Cacti, CoreDNS, OpenSSL, and more updates for SUSE Linux

SUSE 5546 Published by

Several security updates have been released for SUSE Linux, addressing various vulnerabilities and weaknesses. The updates include fixes for openCryptoki, cacti, cacti-spine, and coredns, among others. SUSE has also issued updates for assertj-core, glibc-livepatches, and openssl-1_1 to improve security. These patches are classified as moderate or important in severity, indicating a potential risk if left unpatched.

SUSE-SU-2026:0351-1: moderate: Security update for openCryptoki
openSUSE-SU-2026:0033-1: critical: Security update for cacti, cacti-spine
openSUSE-SU-2026:0032-1: important: Security update for coredns
SUSE-SU-2026:0344-1: moderate: Security update for assertj-core
SUSE-SU-2026:0347-1: important: Security update for glibc-livepatches
SUSE-SU-2026:0346-1: moderate: Security update for openssl-1_1




SUSE-SU-2026:0351-1: moderate: Security update for openCryptoki


# Security update for openCryptoki

Announcement ID: SUSE-SU-2026:0351-1
Release Date: 2026-01-30T14:04:38Z
Rating: moderate
References:

* bsc#1257116

Cross-References:

* CVE-2026-23893

CVSS scores:

* CVE-2026-23893 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
* CVE-2026-23893 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

Affected Products:

* openSUSE Leap 15.6

An update that solves one vulnerability can now be installed.

## Description:

This update for openCryptoki fixes the following issues:

* CVE-2026-23893: Fixed privilege escalation or data exposure via symlink
following (bsc#1257116)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-351=1 SUSE-2026-351=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* openCryptoki-3.23.0-150600.3.14.1
* openCryptoki-devel-debuginfo-3.23.0-150600.3.14.1
* openCryptoki-debuginfo-3.23.0-150600.3.14.1
* openCryptoki-debugsource-3.23.0-150600.3.14.1
* openCryptoki-devel-3.23.0-150600.3.14.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* openCryptoki-64bit-3.23.0-150600.3.14.1
* openCryptoki-64bit-debuginfo-3.23.0-150600.3.14.1
* openSUSE Leap 15.6 (i586)
* openCryptoki-32bit-debuginfo-3.23.0-150600.3.14.1
* openCryptoki-32bit-3.23.0-150600.3.14.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23893.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257116



openSUSE-SU-2026:0033-1: critical: Security update for cacti, cacti-spine


openSUSE Security Update: Security update for cacti, cacti-spine
_______________________________

Announcement ID: openSUSE-SU-2026:0033-1
Rating: critical
References: #1231027 #1231369 #1231370 #1231371 #1231372
#1236482 #1236486 #1236487 #1236488 #1236489
#1236490
Cross-References: CVE-2024-43362 CVE-2024-43363 CVE-2024-43364
CVE-2024-43365 CVE-2024-45598 CVE-2024-54145
CVE-2024-54146 CVE-2025-22604 CVE-2025-24367
CVE-2025-24368
Affected Products:
openSUSE Backports SLE-15-SP6
openSUSE Backports SLE-15-SP7
_______________________________

An update that solves 10 vulnerabilities and has one errata
is now available.

Description:

This update for cacti, cacti-spine fixes the following issues:

cacti 1.2.30:

- Unable to add new users
- When using Automation Rules, specifying graph criteria may cause issues
- When transferring a system from a backup if the poller has not run
recently rrdtool issues are found
- When translating, quotes may cause incorrect text to appear
- When using Boost for the first time, warnings may appear
- When refreshing forms, items may be checked incorrectly by xmacan

cacti 1.2.29:

