openSUSE-SU-2026:21267-1: moderate: Recommended update for mpv, libKPipeWireRecord6, ffmpegthumbs-kf5
openSUSE-SU-2026:21266-1: important: Security update for openQA, os-autoinst
openSUSE-SU-2026:21262-1: important: Security update for hauler
openSUSE-SU-2026:21254-1: important: Security update for go1.26-openssl
openSUSE-SU-2026:21252-1: important: Security update for clamav
openSUSE-SU-2026:21251-1: important: Security update for alloy
openSUSE-SU-2026:21249-1: important: Security update for trivy
openSUSE-SU-2026:21247-1: important: Security update for docker-compose
openSUSE-SU-2026:21242-1: important: Security update for assimp
openSUSE-SU-2026:21244-1: important: Security update for podman
openSUSE-SU-2026:21240-1: important: Security update for gstreamer-plugins-good
openSUSE-SU-2026:21239-1: important: Security update for python-msgpack
openSUSE-SU-2026:21238-1: important: Security update for krb5
openSUSE-SU-2026:21235-1: important: Security update for apache2
openSUSE-SU-2026:0232-1: important: Security update for go-sendxmpp
openSUSE-SU-2026:0231-1: important: Security update for radare2
SUSE-SU-2026:2785-1: moderate: Security update for systemd, systemd-mini
SUSE-SU-2026:2789-1: important: Security update for xorg-x11-server
SUSE-SU-2026:2791-1: important: Security update for xorg-x11-server
SUSE-SU-2026:2786-1: important: Security update for xorg-x11-server
openSUSE-SU-2026:0233-1: critical: Security update for chromium
openSUSE-SU-2026:11197-1: moderate: apptainer-1.5.1-3.1 on GA media
openSUSE-SU-2026:11196-1: moderate: python313-yt-dlp-2026.07.04-1.1 on GA media
openSUSE-SU-2026:11195-1: moderate: tomcat11-11.0.23-1.1 on GA media
openSUSE-SU-2026:21267-1: moderate: Recommended update for mpv, libKPipeWireRecord6, ffmpegthumbs-kf5
openSUSE security update: recommended update for mpv, libkpipewirerecord6, ffmpegthumbs-kf5
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21267-1
Rating: moderate
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves various issues can now be installed.
Description:
This update for mpv, libKPipeWireRecord6, ffmpegthumbs-kf5 fixes the following issues:
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-packagehub-396=1
Package List:
- openSUSE Leap 16.0:
ffmpegthumbs-25.04.3-bp160.1.2
ffmpegthumbs-kf5-25.04.3-bp160.1.3
kpipewire6-devel-6.4.2-bp160.1.3
kpipewire6-imports-6.4.2-bp160.1.3
libKPipeWire6-6.4.2-bp160.1.3
libKPipeWire6-lang-6.4.2-bp160.1.3
libKPipeWireDmaBuf6-6.4.2-bp160.1.3
libKPipeWireRecord6-6.4.2-bp160.1.3
libmpv2-0.40.0+git20250325.97cb16d68340-bp160.1.4
mpv-0.40.0+git20250325.97cb16d68340-bp160.1.4
mpv-bash-completion-0.40.0+git20250325.97cb16d68340-bp160.1.4
mpv-devel-0.40.0+git20250325.97cb16d68340-bp160.1.4
mpv-fish-completion-0.40.0+git20250325.97cb16d68340-bp160.1.4
mpv-zsh-completion-0.40.0+git20250325.97cb16d68340-bp160.1.4
openSUSE-SU-2026:21266-1: important: Security update for openQA, os-autoinst
openSUSE security update: security update for openqa, os-autoinst
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21266-1
Rating: important
References:
* bsc#1258632
* bsc#1259005
* bsc#1264376
Cross-References:
* CVE-2026-26996
* CVE-2026-27904
* CVE-2026-6321
CVSS scores:
* CVE-2026-26996 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-26996 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27904 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-27904 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-6321 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-6321 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.
Description:
This update for openQA, os-autoinst fixes the following issues:
Changes in openQA:
- Update to version 5.1783076943.6691832d:
* test: Stabilize `t/05-scheduler-full.t`
- Clarify resolution of three CVEs
* The following CVEs have been fixed (see previous changelog
entries that mentioned only the according Bugzilla tickets):
- bsc#1259005 - CVE-2026-27904
- bsc#1264376 - CVE-2026-6321
- bsc#1258632 - CVE-2026-26996
- Update to version 5.1782995932.ffeb09be:
* feat: throw 404 for nonexistent groups in overview
* feat: Avoid logwarn notifications for non-critical auth error
* chore(deps): Dependency cron 2026-07-02
* git subrepo pull (merge) external/os-autoinst-common
* fix: Check also hidden files in checklist plugin
* test: Enable faster re-connects in full scheduler test consistently
* test: Avoid silent daemons in verbose mode
* test: Allow running `t/43-???-scalability.t` in parallel
* test: Allow running `t/05-scheduler-full.t` in parallel
* test: Avoid race condition when generating ports in `25-cache.t`
* test: Avoid wasting seconds in `40-script_load_dump_templates.t`
* refactor: Remove disabled code in `openqa-load-templates`
* test: Avoid race condition when generating ports in many tests
* chore(deps): Dependency cron 2026-07-01
* fix(ci): format inline comments in workflows to pass yamllint
* test: Avoid running into "Address already in use" in fullstack test
* feat(ci): pin GitHub Actions by commit hash
Changes in os-autoinst:
- Update to version 5.1783082953.c3cb41d:
* test: Disable unstable `t/28-signalblocker.t` on ppc64le OBS builds
* fix: Check also hidden files in checklist plugin
* feat(ci): disable Mergify interactive queue controls in PR comments
* test: assert pipe size adjustment dynamically
* test: assert terminal session boundary safety
* refactor: support pretty markers in script_sudo and become_root
* fix: mmapi test failures and infinite loop hangs
* test: simplify Level 3 pretty marker detection
* fix: exclude virt-firmware on all older Leap archs
- Update to version 5.1782917048.dcc97e9:
* fix: Check also hidden files in checklist plugin
* feat(ci): disable Mergify interactive queue controls in PR comments
* fix(ci): format inline comments in workflows to pass yamllint
* feat(ci): pin GitHub Actions by commit hash
* test: assert pipe size adjustment dynamically
* test: assert terminal session boundary safety
* refactor: support pretty markers in script_sudo and become_root
* fix: mmapi test failures and infinite loop hangs
* test: simplify Level 3 pretty marker detection
* fix: exclude virt-firmware on all older Leap archs
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-packagehub-395=1
Package List:
- openSUSE Leap 16.0:
openQA-5.1783076943.6691832d-bp160.1.1
openQA-auto-update-5.1783076943.6691832d-bp160.1.1
openQA-bootstrap-5.1783076943.6691832d-bp160.1.1
openQA-client-5.1783076943.6691832d-bp160.1.1
openQA-client-bash-completion-5.1783076943.6691832d-bp160.1.1
openQA-client-zsh-completion-5.1783076943.6691832d-bp160.1.1
openQA-common-5.1783076943.6691832d-bp160.1.1
openQA-continuous-update-5.1783076943.6691832d-bp160.1.1
openQA-devel-5.1783076943.6691832d-bp160.1.1
openQA-doc-5.1783076943.6691832d-bp160.1.1
openQA-llm-server-5.1783076943.6691832d-bp160.1.1
openQA-local-db-5.1783076943.6691832d-bp160.1.1
openQA-mcp-5.1783076943.6691832d-bp160.1.1
openQA-munin-5.1783076943.6691832d-bp160.1.1
openQA-python-scripts-5.1783076943.6691832d-bp160.1.1
openQA-single-instance-5.1783076943.6691832d-bp160.1.1
openQA-single-instance-nginx-5.1783076943.6691832d-bp160.1.1
openQA-worker-5.1783076943.6691832d-bp160.1.1
os-autoinst-5.1783082953.c3cb41d-bp160.1.1
os-autoinst-devel-5.1783082953.c3cb41d-bp160.1.1
os-autoinst-ipmi-deps-5.1783082953.c3cb41d-bp160.1.1
os-autoinst-openvswitch-5.1783082953.c3cb41d-bp160.1.1
os-autoinst-qemu-kvm-5.1783082953.c3cb41d-bp160.1.1
os-autoinst-qemu-x86-5.1783082953.c3cb41d-bp160.1.1
os-autoinst-s390-deps-5.1783082953.c3cb41d-bp160.1.1
os-autoinst-swtpm-5.1783082953.c3cb41d-bp160.1.1
References:
* https://www.suse.com/security/cve/CVE-2026-26996.html
* https://www.suse.com/security/cve/CVE-2026-27904.html
* https://www.suse.com/security/cve/CVE-2026-6321.html
openSUSE-SU-2026:21262-1: important: Security update for hauler
openSUSE security update: security update for hauler
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21262-1
Rating: important
References:
* bsc#1267150
* bsc#1269433
Cross-References:
* CVE-2026-25680
* CVE-2026-25681
* CVE-2026-27136
* CVE-2026-42502
* CVE-2026-42506
* CVE-2026-48702
CVSS scores:
* CVE-2026-25680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25680 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-25681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-25681 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-27136 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-27136 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-42502 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42502 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-42506 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42506 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-48702 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-48702 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 6 vulnerabilities and has 2 bug fixes can now be installed.
Description:
This update for hauler fixes the following issues:
Changes in hauler:
- update to 2.0.1 (bsc#1269433, CVE-2026-48702):
* bump go to 1.26.4 to squash CVE noise
* Full v2 Release notes: https://github.com/hauler-
dev/hauler/releases/tag/v2.0.0
- update to 2.0.0:
* `v2.0.0` is a **major** release. It replaces Hauler's entire
OCI plumbing... the ORAS v1 dependency and the in-house
cosign fork with a native containerd based implementation,
drops the deprecated `v1alpha1` API, and layers on a
meaningful set of new capabilities and reliability fixes on
top of that new foundation.
* **Removed the ORAS v1 dependency** - push/pull is now driven
directly by containerd's docker resolver and `google/go-
containerregistry`, new `pkg/content/registry.go`
(`RegistryTarget`) and `pkg/content/types.go` (`Target`
interface, `IoContentWriter`) replaces what ORAS used to own.
* **Removed the hauler-maintained cosign fork** - `pkg/cosign`
is now a thin verify only wrapper around upstream
`sigstore/cosign/v3`. Images are added through a native
`s.AddImage()` path in `pkg/store`
* **Added OCI 1.1 Referrers support** - signatures,
attestations, and SBOMs are discovered both via the classic
cosign tag convention (`sha256-.sig` / `.att` / `.sbom`) and
the modern Referrers API, then correctly through the OCI
layout
- update x/net to v0.55.0 (bsc#1266602, CVE-2026-39821,
bsc#1267150, CVE-2026-25680, CVE-2026-42502, CVE-2026-27136,
CVE-2026-25681, CVE-2026-42506)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-packagehub-391=1
Package List:
- openSUSE Leap 16.0:
hauler-2.0.1-bp160.1.1
References:
* https://www.suse.com/security/cve/CVE-2026-25680.html
* https://www.suse.com/security/cve/CVE-2026-25681.html
* https://www.suse.com/security/cve/CVE-2026-27136.html
* https://www.suse.com/security/cve/CVE-2026-42502.html
* https://www.suse.com/security/cve/CVE-2026-42506.html
* https://www.suse.com/security/cve/CVE-2026-48702.html
openSUSE-SU-2026:21254-1: important: Security update for go1.26-openssl
openSUSE security update: security update for go1.26-openssl
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21254-1
Rating: important
References:
* bsc#1170826
* bsc#1245878
* bsc#1255111
* bsc#1261653
* bsc#1261654
* bsc#1261655
* bsc#1261656
* bsc#1261657
* bsc#1261658
* bsc#1261659
* bsc#1261660
* bsc#1261661
* bsc#1261662
* bsc#1264395
* bsc#1264499
* bsc#1264500
* bsc#1264501
* bsc#1264502
* bsc#1264503
* bsc#1264504
* bsc#1264505
* bsc#1264506
* bsc#1264507
* bsc#1264508
* bsc#1264509
* bsc#1267442
* bsc#1267444
* bsc#1267450
Cross-References:
* CVE-2026-27140
* CVE-2026-27143
* CVE-2026-27144
* CVE-2026-27145
* CVE-2026-32280
* CVE-2026-32281
* CVE-2026-32282
* CVE-2026-32283
* CVE-2026-32288
* CVE-2026-32289
* CVE-2026-33810
* CVE-2026-33811
* CVE-2026-33814
* CVE-2026-39817
* CVE-2026-39819
* CVE-2026-39820
* CVE-2026-39823
* CVE-2026-39825
* CVE-2026-39826
* CVE-2026-39836
* CVE-2026-42499
* CVE-2026-42501
* CVE-2026-42504
* CVE-2026-42507
CVSS scores:
* CVE-2026-27140 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-27143 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-27144 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-27145 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-27145 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-32280 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-32281 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-32282 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-32283 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-32288 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-32289 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-33810 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-33811 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39817 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
* CVE-2026-39819 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-39820 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39823 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-39825 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-39826 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-39836 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42499 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42501 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-42504 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-42504 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42507 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-42507 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 24 vulnerabilities and has 28 bug fixes can now be installed.
Description:
This update for go1.26-openssl fixes the following issues:
Update to go1.26.4 (bsc#1255111).
