (noarch)
* firewall-macros-1.3.4-150600.13.6.1

## References:

* https://www.suse.com/security/cve/CVE-2026-4948.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260903



SUSE-SU-2026:2742-1: important: Security update for pacemaker


# Security update for pacemaker

Announcement ID: SUSE-SU-2026:2742-1
Release Date: 2026-07-03T09:20:51Z
Rating: important
References:

* bsc#1268381

Cross-References:

* CVE-2026-10649

CVSS scores:

* CVE-2026-10649 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-10649 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-10649 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for pacemaker fixes the following issue

* CVE-2026-10649: denial of service via integer overflow in remote message
decompression (bsc#1268381).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-2742=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2742=1

## Package List:

* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* pacemaker-remote-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-2.1.2+20211124.ada5c3b36-150400.4.39.1
* libpacemaker3-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* libpacemaker3-2.1.2+20211124.ada5c3b36-150400.4.39.1
* libpacemaker-devel-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-remote-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-debugsource-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-cli-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-cli-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* openSUSE Leap 15.4 (noarch)
* pacemaker-cts-2.1.2+20211124.ada5c3b36-150400.4.39.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* pacemaker-remote-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-2.1.2+20211124.ada5c3b36-150400.4.39.1
* libpacemaker3-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-debugsource-2.1.2+20211124.ada5c3b36-150400.4.39.1
* libpacemaker3-2.1.2+20211124.ada5c3b36-150400.4.39.1
* libpacemaker-devel-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-remote-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-cli-debuginfo-2.1.2+20211124.ada5c3b36-150400.4.39.1
* pacemaker-cli-2.1.2+20211124.ada5c3b36-150400.4.39.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (noarch)
* pacemaker-cts-2.1.2+20211124.ada5c3b36-150400.4.39.1

## References:

* https://www.suse.com/security/cve/CVE-2026-10649.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268381



SUSE-SU-2026:2751-1: moderate: Security update for tracker-miners


# Security update for tracker-miners

Announcement ID: SUSE-SU-2026:2751-1
Release Date: 2026-07-03T13:58:39Z
Rating: moderate
References:

* bsc#1257606
* bsc#1257607
* bsc#1257608
* bsc#1257609

Cross-References:

* CVE-2026-1764
* CVE-2026-1765
* CVE-2026-1766
* CVE-2026-1767

CVSS scores:

* CVE-2026-1764 ( SUSE ): 5.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-1764 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1764 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1765 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1765 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1766 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1766 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1766 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1767 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1767 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1767 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* openSUSE Leap 15.4

An update that solves four vulnerabilities can now be installed.

## Description:

This update for tracker-miners fixes the following issues:

* CVE-2026-1764: heap buffer overflow leads to denial of service or
information disclosure when parsing MP3 files (bsc#1257606).
* CVE-2026-1765: denial of service and potential information disclosure via
crafted MP3 files (bsc#1257607).
* CVE-2026-1766: denial of service and information disclosure via malformed
MP3 files (bsc#1257608).
* CVE-2026-1767: heap buffer overflow leading to denial of service or
information disclosure via malformed MP3 ID3 tags (bsc#1257609).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2751=1

## Package List:

* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* tracker-miner-files-3.2.2-150400.3.10.1
* tracker-miner-files-debuginfo-3.2.2-150400.3.10.1
* tracker-miners-debuginfo-3.2.2-150400.3.10.1
* tracker-miners-debugsource-3.2.2-150400.3.10.1
* tracker-miners-3.2.2-150400.3.10.1
* openSUSE Leap 15.4 (noarch)
* tracker-miners-lang-3.2.2-150400.3.10.1

## References:

* https://www.suse.com/security/cve/CVE-2026-1764.html
* https://www.suse.com/security/cve/CVE-2026-1765.html
* https://www.suse.com/security/cve/CVE-2026-1766.html
* https://www.suse.com/security/cve/CVE-2026-1767.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257606
* https://bugzilla.suse.com/show_bug.cgi?id=1257607
* https://bugzilla.suse.com/show_bug.cgi?id=1257608
* https://bugzilla.suse.com/show_bug.cgi?id=1257609



SUSE-SU-2026:2749-1: important: Security update for perl-DBI


# Security update for perl-DBI

Announcement ID: SUSE-SU-2026:2749-1
Release Date: 2026-07-03T13:04:50Z
Rating: important
References:

* bsc#1267849
* bsc#1267957

Cross-References:

* CVE-2026-10879
* CVE-2026-9698

CVSS scores:

* CVE-2026-10879 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-10879 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-10879 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-9698 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-9698 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-9698 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-9698 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for perl-DBI fixes the following issues

* CVE-2026-9698: DBI versions before 1.648 for Perl saved errors in a limited-
sized buffer (bsc#1267957).
* CVE-2026-10879: SQL statements with more than 9 binders can cause an heap
overflow (bsc#1267849).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2749=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2749=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2749=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2749=1

## Package List:

* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* perl-DBI-1.647.0-150600.12.11.1
* perl-DBI-debugsource-1.647.0-150600.12.11.1
* perl-DBI-debuginfo-1.647.0-150600.12.11.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* perl-DBI-1.647.0-150600.12.11.1
* perl-DBI-debugsource-1.647.0-150600.12.11.1
* perl-DBI-debuginfo-1.647.0-150600.12.11.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* perl-DBI-1.647.0-150600.12.11.1
* perl-DBI-debugsource-1.647.0-150600.12.11.1
* perl-DBI-debuginfo-1.647.0-150600.12.11.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* perl-DBI-1.647.0-150600.12.11.1
* perl-DBI-debugsource-1.647.0-150600.12.11.1
* perl-DBI-debuginfo-1.647.0-150600.12.11.1

## References:

* https://www.suse.com/security/cve/CVE-2026-10879.html
* https://www.suse.com/security/cve/CVE-2026-9698.html
* https://bugzilla.suse.com/show_bug.cgi?id=1267849
* https://bugzilla.suse.com/show_bug.cgi?id=1267957