- CVE-2025-22604 GHSA-c5j8-jxj3-hh36 - Authenticated RCE via multi-line
SNMP responses (bsc#1236488)
- CVE-2025-24368 GHSA-f9c7-7rc3-574c - SQL Injection vulnerability when
using tree rules through Automation API (bsc#1236490)
- CVE-2024-54145 GHSA-fh3x-69rr-qqpp - SQL Injection vulnerability when
request automation devices (bsc#1236487)
- CVE-2025-24367 GHSA-fxrq-fr7h-9rqq - Arbitrary File Creation leading
to RCE (bsc#1236489)
- CVE-2024-45598 GHSA-pv2c-97pp-vxwg - Local File Inclusion (LFI)
Vulnerability via Poller Standard Error Log Path (bsc#1236482)
- CVE-2024-54146 GHSA-vj9g-P7F2-4wqj - SQL Injection vulnerability when
view host template (bsc#1236486)
- issue: Temporary table names may incorrectly think they have a schema
- issue: When using Preset Time to view graphs, it is using a fixed
point rather than relative time
- issue: Fix issue where RRA files are not automatically removed
- issue: Fix invalid help link for Automation Networks
- issue: Unable to disable a tree within the GUI
- issue: When removing graphs, RRA files may be left behind
- issue: Improve compatibility with ping under FreeBSD
- issue: Improve compatibility wtih Slice RRD tool under PHP 8.x
- issue: Allow IPv6 formats to use colons without port
- issue: Update Fortigate, Aruba OSCX and Clearpass templates
- issue: When a plugin is disabled, unable to use GUI to enable it again
- issue: When upgrading, ensure that replication only runs as necessary
- issue: Improve caching and syncing issues with replication
- issue: Improve caching techniques for database calls
- issue: Improve compatibility for Error constants under PHP 8.4
- issue: When running the upgrade database script, cursor is left in the
middle of the row
- issue: Guest page does not automatically refresh
- issue: When installing, conversion of tables may produce collation
errors
- feature: Add HPE Nimble/Alletra template
- feature: When installing, only convert core cacti tables

- Add /srv/www directories to filelist [boo#1231027]

- fix for cacti-cron.timer & cacti-cron.service failing after upgrade has
already removed

- replace cacti-cron.timer & cacti-cron.service with cactid.service to fix
thold & other "sub poller" poller processes not running.

cacti 1.2.28:

- CVE-2024-43365 GHSA-49f2-hwx9-qffr: XSS vulnerability when creating
external links with the consolenewsection parameter (bsc#1231372)
- CVE-2024-43364 GHSA-fgc6-g8gc-wcg5: XSS vulnerability when creating
external links with the title parameter (bsc#1231371)
- CVE-2024-43363 GHSA-gxq4-mv8h-6qj4: RCE vulnerability can be executed
via Log Poisoning (bsc#1231370)
- CVE-2024-43362 GHSA-wh9c-v56x-v77c: XSS vulnerability when creating
external links with the fileurl parameter
- issue: When using LDAP authentication the first time, warnings may
appear in logs
- issue: When installing, a replication loop for plugin_realms may occur
- issue: When installing, remote poller may attempt to sync with other
pollers
- issue: When a Data Query has a space, indexes may not be properly
escaped
- issue: Boost does not always order data source records properly
- issue: Add IP address to the login audit for successful logins by
xmacan
- issue: Undefined variable error may sometimes occur when dealing with
RRD output by MSS970
- issue: When export to CSV, only the first line of notes is included
- issue: When rendering forms, missing default value can cause errors
- issue: Allow hosted content to be executable for the links page
- issue: When closing database connections, some may linger incorrectly
- issue: When changing passwords, an infinite loop may occur by
ddb4github
- issue: When using Cacti Daemon, a "Cron out of sync" message may be
reported
- issue: Add ability to filter/sort users by group or last login time
- issue: When using List View, unable to add Graphs to a Report
- issue: When using SNMPv3, some devices may show polling issues
- issue: Limit table conversion to Cacti core tables
- issue: Fix issues with posix-based kills on Windows
- issue: When installing, password changes may fail on new installations
- issue: When using structured RRD folders, permission issues may be
flagged incorrectly
- issue: When unable to locate a valid theme, new default will be Modern
- issue: Properly cache the data source information for dsstats
processing
- issue: When reindexing, verify all fields may not work as intended
- feature: Add ability to log database connections/disconnections
- feature: Add Ping Method where connection refused assumes host is up
- feature: When displaying graphs, default end time does not show full
24 hour period
- feature: Add --id to remove_device.php
- feature: Add Location and Site to Graph List View
- feature: Add more verbose logging to Boost
- feature: Update jQuery to 3.7.1
- feature: Update jQueryUI to 1.14.0
- feature: Update Purify.js to 3.1.6
- feature: Update billboard.js to 3.13.0
- feature: Improve the performance of the repopulation of the poller
cache

Changes in cacti-spine:

cacti-spine 1.2.30:

- no changes
- Bump/rebuild to match Cacti 1.2.30

cacti-spine 1.2.28:

- When using Ping or SNMP Uptime, host is not always detected properly
- Add Ping Method where connection refused assumes host is up

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-33=1

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2026-33=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

cacti-spine-1.2.30-bp157.2.3.1
cacti-spine-debuginfo-1.2.30-bp157.2.3.1
cacti-spine-debugsource-1.2.30-bp157.2.3.1

- openSUSE Backports SLE-15-SP6 (noarch):

cacti-1.2.30-bp156.2.6.1

References:

https://www.suse.com/security/cve/CVE-2024-43362.html
https://www.suse.com/security/cve/CVE-2024-43363.html
https://www.suse.com/security/cve/CVE-2024-43364.html
https://www.suse.com/security/cve/CVE-2024-43365.html
https://www.suse.com/security/cve/CVE-2024-45598.html
https://www.suse.com/security/cve/CVE-2024-54145.html
https://www.suse.com/security/cve/CVE-2024-54146.html
https://www.suse.com/security/cve/CVE-2025-22604.html
https://www.suse.com/security/cve/CVE-2025-24367.html
https://www.suse.com/security/cve/CVE-2025-24368.html
https://bugzilla.suse.com/1231027
https://bugzilla.suse.com/1231369
https://bugzilla.suse.com/1231370
https://bugzilla.suse.com/1231371
https://bugzilla.suse.com/1231372
https://bugzilla.suse.com/1236482
https://bugzilla.suse.com/1236486
https://bugzilla.suse.com/1236487
https://bugzilla.suse.com/1236488
https://bugzilla.suse.com/1236489
https://bugzilla.suse.com/1236490



openSUSE-SU-2026:0032-1: important: Security update for coredns


openSUSE Security Update: Security update for coredns
_______________________________

Announcement ID: openSUSE-SU-2026:0032-1
Rating: important
References: #1255345
Cross-References: CVE-2025-61726 CVE-2025-61728 CVE-2025-61731
CVE-2025-68119 CVE-2025-68121 CVE-2025-68156

CVSS scores:
CVE-2025-61726 (SUSE): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2025-61728 (SUSE): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-2025-61731 (SUSE): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2025-68119 (SUSE): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2025-68121 (SUSE): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2025-68156 (SUSE): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes 6 vulnerabilities is now available.

Description:

This update for coredns fixes the following issues:

- Update to version 1.14.1:
* This release primarily addresses security vulnerabilities affecting Go
versions prior to Go 1.25.6 and Go 1.24.12 (CVE-2025-61728,
CVE-2025-61726, CVE-2025-68121, CVE-2025-61731, CVE-2025-68119). It
also includes performance improvements to the proxy plugin via
multiplexed connections, along with various documentation updates.

- CVE-2025-68156: Fixed a denial of service due to uncontrolled recursion
in expression evaluation (bsc#1255345)

- Update to version 1.14.0:
* core: Fix gosec G115 integer overflow warnings
* core: Add regex length limit
* plugin/azure: Fix slice init length
* plugin/errors: Add optional show_first flag to consolidate directive
* plugin/file: Fix for misleading SOA parser warnings
* plugin/kubernetes: Rate limits to api server
* plugin/metrics: Implement plugin chain tracking
* plugin/sign: Report parser err before missing SOA
* build(deps): bump github.com/expr-lang/expr from 1.17.6 to 1.17.7

- Update to version 1.13.2:
* core: Add basic support for DoH3
* core: Avoid proxy unnecessary alloc in Yield
* core: Fix usage of sync.Pool to save an alloc
* core: Fix data race with sync.RWMutex for uniq
* core: Prevent QUIC reload panic by lazily initializing the listener
* core: Refactor/use reflect.TypeFor
* plugin/auto: Limit regex length
* plugin/cache: Remove superfluous allocations in item.toMsg
* plugin/cache: Isolate metadata in prefetch goroutine
* plugin/cache: Correct spelling of MaximumDefaultTTL in cache and
dnsutil packages
* plugin/dnstap: Better error handling (redial & logging) when Dnstap is
busy
* plugin/file: Performance finetuning
* plugin/forward: Disallow NOERROR in failover
* plugin/forward: Added support for per-nameserver TLS SNI
* plugin/forward: Prevent busy loop on connection err
* plugin/forward: Add max connect attempts knob
* plugin/geoip: Add ASN schema support
* plugin/geoip: Add support for subdivisions
* plugin/kubernetes: Fix kubernetes plugin logging
* plugin/multisocket: Cap num sockets to prevent OOM
* plugin/nomad: Support service filtering
* plugin/rewrite: Pre-compile CNAME rewrite regexp
* plugin/secondary: Fix reload causing secondary plugin goroutine to leak