Security issues fixed:
- CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG (bsc#1261653).
- CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination (bsc#1261654).
- CVE-2026-27144: cmd/compile: no-op interface conversion bypasses overlap checking (bsc#1261655).
- CVE-2026-27145: crypto/x509: split candidate hostname only once (bsc#1267450).
- CVE-2026-32280: crypto/x509: unexpected work during chain building (bsc#1261656).
- CVE-2026-32281: crypto/x509: inefficient policy validation (bsc#1261657).
- CVE-2026-32282: os: `Root.Chmod` can follow symlinks out of the root on Linux (bsc#1261658).
- CVE-2026-32283: crypto/tls: multiple key update handshake messages can cause connection to deadlock (bsc#1261659).
- CVE-2026-32288: archive/tar: unbounded allocation when parsing old format GNU sparse map (bsc#1261660).
- CVE-2026-32289: html/template: JS template literal context incorrectly tracked (bsc#1261661).
- CVE-2026-33810: crypto/x509: excluded DNS constraints not properly applied to wildcard domains (bsc#1261662).
- CVE-2026-33811: net: crash when handling long `CNAME` response (bsc#1264508).
- CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad `SETTINGS_MAX_FRAME_SIZE` (bsc#1264506).
- CVE-2026-39817: cmd/go: `go tool pack` does not sanitize output paths (bsc#1264505).
- CVE-2026-39819: cmd/go: `go bug` follows symlinks in predictable temporary filenames (bsc#1264504).
- CVE-2026-39820: net/mail: quadratic string concatentation in `consumeComment` (bsc#1264503).
- CVE-2026-39823: html/template: bypass of meta content URL escaping causes XSS (bsc#1264509).
- CVE-2026-39825: net/http/httputil: `ReverseProxy` forwards queries with more than `urlmaxqueryparams` parameters
(bsc#1264500).
- CVE-2026-39826: html/template: escaper bypass leads to XSS (bsc#1264507).
- CVE-2026-39836: net: panic in `Dial` and `LookupPort` when handling `NUL` byte on Windows (bsc#1264501).
- CVE-2026-42499: net/mail: quadratic string concatenation in `consumePhrase` (bsc#1264502).
- CVE-2026-42501: cmd/go: malicious module proxy can bypass checksum database (bsc#1264499).
- CVE-2026-42504: mime: quadratic complexity in `WordDecoder.DecodeHeader` (bsc#1267442).
- CVE-2026-42507: net/textproto: arbitrary input is included in errors without any escaping (bsc#1267444).
Other updates and security fixes:
- Go packages miss `binutils-gold` dependency (bsc#1170826).
- Drop subpackage `go1.x-libstd` `std` library `.so` refs (jsc#PED-1962).
- Use `libalternatives` only on `suse_version >= 1610` and keep `update-alternatives` support for older
distributions.
- Drop the `update-alternatives` migration path for `libalternatives` builds.
- Enable `libalternatives` for SLE16.1 and Tumbleweed (bsc#1245878).
- Drop go1.26 dependency on `update-alternatives` (bsc#1264395)
- Update to version 1.26.3 cut from the `go1.25-fips-release` branch at the revision tagged `go1.26.3-1-openssl-fips`
(jsc#SLE-18320).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1175=1
Package List:
- openSUSE Leap 16.0:
go1.26-openssl-1.26.4-160000.1.1
go1.26-openssl-doc-1.26.4-160000.1.1
go1.26-openssl-race-1.26.4-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2026-27140.html
* https://www.suse.com/security/cve/CVE-2026-27143.html
* https://www.suse.com/security/cve/CVE-2026-27144.html
* https://www.suse.com/security/cve/CVE-2026-27145.html
* https://www.suse.com/security/cve/CVE-2026-32280.html
* https://www.suse.com/security/cve/CVE-2026-32281.html
* https://www.suse.com/security/cve/CVE-2026-32282.html
* https://www.suse.com/security/cve/CVE-2026-32283.html
* https://www.suse.com/security/cve/CVE-2026-32288.html
* https://www.suse.com/security/cve/CVE-2026-32289.html
* https://www.suse.com/security/cve/CVE-2026-33810.html
* https://www.suse.com/security/cve/CVE-2026-33811.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-39817.html
* https://www.suse.com/security/cve/CVE-2026-39819.html
* https://www.suse.com/security/cve/CVE-2026-39820.html
* https://www.suse.com/security/cve/CVE-2026-39823.html
* https://www.suse.com/security/cve/CVE-2026-39825.html
* https://www.suse.com/security/cve/CVE-2026-39826.html
* https://www.suse.com/security/cve/CVE-2026-39836.html
* https://www.suse.com/security/cve/CVE-2026-42499.html
* https://www.suse.com/security/cve/CVE-2026-42501.html
* https://www.suse.com/security/cve/CVE-2026-42504.html
* https://www.suse.com/security/cve/CVE-2026-42507.html
openSUSE-SU-2026:21252-1: important: Security update for clamav
openSUSE security update: security update for clamav
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21252-1
Rating: important
References:
* bsc#1270085
* bsc#1270088
* bsc#1270089
* bsc#1270091
* bsc#1270092
* bsc#1270106
* bsc#1270107
* bsc#1270138
Cross-References:
* CVE-2026-20213
* CVE-2026-20214
* CVE-2026-20215
* CVE-2026-20216
* CVE-2026-20217
* CVE-2026-20243
* CVE-2026-20244
* CVE-2026-41676
CVSS scores:
* CVE-2026-20213 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20214 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20215 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20216 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20217 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20243 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-20244 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 8 vulnerabilities and has 8 bug fixes can now be installed.
Description:
This update for clamav fixes the following issues:
Update to version 1.5.3.
Security issues fixed:
- CVE-2026-20213: out-of-bounds write due to improper boundary checks for content in PE files during scanning
(bsc#1270107).
- CVE-2026-20214: out-of-bounds write due to improper boundary checks for content in FSG files during scanning
(bsc#1270085).
- CVE-2026-20215: out-of-bounds write due to improper boundary checks for content in 7z files during scanning
(bsc#1270088).
- CVE-2026-20216: denial of service due to improper handling of temporary resources during InstallShield file scanning
(bsc#1270089).
- CVE-2026-20217: out-of-bounds write due to improper boundary checks for content in PESpin files during scanning
(bsc#1270091).
- CVE-2026-20243: out-of-bounds write due to improper boundary checks for content in ALZ files during scanning
(bsc#1270092).
- CVE-2026-20244: integer overflow and DoS due to improper boundary checks for content in DMG files during scanning
(bsc#1270106).
- CVE-2026-41676: buffer overflow due to missing checks via `Deriver:derive`, `PkeyCtxRef:derive` and OpenSSL 1.1.1
(bsc#1270138).
Other updates and bugfixes:
- Version 1.5.3:
* Fixed a bug in the PESpin unpacker cleanup path that could free pointers into the scanned file buffer and crash the
scanner.
* Fixed an integer overflow in PE rebuild size calculations that could be reached through a malformed Aspack-packed PE
file and lead to a heap buffer overflow write.
* Fixed an InstallShield archive extraction limit bypass that could write far more temporary data than intended and
exhaust temporary storage.
* Fixed an FSG unpacker loop underflow that could write past the section array while scanning a malformed PE file.
* Fixed ALZ parser size handling bugs that could cause malformed ALZ archives to panic, abort the scanner, or skip
expected scan-limit handling.
* Fixed a 7z parser substream count overflow that could under-allocate parser metadata arrays and write past them
while reading a malformed archive.
* Fixed 32-bit DMG parser size checks that could let a short mish stripe table pass validation and crash 32-bit
scanner builds.
* Hardened clamscan, clamdscan, and clamonacc quarantine actions against time-of-check/time-of-use races that could
redirect copied, moved, or removed files under unsafe quarantine directory configurations.
* Upgraded the Rust tar dependency to resolve the RUSTSEC-2026-0067 and RUSTSEC-2026-0068 advisories, and upgraded the
Rust openssl dependency to resolve CVE-2026-41676.
* Raised the minimum required CMake version to 3.17 to fix Linux builds with libcurl v8.21.0 when linking static
library dependencies.
* Metadata preclass scans now run before the final scan verdict.
* ClamOnAcc: Fixed errors when recursively excluded paths are children of an included path.
* ClamOnAcc: Fixed hash bucket list corruption when two watched paths collide in the same bucket.
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1173=1
Package List:
- openSUSE Leap 16.0:
clamav-1.5.3-160000.1.1
clamav-devel-1.5.3-160000.1.1
clamav-docs-html-1.5.3-160000.1.1
clamav-milter-1.5.3-160000.1.1
libclamav12-1.5.3-160000.1.1
libclammspack0-1.5.3-160000.1.1
libfreshclam4-1.5.3-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2026-20213.html
* https://www.suse.com/security/cve/CVE-2026-20214.html
* https://www.suse.com/security/cve/CVE-2026-20215.html
* https://www.suse.com/security/cve/CVE-2026-20216.html
* https://www.suse.com/security/cve/CVE-2026-20217.html
* https://www.suse.com/security/cve/CVE-2026-20243.html
* https://www.suse.com/security/cve/CVE-2026-20244.html
* https://www.suse.com/security/cve/CVE-2026-41676.html
openSUSE-SU-2026:21251-1: important: Security update for alloy
openSUSE security update: security update for alloy
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21251-1
Rating: important
References:
* bsc#1260981
* bsc#1265440
* bsc#1266196
* bsc#1266654
* bsc#1267185
* bsc#1267333
* bsc#1267481
* bsc#1267485
* bsc#1267488
* bsc#1267489
Cross-References:
* CVE-2026-25680
* CVE-2026-25681
* CVE-2026-27136
* CVE-2026-33532
* CVE-2026-39821
* CVE-2026-39827
* CVE-2026-39828
* CVE-2026-39829
* CVE-2026-39830
* CVE-2026-39831
* CVE-2026-39832
* CVE-2026-39833
* CVE-2026-39834
* CVE-2026-39835
* CVE-2026-41889
* CVE-2026-42502
* CVE-2026-42506
* CVE-2026-42508
* CVE-2026-44740
* CVE-2026-45678
* CVE-2026-45682
* CVE-2026-45685
* CVE-2026-45686
* CVE-2026-46595
* CVE-2026-46597
* CVE-2026-46598
CVSS scores:
* CVE-2026-25680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25680 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-25681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-25681 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-27136 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-27136 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-33532 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-33532 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
* CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41889 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-41889 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42502 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42502 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-42506 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-42506 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-44740 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-44740 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-45678 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45682 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-45682 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45685 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-45685 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45686 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-45686 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 26 vulnerabilities and has 10 bug fixes can now be installed.
Description:
This update for alloy fixes the following issues:
Update to version 1.17.0.
Security issues fixed:
- CVE-2026-25680: golang.org/x/net/html: parsing arbitrary HTML can consume excessive CPU time, possibly leading to
denial of service (bsc#1267185).
- CVE-2026-25681: golang.org/x/net/html: parsing arbitrary HTML which is then rendered using Render can result in an
unexpected HTML tree and allows for XSS (bsc#1267185).
- CVE-2026-27136: golang.org/x/net/html: parsing arbitrary HTML which is then rendered using Render can result in an
unexpected HTML tree and allows for XSS (bsc#1267185).
- CVE-2026-33532: yaml: parsing input with deeply nestes collections may throw a `RangeError` due to a stack overflow
and cause to a denial of service (bsc#1260981).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege escalation (bsc#1266654).
- CVE-2026-39827: golang.org/x/crypto/ssh: authenticated SSH clients that repeatedly open channels which were rejected
by the server can cause unbounded memory growth and a crash (bsc#1266196).
- CVE-2026-39828: golang.org/x/crypto/ssh: permissions discarded when an SSH server authentication callback returns
`PartialSuccessError` with non-`nil` permissions (bsc#1266196).
- CVE-2026-39829: golang.org/x/crypto/ssh: unenforced size limits on key parameters by the the RSA and DSA public key
parsers can lead to excessive CPU consumption when processing a crafted public key (bsc#1266196).
- CVE-2026-39830: golang.org/x/crypto/ssh: malicious SSH peers sending unsolicited global request responses can block a
connection's read loop and cause a resource leak (bsc#1266196).
- CVE-2026-39831: golang.org/x/crypto/ssh: missing `User Presence` flag checks in the `Verify()` method for FIDO/U2F
security key types cause signatures generated without physical touch to be accepted (bsc#1266196).
- CVE-2026-39832: golang.org/x/crypto/ssh: destination restrictions are silently stripped when forwarding keys and
allow for unrestricted use of a key on a remote host (bsc#1266196).
- CVE-2026-39833: golang.org/x/crypto/ssh: in-memory keyring returned by `NewKeyring()` silently accepts keys with the
`ConfirmBeforeUse` constraint but never enforces it (bsc#1266196).
- CVE-2026-39834: golang.org/x/crypto/ssh: writing data larger than 4GB in a single `Write` call on an SSH channel
leads to an integer overflow and an infinite loop that sends empty packets (bsc#1266196).
- CVE-2026-39835: golang.org/x/crypto/ssh: processing of certificates by SSH servers using `CertChecker` as a public
key callback without setting `IsUserAuthority` or `IsHostAuthority` can lead to a panic (bsc#1266196).
- CVE-2026-41889: github.com/jackc/pgx/v5/internal/sanitize: use placeholders in dollar-quoted string literals in an
SQL query can lead to a SQL injection (bsc#1265440).
- CVE-2026-42502: golang.org/x/net/html: parsing arbitrary HTML which is then rendered using Render can result in an
unexpected HTML tree and allows for XSS (bsc#1267185).
- CVE-2026-42506: golang.org/x/net/html: parsing arbitrary HTML which is then rendered using Render can result in an
unexpected HTML tree and allows for XSS (bsc#1267185).
- CVE-2026-42508: golang.org/x/crypto/ssh: revoked `SignatureKey`s belonging to a CA are not correctly checked for
revocation (bsc#1266196).
- CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in many components can lead to DoS via
infinite loops, panics or resource consumption (bsc#1267333).
- CVE-2026-45678: go.opentelemetry.io/obi: Postgres BIND parsing can lead to a panic when malformed payloads are
processed (bsc#1267481).
- CVE-2026-45682: go.opentelemetry.io/obi: keys not deleted by `CappedConcurrentHashMap` after removals allows repeated
connection churn to grow the queue without bound and exhaust heap memory (bsc#1267485).
- CVE-2026-45685: go.opentelemetry.io/obi: MongoDB TCP parser panics on malformed wire messages and causes a DoS
(bsc#1267488).
- CVE-2026-45686: go.opentelemetry.io/obi: integer overflow in memcached text protocol parser can crash the OBI process
and cause denial of service (bsc#1267489).
- CVE-2026-46595: golang.org/x/crypto/ssh: source-address validation is skipped if any other type of callback is passed
other than public key (bsc#1266196).
- CVE-2026-46597: golang.org/x/crypto/ssh: incorrectly placed cast from bytes to int in the AES-GCM packet decoder when
processing specially crafted input can lead to for server-side panic (bsc#1266196).
- CVE-2026-46598: golang.org/x/crypto/ssh: `ed25519.PrivateKey` created by casting malformed wire bytes due to
processing of certain crafted inputs can lead to panic when used (bsc#1266196).
Other updates and bugfixes:
- Version 1.17.0:
* Features
* Add GraphQL server and `gql` subcommand.
* `otelcol`: Add Nginx receiver.
* `otelcol.exporter.prometheus`: Convert classic histograms to NHCB.
* `database_observability`: Various enhancements for MySQL and Postgres.
* `faro.receiver`: Support gzip-compressed request bodies.
* Update to Beyla 3.9.8.
* Bug Fixes
* security: Update `x/crypto`, `x/net`, `jackc/pgx/v5`, and `obi`.
* cluster: Fix nodes failing to join the cluster with TLS enabled.
* `loki.process`: Fix potential deadlocks and limit stage shutdown.
* Update Go to v1.26.4.
- Version 1.16.3:
* cluster: Fix nodes failing to join the cluster when TLS is enabled.
- Version 1.16.2:
* `loki.process`: No longer mutate rules in `stage.truncate` causing every config update to reload pipeline when this
stage is used.
* `loki.process`: Potential deadlock on update with stage and receiver changes.
* `otelcol.exporter.awss3`: Add missing `unique_key_func_name` attribute.
- Remove dependency on vulnerable `yaml` library.
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1172=1
Package List:
- openSUSE Leap 16.0:
alloy-1.17.0-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2026-25680.html
* https://www.suse.com/security/cve/CVE-2026-25681.html
* https://www.suse.com/security/cve/CVE-2026-27136.html
* https://www.suse.com/security/cve/CVE-2026-33532.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39828.html
* https://www.suse.com/security/cve/CVE-2026-39829.html
* https://www.suse.com/security/cve/CVE-2026-39830.html
* https://www.suse.com/security/cve/CVE-2026-39831.html
* https://www.suse.com/security/cve/CVE-2026-39832.html
* https://www.suse.com/security/cve/CVE-2026-39833.html
* https://www.suse.com/security/cve/CVE-2026-39834.html
* https://www.suse.com/security/cve/CVE-2026-39835.html
* https://www.suse.com/security/cve/CVE-2026-41889.html
* https://www.suse.com/security/cve/CVE-2026-42502.html
* https://www.suse.com/security/cve/CVE-2026-42506.html
* https://www.suse.com/security/cve/CVE-2026-42508.html
* https://www.suse.com/security/cve/CVE-2026-44740.html
* https://www.suse.com/security/cve/CVE-2026-45678.html
* https://www.suse.com/security/cve/CVE-2026-45682.html
* https://www.suse.com/security/cve/CVE-2026-45685.html
* https://www.suse.com/security/cve/CVE-2026-45686.html
* https://www.suse.com/security/cve/CVE-2026-46595.html
* https://www.suse.com/security/cve/CVE-2026-46597.html
* https://www.suse.com/security/cve/CVE-2026-46598.html
openSUSE-SU-2026:21249-1: important: Security update for trivy
openSUSE security update: security update for trivy
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21249-1
Rating: important
References:
* bsc#1269269
* bsc#1269271
Cross-References:
* CVE-2026-54448
* CVE-2026-55092
CVSS scores:
* CVE-2026-54448 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-54448 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-55092 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-55092 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.
Description:
This update for trivy fixes the following issues
Update to version 0.72.0.
- CVE-2026-54448: tar unpacker reads scanned Helm chart archives (.tgz) with `io.ReadAll(tr)` and defines no size
limit, which can lead to a DoS (bsc#1269271).
- CVE-2026-55092: `org.opencontainers.image.title` annotation from OCI artifact manifest is used as a destination
filename without validation and can lead to arbitrary file writes (bsc#1269269).
Other updates and bugfixes:
- Version 0.72.0:
* feat(bottlerocket): add vulnerability matching for Bottlerocket OS (#10893)
* fix(misconf): support github_repository_vulnerability_alerts resource (#10680)
* feat(java): detect JAR licenses from packaged LICENSE files (#10856)
* fix(nodejs): parse project dependencies from multi-document pnpm-lock.yaml (#10861)
* fix(server): propagate package repository class in client/server mode (#10874)
* chore(deps): bump github.com/containerd/containerd/v2 from 2.3.1 to 2.3.2 (#10888)
* fix(vuln): fall back to UNKNOWN severity when vulnerability details are missing (#10795)
* feat(java): detect JAR licenses from the embedded pom.xml (#10851)
* chore(deps): Upgrade github.com/cenkalti/backoff to v6 (#10863)
* ci(helm): bump Trivy version to 0.71.2 for Trivy Helm Chart 0.23.2 (#10873)
* chore(deps): bump alpine to 3.24.1 (#10868)
* docs: fix article typo in plugin developer guide (#10860)
* feat(misconf): Adds CloudFront standard logging v2 support to AVD-AWS-0010 (#10848)
* docs: fix typos (#10857)
* fix(terraform): avoid data race on global getter.Getters in remote module resolver (#10843)
* feat(secret): support new stateless format for GitHub App installation tokens (#10826)
* fix: correct format verbs in diagnostic messages (#10805)
* ci(helm): bump Trivy version to 0.71.1 for Trivy Helm Chart 0.23.1 (#10845)
* refactor: use ParseErrorsAllowlist instead of ParseErrorsWhitelist (#10830)
* docs: fix repository scan heading typo (#10828)
* fix: forward ospkg detector options through ospkg.NewScanner (#10811)
* chore(deps): bump github.com/bufbuild/buf to v1.70.0 (#10801)
* fix(vex): load VEX documents from within the repository directory (#10820)
* ci!: migrate docker config to dockers_v2 (#10783)
* feat(dotnet): detect bundled runtime in self-contained deployments (#10786)
* feat(secret): add OpenAI secret detection rules (#10798)
* ci: expect GitHub App bot as backport PR author (#10813)
* fix: surface the original analysis error instead of context cancellation (#10793)
* chore(deps): bump the github-actions group across 1 directory with 11 updates (#10803)
* chore(deps): bump the common group with 4 updates (#10797)
* chore(deps): bump the aws group with 4 updates (#10796)
* fix: use random suffix for process temp directory instead of PID (#10431)
* docs: update signature verification for deb and rpm packages (#10784)
* fix(image): lookup origin layer for custom resources in merged layers (#10788)
* ci: bump GoReleaser to v2.16.0 (#10774)
* docs: fix broken nixpkgs reference link in installation guide (#10776)
* fix(image): deterministic OS package deduplication for images with embedded SBOMs (#10777)
* fix(spdx): guard against nil root component in SPDX marshaler (#10771)
* ci(helm): bump Trivy version to 0.71.0 for Trivy Helm Chart 0.23.0 (#10768)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1170=1
Package List:
- openSUSE Leap 16.0:
trivy-0.72.0-160000.1.1
References:
* https://www.suse.com/security/cve/CVE-2026-54448.html
* https://www.suse.com/security/cve/CVE-2026-55092.html
openSUSE-SU-2026:21247-1: important: Security update for docker-compose
openSUSE security update: security update for docker-compose
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21247-1
Rating: important
References:
* bsc#1239340
* bsc#1239766
* bsc#1265782
* bsc#1266625
Cross-References:
* CVE-2025-0495
* CVE-2025-22869
* CVE-2026-33814
* CVE-2026-39821
CVSS scores:
* CVE-2025-0495 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
* CVE-2025-0495 ( SUSE ): 4.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N
* CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22869 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 4 vulnerabilities and has 4 bug fixes can now be installed.
Description:
This update for docker-compose fixes the following issues
- CVE-2025-0495: buildx: credential leakage to telemetry endpoints when credentials allowed to be set as attribute
values in cache-to/cache-from configuration (bsc#1239766).
- CVE-2025-22869: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh
(bsc#1239340).
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265782).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege escalation (bsc#1266625).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1168=1
Package List:
- openSUSE Leap 16.0:
docker-compose-2.33.1-160000.5.1
References:
* https://www.suse.com/security/cve/CVE-2025-0495.html
* https://www.suse.com/security/cve/CVE-2025-22869.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
openSUSE-SU-2026:21242-1: important: Security update for assimp
openSUSE security update: security update for assimp
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21242-1
Rating: important
References:
* bsc#1251019
* bsc#1266996
* bsc#1266998
* bsc#1266999
* bsc#1267037
Cross-References:
* CVE-2025-11277
* CVE-2026-10197
* CVE-2026-10199
* CVE-2026-10200
* CVE-2026-10232
CVSS scores:
* CVE-2025-11277 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-11277 ( SUSE ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-10197 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-10197 ( SUSE ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-10199 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-10199 ( SUSE ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-10200 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-10200 ( SUSE ): 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-10232 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-10232 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed.
Description:
This update for assimp fixes the following issues
- CVE-2025-11277: large mWidth and mHeight dimensions can lead to integer overflow and a heap-based buffer overflow
(bsc#1251019).
- CVE-2026-10197: NULL pointer dereference in ImportEmbeddedTextures when mimeType lacks '/' (bsc#1266996).
- CVE-2026-10199: NULL pointer dereference in glTF2::LazyDict::operator[] due to unchecked node access in
ImportAnimations (bsc#1266998).
- CVE-2026-10200: [glTF] Heap-buffer-overflow in CopyValue() when parsing invalid 4x4 matrix with insufficient data
(bsc#1266999).
- CVE-2026-10232: heap use-after-free in aiNode::~aiNode due to invalid node tree when processing malformed ASE files
(bsc#1267037).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1163=1
Package List:
- openSUSE Leap 16.0:
assimp-devel-5.4.3-160000.4.1
libassimp5-5.4.3-160000.4.1
References:
* https://www.suse.com/security/cve/CVE-2025-11277.html
* https://www.suse.com/security/cve/CVE-2026-10197.html
* https://www.suse.com/security/cve/CVE-2026-10199.html
* https://www.suse.com/security/cve/CVE-2026-10200.html
* https://www.suse.com/security/cve/CVE-2026-10232.html
openSUSE-SU-2026:21244-1: important: Security update for podman
openSUSE security update: security update for podman
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21244-1
Rating: important
References:
* bsc#1262856
* bsc#1266125
Cross-References:
* CVE-2025-22869
* CVE-2025-47913
* CVE-2025-47914
* CVE-2025-52881
* CVE-2025-6032
* CVE-2025-9566
* CVE-2026-34986
* CVE-2026-39827
* CVE-2026-39828
* CVE-2026-39829
* CVE-2026-39830
* CVE-2026-39831
* CVE-2026-39832
* CVE-2026-39833
* CVE-2026-39834
* CVE-2026-39835
* CVE-2026-42508
* CVE-2026-46595
* CVE-2026-46597
* CVE-2026-46598
CVSS scores:
* CVE-2025-22869 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22869 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-47913 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-47914 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-47914 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-52881 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-52881 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-6032 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-6032 ( SUSE ): 9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-9566 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-9566 ( SUSE ): 7.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34986 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
* CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 20 vulnerabilities and has 2 bug fixes can now be installed.
Description:
This update for podman fixes the following issues
- CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input with a missing
encrypted key can lead to a denial of service (bsc#1262856).
- CVE-2026-39827: Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh (bsc#1266125).
- CVE-2026-39828: Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266125).
- CVE-2026-39829: Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266125).
- CVE-2026-39830: Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
(bsc#1266125).
- CVE-2026-39831: Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
(bsc#1266125).
- CVE-2026-39832: Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
(bsc#1266125).
- CVE-2026-39833: Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266125).
- CVE-2026-39834: Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266125).
- CVE-2026-39835: Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266125).
- CVE-2026-42508: Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
(bsc#1266125).
- CVE-2026-46595: Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
(bsc#1266125).
- CVE-2026-46597: Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266125).