- Update to version 1.13.1:
* core: Avoid string concatenation in loops
* core: Update golang to 1.25.2 and golang.org/x/net to v0.45.0 on CVE
fixes
* plugin/sign: Reject invalid UTF???8 dbfile token

- Update to version 1.13.0:
* core: Export timeout values in dnsserver.Server
* core: Fix Corefile infinite loop on unclosed braces
* core: Fix Corefile related import cycle issue
* core: Normalize panics on invalid origins
* core: Rely on dns.Server.ShutdownContext to gracefully stop
* plugin/dnstap: Add bounds for plugin args
* plugin/file: Fix data race in tree Elem.Name
* plugin/forward: No failover to next upstream when receiving SERVFAIL
or REFUSED response codes
* plugin/grpc: Enforce DNS message size limits
* plugin/loop: Prevent panic when ListenHosts is empty
* plugin/loop: Avoid panic on invalid server block
* plugin/nomad: Add a Nomad plugin
* plugin/reload: Prevent SIGTERM/reload deadlock

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-32=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le x86_64):

coredns-1.14.1-bp157.2.10.1
coredns-debuginfo-1.14.1-bp157.2.10.1

- openSUSE Backports SLE-15-SP7 (noarch):

coredns-extras-1.14.1-bp157.2.10.1

References:

https://www.suse.com/security/cve/CVE-2025-61726.html
https://www.suse.com/security/cve/CVE-2025-61728.html
https://www.suse.com/security/cve/CVE-2025-61731.html
https://www.suse.com/security/cve/CVE-2025-68119.html
https://www.suse.com/security/cve/CVE-2025-68121.html
https://www.suse.com/security/cve/CVE-2025-68156.html
https://bugzilla.suse.com/1255345



SUSE-SU-2026:0344-1: moderate: Security update for assertj-core


# Security update for assertj-core

Announcement ID: SUSE-SU-2026:0344-1
Release Date: 2026-01-29T20:04:12Z
Rating: moderate
References:

* bsc#1257293

Cross-References:

* CVE-2026-24400

CVSS scores:

* CVE-2026-24400 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-24400 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-24400 ( NVD ): 8.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Leap 15.6

An update that solves one vulnerability can now be installed.

## Description:

This update for assertj-core fixes the following issues:

Upgrade to version 3.27.7:

* CVE-2026-24400: Fix XXE vulnerability in isXmlEqualTo assertion
(bsc#1257293).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-344=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* assertj-core-3.27.7-150200.5.9.2

## References:

* https://www.suse.com/security/cve/CVE-2026-24400.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257293



SUSE-SU-2026:0347-1: important: Security update for glibc-livepatches


# Security update for glibc-livepatches

Announcement ID: SUSE-SU-2026:0347-1
Release Date: 2026-01-30T10:36:11Z
Rating: important
References:

* bsc#1256913

Cross-References:

* CVE-2026-0861

CVSS scores:

* CVE-2026-0861 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-0861 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-0861 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for glibc-livepatches fixes the following issues:

* CVE-2026-0861: Fixed that inadequate size check in the memalign suite may
result in an integer overflow (bsc#1256913)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-347=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-347=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-347=1

## Package List:

* openSUSE Leap 15.4 (x86_64)
* glibc-livepatches-debugsource-0.3-150400.3.11.1
* glibc-livepatches-debuginfo-0.3-150400.3.11.1
* glibc-livepatches-0.3-150400.3.11.1
* SUSE Linux Enterprise Live Patching 15-SP4 (x86_64)
* glibc-livepatches-0.3-150400.3.11.1
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* glibc-livepatches-0.3-150400.3.11.1

## References:

* https://www.suse.com/security/cve/CVE-2026-0861.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256913



SUSE-SU-2026:0346-1: moderate: Security update for openssl-1_1


# Security update for openssl-1_1

Announcement ID: SUSE-SU-2026:0346-1
Release Date: 2026-01-30T09:01:33Z
Rating: moderate
References:

* bsc#1256834
* bsc#1256835
* bsc#1256836
* bsc#1256837
* bsc#1256838
* bsc#1256839
* bsc#1256840