- CVE-2026-46598: Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266125).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1165=1
Package List:
- openSUSE Leap 16.0:
podman-5.4.2-160000.5.1
podman-docker-5.4.2-160000.5.1
podman-remote-5.4.2-160000.5.1
podmansh-5.4.2-160000.5.1
References:
* https://www.suse.com/security/cve/CVE-2025-22869.html
* https://www.suse.com/security/cve/CVE-2025-47913.html
* https://www.suse.com/security/cve/CVE-2025-47914.html
* https://www.suse.com/security/cve/CVE-2025-52881.html
* https://www.suse.com/security/cve/CVE-2025-6032.html
* https://www.suse.com/security/cve/CVE-2025-9566.html
* https://www.suse.com/security/cve/CVE-2026-34986.html
* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39828.html
* https://www.suse.com/security/cve/CVE-2026-39829.html
* https://www.suse.com/security/cve/CVE-2026-39830.html
* https://www.suse.com/security/cve/CVE-2026-39831.html
* https://www.suse.com/security/cve/CVE-2026-39832.html
* https://www.suse.com/security/cve/CVE-2026-39833.html
* https://www.suse.com/security/cve/CVE-2026-39834.html
* https://www.suse.com/security/cve/CVE-2026-39835.html
* https://www.suse.com/security/cve/CVE-2026-42508.html
* https://www.suse.com/security/cve/CVE-2026-46595.html
* https://www.suse.com/security/cve/CVE-2026-46597.html
* https://www.suse.com/security/cve/CVE-2026-46598.html
openSUSE-SU-2026:21240-1: important: Security update for gstreamer-plugins-good
openSUSE security update: security update for gstreamer-plugins-good
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21240-1
Rating: important
References:
* bsc#1268449
Cross-References:
* CVE-2026-53705
CVSS scores:
* CVE-2026-53705 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves one vulnerability and has one bug fix can now be installed.
Description:
This update for gstreamer-plugins-good fixes the following issues:
- CVE-2026-53705: wavpackdec: Avoid integer overflow when calculating output buffer size and related fixes (bsc#1268449).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1161=1
Package List:
- openSUSE Leap 16.0:
gstreamer-plugins-good-1.26.7-160000.2.1
gstreamer-plugins-good-extra-1.26.7-160000.2.1
gstreamer-plugins-good-gtk-1.26.7-160000.2.1
gstreamer-plugins-good-jack-1.26.7-160000.2.1
gstreamer-plugins-good-lang-1.26.7-160000.2.1
gstreamer-plugins-good-qtqml6-1.26.7-160000.2.1
References:
* https://www.suse.com/security/cve/CVE-2026-53705.html
openSUSE-SU-2026:21239-1: important: Security update for python-msgpack
openSUSE security update: security update for python-msgpack
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21239-1
Rating: important
References:
* bsc#1269947
Cross-References:
* CVE-2026-57585
CVSS scores:
* CVE-2026-57585 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves one vulnerability and has one bug fix can now be installed.
Description:
This update for python-msgpack fixes the following issue
- CVE-2026-57585: reusing an Unpacker instance after an error has been caught can lead to an out-of-bounds read
(bsc#1269947).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1160=1
Package List:
- openSUSE Leap 16.0:
python313-msgpack-1.1.0-160000.3.1
References:
* https://www.suse.com/security/cve/CVE-2026-57585.html
openSUSE-SU-2026:21238-1: important: Security update for krb5
openSUSE security update: security update for krb5
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21238-1
Rating: important
References:
* bsc#1268131
Cross-References:
* CVE-2026-11850
CVSS scores:
* CVE-2026-11850 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves one vulnerability and has one bug fix can now be installed.
Description:
This update for krb5 fixes the following issue
- CVE-2026-11850: integer underflow in berval2tl_data() leads to heap out-of-bounds read (bsc#1268131).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1159=1
Package List:
- openSUSE Leap 16.0:
krb5-1.21.3-160000.4.1
krb5-client-1.21.3-160000.4.1
krb5-devel-1.21.3-160000.4.1
krb5-plugin-kdb-ldap-1.21.3-160000.4.1
krb5-plugin-preauth-otp-1.21.3-160000.4.1
krb5-plugin-preauth-pkinit-1.21.3-160000.4.1
krb5-plugin-preauth-spake-1.21.3-160000.4.1
krb5-server-1.21.3-160000.4.1
References:
* https://www.suse.com/security/cve/CVE-2026-11850.html
openSUSE-SU-2026:21235-1: important: Security update for apache2
openSUSE security update: security update for apache2
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21235-1
Rating: important
References:
* bsc#1267503
* bsc#1267955
* bsc#1267956
* bsc#1267962
* bsc#1267963
* bsc#1267965
* bsc#1267969
* bsc#1267970
* bsc#1267971
* bsc#1267972
* bsc#1267976
* bsc#1267977
* bsc#1267978
Cross-References:
* CVE-2026-29167
* CVE-2026-29170
* CVE-2026-34355
* CVE-2026-34356
* CVE-2026-42535
* CVE-2026-42536
* CVE-2026-43951
* CVE-2026-44119
* CVE-2026-44185
* CVE-2026-44186
* CVE-2026-44631
* CVE-2026-48913
* CVE-2026-49975
CVSS scores:
* CVE-2026-29167 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-29170 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-34355 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-34356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34356 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42535 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-42535 ( SUSE ): 7 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42536 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-42536 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-43951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-43951 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-44119 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-44119 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-44185 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-44186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-44186 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44631 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-44631 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-48913 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-48913 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-49975 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-49975 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 13 vulnerabilities and has 13 bug fixes can now be installed.
Description:
This update for apache2 fixes the following issues
- CVE-2026-29167: mod_ldap per-dir use-after-free (bsc#1267976).
- CVE-2026-29170: mod_proxy_ftp XSS (bsc#1267977).
- CVE-2026-34355: mod_proxy_html buffer overflow (bsc#1267978).
- CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow (bsc#1267955).
- CVE-2026-42535: malicious path manipulation can lead to child process crashes (bsc#1267956).
- CVE-2026-42536: processing untrusted content can lead to a heap-based buffer overflow (bsc#1267962).
- CVE-2026-43951: out-of-bound read in `merge_response_headers` can cause crash (bsc#1267963).
- CVE-2026-44119: improper privilege management can lead to an unauthorized read (bsc#1267965).
- CVE-2026-44185: Stack Buffer Over-Read in mod_ssl OCSP `send_request` (bsc#1267969).
- CVE-2026-44186: responses from an attacker-controlled FTP backend can lead to resource exhaustion and a denial of
service (bsc#1267970).
- CVE-2026-44631: crafted regular expression can lead to a buffer underwrite (bsc#1267971).
- CVE-2026-48913: file handle exhaustion during request processing in mod_http2 can lead to a use-after-free
(bsc#1267972).
- CVE-2026-49975: Fix cookie header accounting against LimitRequestFields (bsc#1267503).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1149=1
Package List:
- openSUSE Leap 16.0:
apache2-2.4.66-160000.3.1
apache2-devel-2.4.66-160000.3.1
apache2-event-2.4.66-160000.3.1
apache2-manual-2.4.66-160000.3.1
apache2-prefork-2.4.66-160000.3.1
apache2-utils-2.4.66-160000.3.1
apache2-worker-2.4.66-160000.3.1
References:
* https://www.suse.com/security/cve/CVE-2026-29167.html
* https://www.suse.com/security/cve/CVE-2026-29170.html
* https://www.suse.com/security/cve/CVE-2026-34355.html
* https://www.suse.com/security/cve/CVE-2026-34356.html
* https://www.suse.com/security/cve/CVE-2026-42535.html
* https://www.suse.com/security/cve/CVE-2026-42536.html
* https://www.suse.com/security/cve/CVE-2026-43951.html
* https://www.suse.com/security/cve/CVE-2026-44119.html
* https://www.suse.com/security/cve/CVE-2026-44185.html
* https://www.suse.com/security/cve/CVE-2026-44186.html
* https://www.suse.com/security/cve/CVE-2026-44631.html
* https://www.suse.com/security/cve/CVE-2026-48913.html
* https://www.suse.com/security/cve/CVE-2026-49975.html
openSUSE-SU-2026:0232-1: important: Security update for go-sendxmpp
openSUSE Security Update: Security update for go-sendxmpp
_______________________________
Announcement ID: openSUSE-SU-2026:0232-1
Rating: important
References: #1265538 #1266617
Cross-References: CVE-2026-1229 CVE-2026-39821
CVSS scores:
CVE-2026-1229 (SUSE): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
CVE-2026-39821 (SUSE): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for go-sendxmpp fixes the following issues:
Update to 0.16.0:
- CVE-2026-1229: circl: The CombinedMult function produces an incorrect
value (boo#1265538).
- CVE-2026-39821: net: Failure to reject ASCII-only Punycode-encoded
labels allows for validation bypass and privilege escalation
(boo#1266617).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-232=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):
go-sendxmpp-0.16.0-bp157.2.9.1
References:
https://www.suse.com/security/cve/CVE-2026-1229.html
https://www.suse.com/security/cve/CVE-2026-39821.html
https://bugzilla.suse.com/1265538
https://bugzilla.suse.com/1266617
openSUSE-SU-2026:0231-1: important: Security update for radare2
openSUSE Security Update: Security update for radare2
_______________________________
Announcement ID: openSUSE-SU-2026:0231-1
Rating: important
References: #1244121 #1262142 #1265403
Cross-References: CVE-2025-1378 CVE-2025-1744 CVE-2025-1864
CVE-2025-5641 CVE-2026-40499 CVE-2026-8695
CVSS scores:
CVE-2025-1378 (SUSE): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVE-2025-1744 (SUSE): 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2025-5641 (SUSE): 2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for radare2 fixes the following issues:
- switch to python311 for sle15 build
- CVE-2026-8695: Fix use-after-free in gdbr_threads_list() (boo#1265403)
- Update to version 6.1.4 (boo#1262142, CVE-2026-40499):
* Analysis: improve autoname scoring, jmptbl detection, and performance
* Add callargs modifier, rnum expressions, and typed function context
* Refactor autoname into plugin; extend RAnalPlugin hooks
* Fix leaks, overflows, and command injection in analysis scripts
* Improve string detection, wide strings, and switch/case analysis
* Arch: fix v850/nds32 ESIL, optimize to O(1), improve pseudo support
* Cache capstone options and improve multi-arch disassembly
* ASM: add camel syntax support, unify via RArch API
* Bin: major parser fixes (ELF, Mach-O, PE, DEX, PDB, WAD, XCOFF)
* Fix leaks, OOB reads/writes, overflows, and improve bounds checks
* Improve Swift demangling, ARM hints, relocations, and imports
* Add nds32 reloc support and optimize kernelcache parsing
* Build: install to lib64, fix illumos and packaging issues
* CI: add GitHub Actions and FilC builds
* Console: fix multiple overflows, OOB issues, and improve performance
* Core: API renames, plugin load order, sandbox/config fixes
* Crash: extensive fixes (UAF, OOB, overflows, injections, fuzz bugs)
* Harden ELF, PDB, kernelcache, regex, disassemblers, and webserver
* Debug: improve ptrace, winkd support, breakpoints, checkpoints
* Disasm: cache flag lookups for performance
* FS/IO: fix leaks, bounds, sparse IO, and device handling
* HTTP/socket: webserver fixes and SSL fallback handling
* Print/projects: improve formatting, endian handling, project metadata
* Pseudo: add while/switch support and cleaner control flow
* Search/shell: improve commands, parsing, and usability
* Security: fix widespread command injection and sandbox escapes
* Tests/tools: improve r2r, CLI tools, fuzzing, and plugin support
* Types/util: parsing improvements, JSON/base64 updates, optimizations
* Visual: fix UAF/leaks, improve panels and UX
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.1.4
- Update to version 6.1.2:
* Analysis: preserve timeouts, improve bb/jmptbl validation and limits
* Optimize string detection and hot-path functions
* Add APIs for function signatures, vars limits, and instruction hints
* Fix overlapped functions, invalid code checks, and large bb handling
* API: remove deprecated librmagic/filetype APIs and name filter
* Arch: fix Thumb/endianness issues, add Python pseudo plugin
* ASM: unify settings via RArch, fix directives, add bf pseudo plugin
* Bin: improve ELF/Mach-O stripped detection and parsing safety
* Harden Mach-O bounds, optimize kernelcache and XNU parsing
* Fix many leaks (DEX, demangler, parsers) and infinite loops
* Improve DWARF handling and symbol/type extraction
* Build: improve meson, toolchains, and add ISO/docker support
* Console: preserve timeout, fix themes and UTF-8 handling
* Core: fix config bugs, improve startup and addressing support
* Crash: fix UAF, OOB, race conditions, regex bugs, and overflows
* Add safety checks across dotnet, Mach-O, DWARF, and webserver
* Debug/ESIL: safer execution and divide-by-zero handling
* FS/IO: fix HFS+, dyldcache speedups, safer zip handling
* Graph: add bb size limit option
* Print: merge commands, improve UTF-8 and formatting
* Projects/tools: new configs, plugin support, CLI improvements
* Search: faster analysis search and block buffering
* Shell: improve grep/macros and file operations
* Types: lazy-load, cache, and improve parsing (varargs, structs)
* Tests: expand fuzzing and test suites
* General cleanup, performance tuning, and safety improvements
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.1.4
- Update to version 6.1.0:
* Reimplement RBufRef using RRef; fix RLibDelHandler API
* Remove stale JAY code; improve analysis performance and CI speed
* Optimize type propagation, jump tables, and plugin integration
* Fix infinite loops, antidisasm tricks, and function autonaming
* Add new analysis options and trace import plugin (DRCOV)
* Improve RCore seek operations and naming APIs
* API: add RNum.getErr, enforce safe alloc macros, new helpers
* Arch: update ARC disasm, refactor sessions, remove unsafe string ops
* ASM: improve x86 validation, add CIL and ARC pseudo plugins
* Bin: major fixes for PE, ELF, Java, MDMP, LE, DEX; reduce memory use
* Add/import DWARF types, improve relocations and symbol handling
* Extensive memory leak fixes and parser hardening across formats
* Improve string handling, caching, and zero-copy optimizations
* Build: improve meson, remove zip deps, add 3rd-party plugin support
* Console: fix UTF-8 graphs and color propagation
* Core: improve plugin handling and background task stability
* Crash: fix multiple UAF, OOB, overflows, and injection issues
* Sanitize inputs (function names, demangler, callconv)
* Debug: add source breakpoints, ARM64/XNU support, FPU regs
* Disasm: improve string handling, comments, and color logic
* ESIL: extend x86 FPU emulation
* FS/IO: fixes and plugin reorganizations
* HTTP: fix sandbox webserver issues
* Hash/tools: minor fixes and output improvements
* General cleanup, safety checks, and performance optimizations
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.1.0
- Update to version 6.0.8:
* Migrate r_vector to RVec across core components
* Refactor and optimize type propagation (now plugin-based)
* Remove redundant anal.a2f and related duplication
* Improve caching, memoization, and performance in analysis
* Fix file corruption, null asserts, and command issues
* Enhance x86 (AT&T syntax, enter instruction) and z80 support
* Add initial .NET (CIL) disasm/asm support
* Improve Java, ELF, Mach-O, APK, and PDB handling
* Fix demangling, symbols, and relocation issues
* Resolve multiple memory leaks and parser bugs
* Fix UAF, OOB, overflows, and command injection vulnerabilities
* Improve GDB debugging and breakpoint handling
* Enhance disassembly visuals and color options
* Update ESIL operators and behavior
* Add support for APFS, GPT, BSD, APM partitions
* Improve IO handling and add new plugins
* Optimize performance (strbuf, memory usage)
* Improve console UI, themes, and terminal handling
* Refine SDK builds and CI pipelines
* Improve CLI tools (rabin2, rasm2, rafs2)
* Add JSON support and better help/version info
* Expand type parsing (typedef, enum, union)
* Improve socket/HTTP handling and downloads
* Add and refine tests and reporting
* General cleanup, safety checks, and code modernization
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.0.8
- Expand %{bindir}/*
- Rename sdb.1 man page to r2sdb.1 to avoid conflict with snobol4
- Fix patch pkgconfig.patch to be -p1-able
- Update to version 6.0.7:
* shell: Fix parsing r2 -H$(VARNAME) without a space
- Update to version 6.0.6:
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.0.6
- Update to version 6.0.4:
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.0.4
- Update to version 6.0.2:
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.0.2
- Add missing sub directories for r_util.h and r_muta.h
otherwise it might fails in calling r2pm -ci
- Correct library package nameing scheme to make it build also on x86_64
on 15.6 and 15.7
- Update to version 6.0.0:
* ABI changes: ~ RCorePlugins now have a session ~ Finish the RKons
refactoring, all r_cons calls take instance instead of global ~ Rename
RCrypto to RMuta ~ Use RCons instance from RLine ~ Rename
RIOPlugin.widget to RIOPlugin.data ~ Refactor the RRegAlias api ~
Camelcase all the RCoreBind methods
* Breaking API changes: ~ Boolify r_cons_rgb_parse ~ Add
RLogLevel.fromString() and use it from -e log.level=? ~ Deprecate
r_bin_addr2line ~ Rename RBinDbgItem into RBinAddrline ~ RNumCalc is
now known as RNumMath ~ Move RFlagItem.alias into the Meta ~ Rename
core->offset into core->addr (asm.offset and more!) ~ Rename
RFlagItem.offset -> addr
* API changes: ~ Boolify r_cons_rgb_parse ~ Add RLogLevel.fromString()
and use it from -e log.level=? ~ Deprecate r_bin_addr2line ~ Rename
RBinDbgItem into RBinAddrline ~ RNumCalc is now known as RNumMath ~
Move RFlagItem.alias into the Meta ~ Rename core->offset into
core->addr (asm.offset and more!) ~ Rename RFlagItem.offset -> addr ~
Deprecate RLang.list() ~ Unified function to jsonify the plugin meta +
more fields ~ Redesign the REvent API
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.0.0
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-231=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):
libsdb2_4_2-6.1.4-bp157.5.3.5
radare2-6.1.4-bp157.5.3.5
radare2-devel-6.1.4-bp157.5.3.5
- openSUSE Backports SLE-15-SP7 (noarch):
radare2-zsh-completion-6.1.4-bp157.5.3.5
References:
https://www.suse.com/security/cve/CVE-2025-1378.html
https://www.suse.com/security/cve/CVE-2025-1744.html
https://www.suse.com/security/cve/CVE-2025-1864.html
https://www.suse.com/security/cve/CVE-2025-5641.html
https://www.suse.com/security/cve/CVE-2026-40499.html
https://www.suse.com/security/cve/CVE-2026-8695.html
https://bugzilla.suse.com/1244121
https://bugzilla.suse.com/1262142
https://bugzilla.suse.com/1265403
SUSE-SU-2026:2785-1: moderate: Security update for systemd, systemd-mini
# Security update for systemd, systemd-mini
Announcement ID: SUSE-SU-2026:2785-1
Release Date: 2026-07-08T06:48:14Z
Rating: moderate
References:
* bsc#1261400
* bsc#1261982
* bsc#1261983
* bsc#1267647
Cross-References:
* CVE-2026-40226
CVSS scores:
* CVE-2026-40226 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40226 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-40226 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
An update that solves one vulnerability and has three security fixes can now be
installed.
## Description:
This update for systemd, systemd-mini fixes the following issue
Security issues fixed:
* CVE-2026-40226: nspawn: escape-to-host via malformed optional config file
(bsc#1261400).
Other updates and bugfixes:
* Import commit eba1930de8 (bsc#1267647).
* Import commit 5d46cdd987 (bsc#1261982 bsc#1261983).
* Import commit ac1173932c (bsc#1261982).
* Import commit c7f3e89374 (bsc#1261983).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-2785=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-2785=1
* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-2785=1
## Package List:
* openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64)
* systemd-sysvinit-246.16-150300.7.74.1
* systemd-mini-246.16-150300.7.74.1
* udev-mini-246.16-150300.7.74.1
* systemd-portable-246.16-150300.7.74.1
* systemd-mini-devel-246.16-150300.7.74.1
* systemd-coredump-debuginfo-246.16-150300.7.74.1
* systemd-container-246.16-150300.7.74.1
* nss-mymachines-debuginfo-246.16-150300.7.74.1
* udev-mini-debuginfo-246.16-150300.7.74.1
* udev-debuginfo-246.16-150300.7.74.1
* systemd-network-debuginfo-246.16-150300.7.74.1
* systemd-mini-debuginfo-246.16-150300.7.74.1
* nss-systemd-debuginfo-246.16-150300.7.74.1
* libudev1-debuginfo-246.16-150300.7.74.1
* systemd-coredump-246.16-150300.7.74.1
* libsystemd0-mini-246.16-150300.7.74.1
* systemd-devel-246.16-150300.7.74.1
* nss-resolve-246.16-150300.7.74.1
* libudev-devel-246.16-150300.7.74.1
* libsystemd0-mini-debuginfo-246.16-150300.7.74.1
* nss-myhostname-246.16-150300.7.74.1
* systemd-246.16-150300.7.74.1
* libsystemd0-debuginfo-246.16-150300.7.74.1
* systemd-mini-sysvinit-246.16-150300.7.74.1
* systemd-doc-246.16-150300.7.74.1
* systemd-mini-container-246.16-150300.7.74.1
* udev-246.16-150300.7.74.1
* nss-systemd-246.16-150300.7.74.1
* libudev-mini1-246.16-150300.7.74.1
* systemd-network-246.16-150300.7.74.1
* nss-resolve-debuginfo-246.16-150300.7.74.1
* systemd-debuginfo-246.16-150300.7.74.1
* nss-mymachines-246.16-150300.7.74.1
* systemd-journal-remote-246.16-150300.7.74.1
* nss-myhostname-debuginfo-246.16-150300.7.74.1
* libudev-mini-devel-246.16-150300.7.74.1
* systemd-debugsource-246.16-150300.7.74.1
* systemd-mini-container-debuginfo-246.16-150300.7.74.1
* systemd-logger-246.16-150300.7.74.1
* libudev-mini1-debuginfo-246.16-150300.7.74.1
* libsystemd0-246.16-150300.7.74.1
* systemd-journal-remote-debuginfo-246.16-150300.7.74.1
* libudev1-246.16-150300.7.74.1
* systemd-container-debuginfo-246.16-150300.7.74.1
* systemd-mini-debugsource-246.16-150300.7.74.1
* systemd-portable-debuginfo-246.16-150300.7.74.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* libsystemd0-64bit-debuginfo-246.16-150300.7.74.1
* libsystemd0-64bit-246.16-150300.7.74.1
* libudev-devel-64bit-246.16-150300.7.74.1
* nss-mymachines-64bit-246.16-150300.7.74.1
* nss-myhostname-64bit-246.16-150300.7.74.1
* nss-mymachines-64bit-debuginfo-246.16-150300.7.74.1
* systemd-64bit-246.16-150300.7.74.1
* nss-myhostname-64bit-debuginfo-246.16-150300.7.74.1
* libudev1-64bit-debuginfo-246.16-150300.7.74.1
* libudev1-64bit-246.16-150300.7.74.1
* systemd-64bit-debuginfo-246.16-150300.7.74.1
* openSUSE Leap 15.3 (x86_64)
* libsystemd0-32bit-246.16-150300.7.74.1
* libudev1-32bit-246.16-150300.7.74.1
* libudev-devel-32bit-246.16-150300.7.74.1
* nss-mymachines-32bit-246.16-150300.7.74.1
* nss-myhostname-32bit-246.16-150300.7.74.1
* systemd-32bit-debuginfo-246.16-150300.7.74.1
* libsystemd0-32bit-debuginfo-246.16-150300.7.74.1
* nss-mymachines-32bit-debuginfo-246.16-150300.7.74.1
* systemd-32bit-246.16-150300.7.74.1
* nss-myhostname-32bit-debuginfo-246.16-150300.7.74.1
* libudev1-32bit-debuginfo-246.16-150300.7.74.1
* openSUSE Leap 15.3 (noarch)
* systemd-lang-246.16-150300.7.74.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* systemd-sysvinit-246.16-150300.7.74.1
* systemd-debugsource-246.16-150300.7.74.1
* systemd-246.16-150300.7.74.1
* libsystemd0-debuginfo-246.16-150300.7.74.1
* libsystemd0-246.16-150300.7.74.1
* udev-246.16-150300.7.74.1
* systemd-container-246.16-150300.7.74.1
* systemd-journal-remote-debuginfo-246.16-150300.7.74.1
* libudev1-246.16-150300.7.74.1
* udev-debuginfo-246.16-150300.7.74.1
* systemd-container-debuginfo-246.16-150300.7.74.1
* systemd-debuginfo-246.16-150300.7.74.1
* libudev1-debuginfo-246.16-150300.7.74.1
* systemd-journal-remote-246.16-150300.7.74.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* systemd-sysvinit-246.16-150300.7.74.1
* systemd-debugsource-246.16-150300.7.74.1
* systemd-246.16-150300.7.74.1
* libsystemd0-debuginfo-246.16-150300.7.74.1
* libsystemd0-246.16-150300.7.74.1
* udev-246.16-150300.7.74.1
* systemd-container-246.16-150300.7.74.1
* systemd-journal-remote-debuginfo-246.16-150300.7.74.1
* libudev1-246.16-150300.7.74.1
* udev-debuginfo-246.16-150300.7.74.1
* systemd-container-debuginfo-246.16-150300.7.74.1
* systemd-debuginfo-246.16-150300.7.74.1
* libudev1-debuginfo-246.16-150300.7.74.1
* systemd-journal-remote-246.16-150300.7.74.1
## References:
* https://www.suse.com/security/cve/CVE-2026-40226.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261400
* https://bugzilla.suse.com/show_bug.cgi?id=1261982
* https://bugzilla.suse.com/show_bug.cgi?id=1261983
* https://bugzilla.suse.com/show_bug.cgi?id=1267647
SUSE-SU-2026:2789-1: important: Security update for xorg-x11-server
# Security update for xorg-x11-server
Announcement ID: SUSE-SU-2026:2789-1
Release Date: 2026-07-08T07:29:10Z
Rating: important
References:
* bsc#1268893
* bsc#1268894
Cross-References:
* CVE-2026-55999
* CVE-2026-56000
CVSS scores:
* CVE-2026-55999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-55999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-55999 ( NVD ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-56000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-56000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-56000 ( NVD ): 9.0
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves two vulnerabilities can now be installed.
## Description:
This update for xorg-x11-server fixes the following issues
* CVE-2026-55999: missing bounds check in `glamor_font_get` can lead to a heap
buffer overflow when a font loaded from a malicious PCF file is processed
(bsc#1268893).