Cross-References:

* CVE-2025-68160
* CVE-2025-69418
* CVE-2025-69419
* CVE-2025-69420
* CVE-2025-69421
* CVE-2026-22795
* CVE-2026-22796

CVSS scores:

* CVE-2025-68160 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68160 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68160 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-69418 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-69418 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-69418 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-69419 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-69419 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-69419 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-69420 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-69420 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-69420 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-69421 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-69421 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22795 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22795 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22795 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-22796 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-22796 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for openssl-1_1 fixes the following issues:

* CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing
(bsc#1256839).
* CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response()
function (bsc#1256837).
* CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex
function (bsc#1256838).
* CVE-2026-22796: ASN1_TYPE Type Confusion in the
PKCS7_digest_from_attributes() function (bsc#1256840).
* CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes
(bsc#1256834).
* CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level
OCB function calls (bsc#1256835).
* CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8
conversion (bsc#1256836).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-346=1 openSUSE-SLE-15.6-2026-346=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-346=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-346=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libopenssl1_1-debuginfo-1.1.1w-150600.5.21.1
* libopenssl-1_1-devel-1.1.1w-150600.5.21.1
* openssl-1_1-1.1.1w-150600.5.21.1
* openssl-1_1-debugsource-1.1.1w-150600.5.21.1
* libopenssl1_1-1.1.1w-150600.5.21.1
* openssl-1_1-debuginfo-1.1.1w-150600.5.21.1
* openSUSE Leap 15.6 (x86_64)
* libopenssl1_1-32bit-debuginfo-1.1.1w-150600.5.21.1
* libopenssl-1_1-devel-32bit-1.1.1w-150600.5.21.1
* libopenssl1_1-32bit-1.1.1w-150600.5.21.1
* openSUSE Leap 15.6 (noarch)
* openssl-1_1-doc-1.1.1w-150600.5.21.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libopenssl1_1-64bit-1.1.1w-150600.5.21.1
* libopenssl-1_1-devel-64bit-1.1.1w-150600.5.21.1
* libopenssl1_1-64bit-debuginfo-1.1.1w-150600.5.21.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libopenssl1_1-debuginfo-1.1.1w-150600.5.21.1
* libopenssl-1_1-devel-1.1.1w-150600.5.21.1
* openssl-1_1-1.1.1w-150600.5.21.1
* openssl-1_1-debugsource-1.1.1w-150600.5.21.1
* libopenssl1_1-1.1.1w-150600.5.21.1
* openssl-1_1-debuginfo-1.1.1w-150600.5.21.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
* libopenssl1_1-32bit-debuginfo-1.1.1w-150600.5.21.1
* libopenssl1_1-32bit-1.1.1w-150600.5.21.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libopenssl1_1-debuginfo-1.1.1w-150600.5.21.1
* libopenssl-1_1-devel-1.1.1w-150600.5.21.1
* openssl-1_1-1.1.1w-150600.5.21.1
* openssl-1_1-debugsource-1.1.1w-150600.5.21.1
* libopenssl1_1-1.1.1w-150600.5.21.1
* openssl-1_1-debuginfo-1.1.1w-150600.5.21.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* libopenssl1_1-32bit-debuginfo-1.1.1w-150600.5.21.1
* libopenssl1_1-32bit-1.1.1w-150600.5.21.1

## References:

* https://www.suse.com/security/cve/CVE-2025-68160.html
* https://www.suse.com/security/cve/CVE-2025-69418.html
* https://www.suse.com/security/cve/CVE-2025-69419.html
* https://www.suse.com/security/cve/CVE-2025-69420.html
* https://www.suse.com/security/cve/CVE-2025-69421.html
* https://www.suse.com/security/cve/CVE-2026-22795.html
* https://www.suse.com/security/cve/CVE-2026-22796.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256834
* https://bugzilla.suse.com/show_bug.cgi?id=1256835
* https://bugzilla.suse.com/show_bug.cgi?id=1256836
* https://bugzilla.suse.com/show_bug.cgi?id=1256837
* https://bugzilla.suse.com/show_bug.cgi?id=1256838
* https://bugzilla.suse.com/show_bug.cgi?id=1256839
* https://bugzilla.suse.com/show_bug.cgi?id=1256840


Python, PHP, Kernel, OpenJDK, CURL updates for AlmaLinux

Linux Kernel updates for Ubuntu

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...