* CVE-2026-56000: improper memory management in `CommonMakeCurrent` can lead
to a heap use-after-free when an interaction with a malicious client
creating GLX contexts happens (bsc#1268894).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2789=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2789=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2789=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2789=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2789=1
## Package List:
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* xorg-x11-server-extra-debuginfo-1.20.3-150400.38.74.1
* xorg-x11-server-1.20.3-150400.38.74.1
* xorg-x11-server-sdk-1.20.3-150400.38.74.1
* xorg-x11-server-debuginfo-1.20.3-150400.38.74.1
* xorg-x11-server-extra-1.20.3-150400.38.74.1
* xorg-x11-server-debugsource-1.20.3-150400.38.74.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* xorg-x11-server-source-1.20.3-150400.38.74.1
* xorg-x11-server-extra-debuginfo-1.20.3-150400.38.74.1
* xorg-x11-server-1.20.3-150400.38.74.1
* xorg-x11-server-sdk-1.20.3-150400.38.74.1
* xorg-x11-server-debuginfo-1.20.3-150400.38.74.1
* xorg-x11-server-extra-1.20.3-150400.38.74.1
* xorg-x11-server-debugsource-1.20.3-150400.38.74.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-extra-debuginfo-1.20.3-150400.38.74.1
* xorg-x11-server-1.20.3-150400.38.74.1
* xorg-x11-server-sdk-1.20.3-150400.38.74.1
* xorg-x11-server-debuginfo-1.20.3-150400.38.74.1
* xorg-x11-server-extra-1.20.3-150400.38.74.1
* xorg-x11-server-debugsource-1.20.3-150400.38.74.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* xorg-x11-server-extra-debuginfo-1.20.3-150400.38.74.1
* xorg-x11-server-1.20.3-150400.38.74.1
* xorg-x11-server-sdk-1.20.3-150400.38.74.1
* xorg-x11-server-debuginfo-1.20.3-150400.38.74.1
* xorg-x11-server-extra-1.20.3-150400.38.74.1
* xorg-x11-server-debugsource-1.20.3-150400.38.74.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* xorg-x11-server-extra-debuginfo-1.20.3-150400.38.74.1
* xorg-x11-server-1.20.3-150400.38.74.1
* xorg-x11-server-sdk-1.20.3-150400.38.74.1
* xorg-x11-server-debuginfo-1.20.3-150400.38.74.1
* xorg-x11-server-extra-1.20.3-150400.38.74.1
* xorg-x11-server-debugsource-1.20.3-150400.38.74.1
## References:
* https://www.suse.com/security/cve/CVE-2026-55999.html
* https://www.suse.com/security/cve/CVE-2026-56000.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268893
* https://bugzilla.suse.com/show_bug.cgi?id=1268894
SUSE-SU-2026:2791-1: important: Security update for xorg-x11-server
# Security update for xorg-x11-server
Announcement ID: SUSE-SU-2026:2791-1
Release Date: 2026-07-08T07:33:14Z
Rating: important
References:
* bsc#1268893
* bsc#1268894
Cross-References:
* CVE-2026-55999
* CVE-2026-56000
CVSS scores:
* CVE-2026-55999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-55999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-55999 ( NVD ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-56000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-56000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-56000 ( NVD ): 9.0
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves two vulnerabilities can now be installed.
## Description:
This update for xorg-x11-server fixes the following issues
* CVE-2026-55999: missing bounds check in `glamor_font_get` can lead to a heap
buffer overflow when a font loaded from a malicious PCF file is processed
(bsc#1268893).
* CVE-2026-56000: improper memory management in `CommonMakeCurrent` can lead
to a heap use-after-free when an interaction with a malicious client
creating GLX contexts happens (bsc#1268894).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2791=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2791=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2791=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2791=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2791=1
## Package List:
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.52.1
* xorg-x11-server-Xvfb-21.1.4-150500.7.52.1
* xorg-x11-server-debuginfo-21.1.4-150500.7.52.1
* xorg-x11-server-sdk-21.1.4-150500.7.52.1
* xorg-x11-server-debugsource-21.1.4-150500.7.52.1
* xorg-x11-server-extra-21.1.4-150500.7.52.1
* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.52.1
* xorg-x11-server-21.1.4-150500.7.52.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.52.1
* xorg-x11-server-Xvfb-21.1.4-150500.7.52.1
* xorg-x11-server-debuginfo-21.1.4-150500.7.52.1
* xorg-x11-server-debugsource-21.1.4-150500.7.52.1
* xorg-x11-server-sdk-21.1.4-150500.7.52.1
* xorg-x11-server-extra-21.1.4-150500.7.52.1
* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.52.1
* xorg-x11-server-21.1.4-150500.7.52.1
* openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64)
* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.52.1
* xorg-x11-server-Xvfb-21.1.4-150500.7.52.1
* xorg-x11-server-debuginfo-21.1.4-150500.7.52.1
* xorg-x11-server-debugsource-21.1.4-150500.7.52.1
* xorg-x11-server-sdk-21.1.4-150500.7.52.1
* xorg-x11-server-source-21.1.4-150500.7.52.1
* xorg-x11-server-extra-21.1.4-150500.7.52.1
* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.52.1
* xorg-x11-server-21.1.4-150500.7.52.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.52.1
* xorg-x11-server-Xvfb-21.1.4-150500.7.52.1
* xorg-x11-server-debuginfo-21.1.4-150500.7.52.1
* xorg-x11-server-sdk-21.1.4-150500.7.52.1
* xorg-x11-server-debugsource-21.1.4-150500.7.52.1
* xorg-x11-server-extra-21.1.4-150500.7.52.1
* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.52.1
* xorg-x11-server-21.1.4-150500.7.52.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.52.1
* xorg-x11-server-Xvfb-21.1.4-150500.7.52.1
* xorg-x11-server-debuginfo-21.1.4-150500.7.52.1
* xorg-x11-server-sdk-21.1.4-150500.7.52.1
* xorg-x11-server-debugsource-21.1.4-150500.7.52.1
* xorg-x11-server-extra-21.1.4-150500.7.52.1
* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.52.1
* xorg-x11-server-21.1.4-150500.7.52.1
## References:
* https://www.suse.com/security/cve/CVE-2026-55999.html
* https://www.suse.com/security/cve/CVE-2026-56000.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268893
* https://bugzilla.suse.com/show_bug.cgi?id=1268894
SUSE-SU-2026:2786-1: important: Security update for xorg-x11-server
# Security update for xorg-x11-server
Announcement ID: SUSE-SU-2026:2786-1
Release Date: 2026-07-08T07:16:51Z
Rating: important
References:
* bsc#1268893
* bsc#1268894
Cross-References:
* CVE-2026-55999
* CVE-2026-56000
CVSS scores:
* CVE-2026-55999 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-55999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-55999 ( NVD ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-56000 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-56000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-56000 ( NVD ): 9.0
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves two vulnerabilities can now be installed.
## Description:
This update for xorg-x11-server fixes the following issues
* CVE-2026-55999: missing bounds check in `glamor_font_get` can lead to a heap
buffer overflow when a font loaded from a malicious PCF file is processed
(bsc#1268893).
* CVE-2026-56000: improper memory management in `CommonMakeCurrent` can lead
to a heap use-after-free when an interaction with a malicious client
creating GLX contexts happens (bsc#1268894).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2786=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2786=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2786=1
## Package List:
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* xorg-x11-server-sdk-21.1.11-150600.5.31.1
* xorg-x11-server-extra-debuginfo-21.1.11-150600.5.31.1
* xorg-x11-server-extra-21.1.11-150600.5.31.1
* xorg-x11-server-Xvfb-debuginfo-21.1.11-150600.5.31.1
* xorg-x11-server-debugsource-21.1.11-150600.5.31.1
* xorg-x11-server-debuginfo-21.1.11-150600.5.31.1
* xorg-x11-server-21.1.11-150600.5.31.1
* xorg-x11-server-Xvfb-21.1.11-150600.5.31.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* xorg-x11-server-sdk-21.1.11-150600.5.31.1
* xorg-x11-server-extra-debuginfo-21.1.11-150600.5.31.1
* xorg-x11-server-extra-21.1.11-150600.5.31.1
* xorg-x11-server-Xvfb-debuginfo-21.1.11-150600.5.31.1
* xorg-x11-server-debugsource-21.1.11-150600.5.31.1
* xorg-x11-server-debuginfo-21.1.11-150600.5.31.1
* xorg-x11-server-21.1.11-150600.5.31.1
* xorg-x11-server-source-21.1.11-150600.5.31.1
* xorg-x11-server-Xvfb-21.1.11-150600.5.31.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* xorg-x11-server-sdk-21.1.11-150600.5.31.1
* xorg-x11-server-extra-debuginfo-21.1.11-150600.5.31.1
* xorg-x11-server-Xvfb-debuginfo-21.1.11-150600.5.31.1
* xorg-x11-server-extra-21.1.11-150600.5.31.1
* xorg-x11-server-debugsource-21.1.11-150600.5.31.1
* xorg-x11-server-debuginfo-21.1.11-150600.5.31.1
* xorg-x11-server-21.1.11-150600.5.31.1
* xorg-x11-server-Xvfb-21.1.11-150600.5.31.1
## References:
* https://www.suse.com/security/cve/CVE-2026-55999.html
* https://www.suse.com/security/cve/CVE-2026-56000.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268893
* https://bugzilla.suse.com/show_bug.cgi?id=1268894
openSUSE-SU-2026:0233-1: critical: Security update for chromium
openSUSE Security Update: Security update for chromium
_______________________________
Announcement ID: openSUSE-SU-2026:0233-1
Rating: critical
References: #1269061 #1270051
Cross-References: CVE-2026-13774 CVE-2026-13775 CVE-2026-13776
CVE-2026-13777 CVE-2026-13778 CVE-2026-13779
CVE-2026-13780 CVE-2026-13781 CVE-2026-13782
CVE-2026-13783 CVE-2026-13784 CVE-2026-13785
CVE-2026-13786 CVE-2026-13787 CVE-2026-13788
CVE-2026-13790 CVE-2026-13791 CVE-2026-13792
CVE-2026-13793 CVE-2026-13794 CVE-2026-13795
CVE-2026-13796 CVE-2026-13797 CVE-2026-13798
CVE-2026-13799 CVE-2026-13800 CVE-2026-13801
CVE-2026-13802 CVE-2026-13803 CVE-2026-13804
CVE-2026-13805 CVE-2026-13806 CVE-2026-13807
CVE-2026-13808 CVE-2026-13809 CVE-2026-13810
CVE-2026-13811 CVE-2026-13812 CVE-2026-13813
CVE-2026-13814 CVE-2026-13815 CVE-2026-13816
CVE-2026-13817 CVE-2026-13818 CVE-2026-13819
CVE-2026-13820 CVE-2026-13821 CVE-2026-13822
CVE-2026-13823 CVE-2026-13824 CVE-2026-13825
CVE-2026-13826 CVE-2026-13827 CVE-2026-13828
CVE-2026-13829 CVE-2026-13830 CVE-2026-13831
CVE-2026-13832 CVE-2026-13833 CVE-2026-13834
CVE-2026-13835 CVE-2026-13836 CVE-2026-13837
CVE-2026-13838 CVE-2026-13839 CVE-2026-13840
CVE-2026-13841 CVE-2026-13842 CVE-2026-13843
CVE-2026-13844 CVE-2026-13845 CVE-2026-13846
CVE-2026-13847 CVE-2026-13848 CVE-2026-13849
CVE-2026-13850 CVE-2026-13851 CVE-2026-13852
CVE-2026-13853 CVE-2026-13854 CVE-2026-13855
CVE-2026-13856 CVE-2026-13857 CVE-2026-13858
CVE-2026-13859 CVE-2026-13860 CVE-2026-13861
CVE-2026-13862 CVE-2026-13863 CVE-2026-13864
CVE-2026-13865 CVE-2026-13866 CVE-2026-13867
CVE-2026-13868 CVE-2026-13869 CVE-2026-13870
CVE-2026-13871 CVE-2026-13872 CVE-2026-13873
CVE-2026-13874 CVE-2026-13875 CVE-2026-13876
CVE-2026-13877 CVE-2026-13878 CVE-2026-13879
CVE-2026-13880 CVE-2026-13881 CVE-2026-13882
CVE-2026-13883 CVE-2026-13884 CVE-2026-13885
CVE-2026-13886 CVE-2026-13887 CVE-2026-13888
CVE-2026-13889 CVE-2026-13890 CVE-2026-13891
CVE-2026-13892 CVE-2026-13893 CVE-2026-13894
CVE-2026-13895 CVE-2026-13896 CVE-2026-13897
CVE-2026-13898 CVE-2026-13899 CVE-2026-13900
CVE-2026-13901 CVE-2026-13902 CVE-2026-13903
CVE-2026-13904 CVE-2026-13905 CVE-2026-13906
CVE-2026-13907 CVE-2026-13908 CVE-2026-13909
CVE-2026-13910 CVE-2026-13911 CVE-2026-13912
CVE-2026-13913 CVE-2026-13914 CVE-2026-13915
CVE-2026-13916 CVE-2026-13917 CVE-2026-13918
CVE-2026-13919 CVE-2026-13920 CVE-2026-13921
CVE-2026-13922 CVE-2026-13923 CVE-2026-13924
CVE-2026-13925 CVE-2026-13926 CVE-2026-13927
CVE-2026-13928 CVE-2026-13929 CVE-2026-13930
CVE-2026-13931 CVE-2026-13932 CVE-2026-13933
CVE-2026-13934 CVE-2026-13935 CVE-2026-13936
CVE-2026-13937 CVE-2026-13938 CVE-2026-13939
CVE-2026-13940 CVE-2026-13941 CVE-2026-13942
CVE-2026-13943 CVE-2026-13944 CVE-2026-13945
CVE-2026-13946 CVE-2026-13947 CVE-2026-13948
CVE-2026-13949 CVE-2026-13950 CVE-2026-13951
CVE-2026-13952 CVE-2026-13953 CVE-2026-13954
CVE-2026-13955 CVE-2026-13956 CVE-2026-13957
CVE-2026-13958 CVE-2026-13959 CVE-2026-13960
CVE-2026-13961 CVE-2026-13962 CVE-2026-13963
CVE-2026-13964 CVE-2026-13965 CVE-2026-13966
CVE-2026-13967 CVE-2026-13968 CVE-2026-13969
CVE-2026-13970 CVE-2026-13971 CVE-2026-13972
CVE-2026-13973 CVE-2026-13974 CVE-2026-13975
CVE-2026-13976 CVE-2026-13977 CVE-2026-13978
CVE-2026-13979 CVE-2026-13980 CVE-2026-13981
CVE-2026-13982 CVE-2026-13983 CVE-2026-13984
CVE-2026-13985 CVE-2026-13986 CVE-2026-13987
CVE-2026-13988 CVE-2026-13989 CVE-2026-13990
CVE-2026-13991 CVE-2026-13992 CVE-2026-13993
CVE-2026-13994 CVE-2026-13995 CVE-2026-13996
CVE-2026-13997 CVE-2026-13998 CVE-2026-13999
CVE-2026-14000 CVE-2026-14001 CVE-2026-14002
CVE-2026-14003 CVE-2026-14004 CVE-2026-14005
CVE-2026-14006 CVE-2026-14007 CVE-2026-14008
CVE-2026-14009 CVE-2026-14010 CVE-2026-14011
CVE-2026-14012 CVE-2026-14013 CVE-2026-14014
CVE-2026-14015 CVE-2026-14016 CVE-2026-14017
CVE-2026-14018 CVE-2026-14019 CVE-2026-14020
CVE-2026-14021 CVE-2026-14022 CVE-2026-14023
CVE-2026-14024 CVE-2026-14025 CVE-2026-14026
CVE-2026-14027 CVE-2026-14028 CVE-2026-14030
CVE-2026-14031 CVE-2026-14032 CVE-2026-14033
CVE-2026-14034 CVE-2026-14035 CVE-2026-14036
CVE-2026-14037 CVE-2026-14038 CVE-2026-14039
CVE-2026-14040 CVE-2026-14041 CVE-2026-14042
CVE-2026-14043 CVE-2026-14044 CVE-2026-14045
CVE-2026-14046 CVE-2026-14047 CVE-2026-14048
CVE-2026-14049 CVE-2026-14050 CVE-2026-14051
CVE-2026-14052 CVE-2026-14053 CVE-2026-14054
CVE-2026-14055 CVE-2026-14056 CVE-2026-14057
CVE-2026-14058 CVE-2026-14059 CVE-2026-14060
CVE-2026-14061 CVE-2026-14062 CVE-2026-14063
CVE-2026-14064 CVE-2026-14065 CVE-2026-14066
CVE-2026-14067 CVE-2026-14068 CVE-2026-14069
CVE-2026-14070 CVE-2026-14071 CVE-2026-14072
CVE-2026-14073 CVE-2026-14074 CVE-2026-14075
CVE-2026-14076 CVE-2026-14077 CVE-2026-14078
CVE-2026-14079 CVE-2026-14080 CVE-2026-14081
CVE-2026-14082 CVE-2026-14083 CVE-2026-14084
CVE-2026-14085 CVE-2026-14086 CVE-2026-14087
CVE-2026-14088 CVE-2026-14089 CVE-2026-14090
CVE-2026-14091 CVE-2026-14092 CVE-2026-14093
CVE-2026-14094 CVE-2026-14095 CVE-2026-14096
CVE-2026-14097 CVE-2026-14098 CVE-2026-14099
CVE-2026-14100 CVE-2026-14101 CVE-2026-14102
CVE-2026-14103 CVE-2026-14104 CVE-2026-14105
CVE-2026-14106 CVE-2026-14107 CVE-2026-14108
CVE-2026-14109 CVE-2026-14110 CVE-2026-14111
CVE-2026-14112 CVE-2026-14113 CVE-2026-14114
CVE-2026-14115 CVE-2026-14116 CVE-2026-14117
CVE-2026-14118 CVE-2026-14119 CVE-2026-14120
CVE-2026-14121 CVE-2026-14122 CVE-2026-14123
CVE-2026-14124 CVE-2026-14125 CVE-2026-14126
CVE-2026-14127 CVE-2026-14128 CVE-2026-14129
CVE-2026-14130 CVE-2026-14131 CVE-2026-14132
CVE-2026-14133 CVE-2026-14134 CVE-2026-14135
CVE-2026-14136 CVE-2026-14137 CVE-2026-14138
CVE-2026-14139 CVE-2026-14140 CVE-2026-14141
CVE-2026-14142 CVE-2026-14143 CVE-2026-14144
CVE-2026-14145 CVE-2026-14146 CVE-2026-14147
CVE-2026-14148 CVE-2026-14149 CVE-2026-14150
CVE-2026-14151 CVE-2026-14152 CVE-2026-14153
CVE-2026-14154 CVE-2026-14155 CVE-2026-14156
CVE-2026-14381 CVE-2026-14382 CVE-2026-14383
CVE-2026-14384 CVE-2026-14385 CVE-2026-14386
CVE-2026-14387 CVE-2026-14388 CVE-2026-14389
CVE-2026-14390 CVE-2026-14391 CVE-2026-14392
CVE-2026-14393 CVE-2026-14394 CVE-2026-14395
CVE-2026-14396 CVE-2026-14397 CVE-2026-14398
CVE-2026-14399 CVE-2026-14400 CVE-2026-14401
CVE-2026-14402 CVE-2026-14403 CVE-2026-14404
CVE-2026-14405 CVE-2026-14406 CVE-2026-14407
CVE-2026-14408 CVE-2026-14409 CVE-2026-14410
CVE-2026-14411 CVE-2026-14412 CVE-2026-14413
CVE-2026-14414 CVE-2026-14415 CVE-2026-14416
CVE-2026-14417 CVE-2026-14418 CVE-2026-14419
CVE-2026-14420 CVE-2026-14421 CVE-2026-14422
CVE-2026-14423 CVE-2026-14424 CVE-2026-14425
CVE-2026-14426 CVE-2026-14427 CVE-2026-14428
CVE-2026-14429 CVE-2026-14430 CVE-2026-14431
CVE-2026-14432
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that fixes 433 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
- promote Chromium 150 (150.0.7871.46) to stable (boo#1270051)
* CVE-2026-13774: Use after free in Extensions
* CVE-2026-13775: Use after free in GPU
* CVE-2026-14398: Use after free in ANGLE
* CVE-2026-13776: Type Confusion in Dawn
* CVE-2026-13777: Insufficient validation of untrusted input in iOSWeb
* CVE-2026-13778: Use after free in WebUSB
* CVE-2026-13779: Use after free in Chromoting
* CVE-2026-13780: Insufficient validation of untrusted input in ANGLE
* CVE-2026-13781: Insufficient validation of untrusted input in Skia
* CVE-2026-14417: Use after free in Dawn
* CVE-2026-13782: Use after free in Browser
* CVE-2026-13783: Use after free in Views
* CVE-2026-13784: Use after free in Views
* CVE-2026-14419: Use after free in Skia
* CVE-2026-13785: Use after free in Bluetooth
* CVE-2026-14420: Out of bounds read and write in Dawn
* CVE-2026-13786: Use after free in Ozone
* CVE-2026-14427: Heap buffer overflow in Skia
* CVE-2026-13787: Use after free in Chromoting
* CVE-2026-13788: Use after free in Fullscreen
* CVE-2026-14382: Insufficient validation of untrusted input in ANGLE
* CVE-2026-13790: Side-channel information leakage in Scroll
* CVE-2026-14385: Heap buffer overflow in ANGLE
* CVE-2026-13791: Insufficient validation of untrusted input in Downloads
* CVE-2026-13792: Use after free in Touchbar
* CVE-2026-13793: Insufficient policy enforcement in SVG
* CVE-2026-14392: Out of bounds write in Tint
* CVE-2026-13794: Insufficient validation of untrusted input in
WebAppInstalls
* CVE-2026-14422: Out of bounds read and write in Tint
* CVE-2026-13795: Insufficient policy enforcement in Chrome for iOS
* CVE-2026-14426: Use after free in V8
* CVE-2026-13796: Integer overflow in Chromecast
* CVE-2026-13797: Insufficient validation of untrusted input in
Chromecast
* CVE-2026-14386: Out of bounds read in ANGLE
* CVE-2026-13798: Heap buffer overflow in Chromecast
* CVE-2026-13799: Use after free in QUIC
* CVE-2026-13800: Inappropriate implementation in Updater
* CVE-2026-13801: Integer overflow in Chromecast
* CVE-2026-13802: Use after free in Views
* CVE-2026-13803: Type Confusion in Chrome Tabs
* CVE-2026-13804: Use after free in Chromecast
* CVE-2026-13805: Use after free in GFX
* CVE-2026-14390: Use after free in ANGLE
* CVE-2026-13806: Insufficient validation of untrusted input in
Accessibility
* CVE-2026-13807: Use after free in Import
* CVE-2026-13808: Insufficient data validation in Chrome for iOS
* CVE-2026-13809: Side-channel information leakage in Safe Browsing
* CVE-2026-13810: Inappropriate implementation in Input
* CVE-2026-13811: Use after free in IME
* CVE-2026-13812: Insufficient validation of untrusted input in Chrome
for iOS
* CVE-2026-13813: Insufficient validation of untrusted input in Chrome
for iOS
* CVE-2026-13814: Use after free in Views
* CVE-2026-13815: Use after free in Blink
* CVE-2026-13816: Insufficient validation of untrusted input in File
Input
* CVE-2026-14396: Out of bounds read in ANGLE
* CVE-2026-13817: Insufficient validation of untrusted input in Glic
* CVE-2026-13818: Inappropriate implementation in Passwords
* CVE-2026-13819: Out of bounds read in ANGLE
* CVE-2026-13820: Out of bounds read in Skia
* CVE-2026-14400: Out of bounds write in ANGLE
* CVE-2026-14401: Insufficient validation of untrusted input in ANGLE
* CVE-2026-14402: Uninitialized Use in ANGLE
* CVE-2026-13821: Use after free in Canvas
* CVE-2026-13822: Inappropriate implementation in Extensions
* CVE-2026-13823: Use after free in Glic
* CVE-2026-13824: Insufficient validation of untrusted input in
Extensions
* CVE-2026-13825: Uninitialized Use in Dawn
* CVE-2026-13826: Inappropriate implementation in Autofill
* CVE-2026-13827: Use after free in Updater
* CVE-2026-13828: Inappropriate implementation in Enterprise
* CVE-2026-13829: Insufficient validation of untrusted input in Settings
* CVE-2026-13830: Use after free in Chromoting
* CVE-2026-13831: Use after free in GPU
* CVE-2026-13832: Use after free in Headless
* CVE-2026-14411: Insufficient validation of untrusted input in ANGLE
* CVE-2026-13833: Uninitialized Use in ANGLE
* CVE-2026-14412: Insufficient validation of untrusted input in ANGLE
* CVE-2026-14413: Uninitialized Use in ANGLE
* CVE-2026-13834: Insufficient validation of untrusted input in ANGLE
* CVE-2026-13835: Inappropriate implementation in XML
* CVE-2026-13836: Inappropriate implementation in CSS
* CVE-2026-13837: Inappropriate implementation in CSS
* CVE-2026-13838: Inappropriate implementation in CSS
* CVE-2026-13839: Inappropriate implementation in CSS
* CVE-2026-13840: Insufficient policy enforcement in Canvas
* CVE-2026-13841: Integer overflow in Skia
* CVE-2026-13842: Incorrect security UI in Chrome for iOS
* CVE-2026-14418: Uninitialized Use in ANGLE
* CVE-2026-13843: Insufficient validation of untrusted input in Chrome
for iOS
* CVE-2026-13844: Use after free in Updater
* CVE-2026-13845: Use after free in DOM
* CVE-2026-13846: Use after free in USB
* CVE-2026-13847: Insufficient validation of untrusted input in Chrome
for iOS
* CVE-2026-13848: Use after free in Forms
* CVE-2026-13849: Insufficient validation of untrusted input in
Chromoting
* CVE-2026-14423: Type Confusion in Tint
* CVE-2026-13850: Insufficient validation of untrusted input in Chrome
for iOS
* CVE-2026-14424: Use after free in Dawn
* CVE-2026-14425: Use after free in ANGLE
* CVE-2026-13851: Insufficient validation of untrusted input in
WebAppInstalls
* CVE-2026-14428: Insufficient validation of untrusted input in Dawn
* CVE-2026-14429: Insufficient validation of untrusted input in Skia
* CVE-2026-14430: Integer overflow in V8
* CVE-2026-13852: Insufficient validation of untrusted input in
WebAppInstalls
* CVE-2026-13853: Use after free in Journeys
* CVE-2026-13854: Use after free in Ozone
* CVE-2026-14431: Type Confusion in V8
* CVE-2026-13855: Use after free in Ozone
* CVE-2026-13856: Insufficient validation of untrusted input in Speech
* CVE-2026-13857: Inappropriate implementation in Geometry
* CVE-2026-13858: Out of bounds read in FFmpeg
* CVE-2026-13859: Inappropriate implementation in ANGLE
* CVE-2026-14391: Integer overflow in ANGLE
* CVE-2026-13860: Incorrect security UI in Autofill
* CVE-2026-14408: Uninitialized Use in Dawn
* CVE-2026-14381: Incorrect security UI in WebAppInstalls
* CVE-2026-14383: Inappropriate implementation in V8
* CVE-2026-13861: Use after free in Core
* CVE-2026-13862: Insufficient policy enforcement in Web Authentication
(Passkeys & Security Keys)
* CVE-2026-13863: Insufficient validation of untrusted input in
CustomTabs
* CVE-2026-13864: Insufficient policy enforcement in WebHID
* CVE-2026-13865: Insufficient validation of untrusted input in
Enterprise
* CVE-2026-13866: Insufficient validation of untrusted input in Input
* CVE-2026-13867: Inappropriate implementation in Geolocation
* CVE-2026-13868: Inappropriate implementation in Network
* CVE-2026-14384: Out of bounds read in ANGLE
* CVE-2026-13869: Use after free in Device
* CVE-2026-13870: Use after free in WebView
* CVE-2026-13871: Insufficient data validation in GuestView
* CVE-2026-13872: Insufficient validation of untrusted input in
WebAppInstalls
* CVE-2026-13873: Out of bounds memory access in Layout
* CVE-2026-13874: Inappropriate implementation in DataTransfer
* CVE-2026-13875: Insufficient validation of untrusted input in GPU
* CVE-2026-13876: Inappropriate implementation in Network
* CVE-2026-13877: Insufficient validation of untrusted input in ANGLE
* CVE-2026-13878: Use after free in Bluetooth
* CVE-2026-13879: Use after free in Bluetooth
* CVE-2026-13880: Use after free in USB
* CVE-2026-13881: Insufficient data validation in WebAppInstalls
* CVE-2026-13882: Inappropriate implementation in USB
* CVE-2026-13883: Type Confusion in ANGLE
* CVE-2026-13884: Heap buffer overflow in Chromecast
* CVE-2026-14387: Integer overflow in Skia
* CVE-2026-13885: Use after free in Skia
* CVE-2026-13886: Policy bypass in Isolated Web Apps
* CVE-2026-14388: Out of bounds read in ANGLE
* CVE-2026-14389: Integer overflow in Skia
* CVE-2026-13887: Insufficient policy enforcement in NFC
* CVE-2026-13888: Use after free in Extensions
* CVE-2026-13889: Insufficient validation of untrusted input in
WebAuthentication
* CVE-2026-13890: Out of bounds read in Chromecast
* CVE-2026-13891: Insufficient validation of untrusted input in
Extensions
* CVE-2026-13892: Inappropriate implementation in Chrome for iOS
* CVE-2026-13893: Insufficient validation of untrusted input in WebUI
* CVE-2026-13894: Insufficient policy enforcement in Network
* CVE-2026-13895: Inappropriate implementation in Autofill
* CVE-2026-13896: Insufficient policy enforcement in Glic
* CVE-2026-13897: Insufficient policy enforcement in Chromecast
* CVE-2026-13898: Use after free in Cast Receiver
* CVE-2026-13899: Use after free in HTML
* CVE-2026-13900: Insufficient validation of untrusted input in
Chromecast
* CVE-2026-13901: Insufficient validation of untrusted input in Serial
* CVE-2026-13902: Inappropriate implementation in Chrome for iOS
* CVE-2026-13903: Insufficient policy enforcement in Bluetooth
* CVE-2026-13904: Incorrect security UI in Safe Browsing
* CVE-2026-13905: Incorrect security UI in Chrome for iOS
* CVE-2026-13906: Out of bounds read in Codecs
* CVE-2026-13907: Inappropriate implementation in iOSWeb
* CVE-2026-13908: Insufficient validation of untrusted input in Omnibox
* CVE-2026-13909: Insufficient policy enforcement in DevTools
* CVE-2026-13910: Insufficient policy enforcement in WebXR
* CVE-2026-13911: Insufficient data validation in Spellcheck
* CVE-2026-13912: Incorrect security UI in Safe Browsing
* CVE-2026-13913: Insufficient policy enforcement in Autofill
* CVE-2026-13914: Inappropriate implementation in Passwords
* CVE-2026-13915: Use after free in Chrome for iOS
* CVE-2026-13916: Inappropriate implementation in Chrome for iOS
* CVE-2026-13917: Insufficient validation of untrusted input in Chrome
for iOS
* CVE-2026-13918: Use after free in Chrome for iOS
* CVE-2026-13919: Insufficient data validation in Extensions
* CVE-2026-14393: Use after free in V8
* CVE-2026-13920: Insufficient validation of untrusted input in Media
* CVE-2026-13921: Insufficient validation of untrusted input in
DeviceBoundSessionCredentials
* CVE-2026-13922: Side-channel information leakage in Paint
* CVE-2026-13923: Uninitialized Use in GPU
* CVE-2026-14397: Out of bounds write in ANGLE
* CVE-2026-13924: Insufficient validation of untrusted input in WebView
* CVE-2026-13925: Inappropriate implementation in Downloads
* CVE-2026-13926: Insufficient validation of untrusted input in Network
* CVE-2026-13927: Insufficient validation of untrusted input in UI
* CVE-2026-13928: Insufficient validation of untrusted input in
Enterprise
* CVE-2026-13929: Insufficient validation of untrusted input in DevTools
* CVE-2026-13930: Insufficient policy enforcement in Actor
* CVE-2026-13931: Inappropriate implementation in Media
* CVE-2026-13932: Inappropriate implementation in Sharing
* CVE-2026-13933: Insufficient policy enforcement in Passwords
* CVE-2026-13934: Insufficient validation of untrusted input in Dawn
* CVE-2026-14399: Uninitialized Use in Dawn
* CVE-2026-13935: Side-channel information leakage in ComputePressure
* CVE-2026-13936: Inappropriate implementation in Passwords
* CVE-2026-13937: Insufficient policy enforcement in Passwords
* CVE-2026-13938: Integer overflow in Fonts
* CVE-2026-13939: Insufficient validation of untrusted input in WebShare
* CVE-2026-13940: Uninitialized Use in Cast
* CVE-2026-13941: Inappropriate implementation in SiteSettings
* CVE-2026-13942: Insufficient validation of untrusted input in Video
Capture
* CVE-2026-13943: Uninitialized Use in CSS
* CVE-2026-13944: Inappropriate implementation in DataTransfer
* CVE-2026-13945: Insufficient policy enforcement in Extensions
* CVE-2026-13946: Inappropriate implementation in ScriptInjections
* CVE-2026-13947: Uninitialized Use in XR
* CVE-2026-13948: Insufficient policy enforcement in Extensions
* CVE-2026-13949: Insufficient policy enforcement in Payments
* CVE-2026-14404: Inappropriate implementation in PDFium
* CVE-2026-13950: Uninitialized Use in GPU
* CVE-2026-13951: Policy bypass in USB
* CVE-2026-13952: Inappropriate implementation in PerformanceAPIs
* CVE-2026-14406: Out of bounds read in V8
* CVE-2026-13953: Inappropriate implementation in SplitView
* CVE-2026-13954: Insufficient policy enforcement in XML
* CVE-2026-13955: Insufficient validation of untrusted input in
CustomTabs
* CVE-2026-13956: Incorrect security UI in PageInfo
* CVE-2026-13957: Incorrect security UI in Extensions
* CVE-2026-13958: Uninitialized Use in Codecs
* CVE-2026-14407: Inappropriate implementation in V8
* CVE-2026-13959: Insufficient validation of untrusted input in Blink
* CVE-2026-13960: Inappropriate implementation in Passwords
* CVE-2026-13961: Insufficient validation of untrusted input in DevTools
* CVE-2026-13962: Insufficient data validation in PDF
* CVE-2026-13963: Inappropriate implementation in DevTools
* CVE-2026-13964: Insufficient policy enforcement in WebView
* CVE-2026-13965: Use after free in Oilpan
* CVE-2026-13966: Inappropriate implementation in History
* CVE-2026-13967: Type Confusion in V8
* CVE-2026-13968: Insufficient validation of untrusted input in DevTools
* CVE-2026-13969: Uninitialized Use in UI
* CVE-2026-13970: Uninitialized Use in Media
* CVE-2026-13971: Uninitialized Use in Skia
* CVE-2026-13972: Inappropriate implementation in Paint
* CVE-2026-13973: Inappropriate implementation in UI
* CVE-2026-13974: Integer overflow in Safe Browsing
* CVE-2026-13975: Out of bounds read in ANGLE
* CVE-2026-13976: Heap buffer overflow in Storage
* CVE-2026-13977: Inappropriate implementation in HTMLParser
* CVE-2026-13978: Insufficient policy enforcement in PageInfo
* CVE-2026-14414: Insufficient validation of untrusted input in Skia
* CVE-2026-13979: Inappropriate implementation in Paint
* CVE-2026-13980: Incorrect security UI in Chrome for iOS
* CVE-2026-13981: Inappropriate implementation in Chrome for iOS
* CVE-2026-13982: Incorrect security UI in Passwords
* CVE-2026-13983: Incorrect security UI in Chrome for iOS
* CVE-2026-13984: Incorrect security UI in TabStrip
* CVE-2026-13985: Inappropriate implementation in MediaCapture
* CVE-2026-13986: Inappropriate implementation in Media UI
* CVE-2026-13987: Incorrect security UI in Mobile
* CVE-2026-13988: Inappropriate implementation in Paint
* CVE-2026-13989: Insufficient policy enforcement in PageInfo
* CVE-2026-13990: Insufficient validation of untrusted input in
DataTransfer
* CVE-2026-13991: Insufficient validation of untrusted input in Chrome
for iOS
* CVE-2026-13992: Inappropriate implementation in UI
* CVE-2026-13993: Incorrect security UI in WebAppInstalls
* CVE-2026-13994: Inappropriate implementation in Credential Management
* CVE-2026-13995: Insufficient validation of untrusted input in Autofill
* CVE-2026-13996: Incorrect security UI in Permissions
* CVE-2026-13997: Incorrect security UI in Extensions
* CVE-2026-13998: Incorrect security UI in File Input
* CVE-2026-13999: Inappropriate implementation in Extensions
* CVE-2026-14000: Inappropriate implementation in XML
* CVE-2026-14001: Inappropriate implementation in Network
* CVE-2026-14002: Inappropriate implementation in Geolocation
* CVE-2026-14003: Insufficient policy enforcement in Extensions
* CVE-2026-14004: Inappropriate implementation in CSS
* CVE-2026-14005: Use after free in Omnibox
* CVE-2026-14006: Use after free in Navigation
* CVE-2026-14007: Insufficient policy enforcement in PermissionsPolicy
* CVE-2026-14008: Uninitialized Use in WebXR
* CVE-2026-14009: Insufficient data validation in Passwords
* CVE-2026-14010: Uninitialized Use in Codecs
* CVE-2026-14011: Out of bounds read in SurfaceCapture
* CVE-2026-14421: Uninitialized Use in Dawn
* CVE-2026-14012: Side-channel information leakage in CSS
* CVE-2026-14013: Inappropriate implementation in SVG
* CVE-2026-14014: Inappropriate implementation in Paint
* CVE-2026-14015: Inappropriate implementation in WebRTC
* CVE-2026-14016: Insufficient policy enforcement in SVG
* CVE-2026-14017: Inappropriate implementation in Navigation
* CVE-2026-14018: Use after free in Updater
* CVE-2026-14019: Inappropriate implementation in Passwords
* CVE-2026-14020: Insufficient validation of untrusted input in WebXR
* CVE-2026-14021: Insufficient validation of untrusted input in
StorageAccessAPI
* CVE-2026-14022: Insufficient validation of untrusted input in Network
* CVE-2026-14023: Insufficient validation of untrusted input in
SanitizerAPI
* CVE-2026-14024: Use after free in Ozone
* CVE-2026-14432: Use after free in V8
* CVE-2026-14025: Use after free in Views
* CVE-2026-14026: Incorrect security UI in SplitView
* CVE-2026-14027: Use after free in SignIn
* CVE-2026-14028: Incorrect security UI in Chrome for iOS
* CVE-2026-14030: Incorrect security UI in SplitView
* CVE-2026-14031: Incorrect security UI in File Input
* CVE-2026-14032: Use after free in Bluetooth
* CVE-2026-14033: Insufficient policy enforcement in Media
* CVE-2026-14034: Inappropriate implementation in WebXR
* CVE-2026-14035: Insufficient policy enforcement in Bluetooth
* CVE-2026-14036: Insufficient policy enforcement in Bluetooth
* CVE-2026-14037: Insufficient policy enforcement in GPU
* CVE-2026-14038: Insufficient validation of untrusted input in New Tab
Page
* CVE-2026-14039: Insufficient policy enforcement in GetUserMedia
* CVE-2026-14040: Use after free in BrowserTag
* CVE-2026-14041: Insufficient policy enforcement in Serial
* CVE-2026-14042: Inappropriate implementation in Isolated Web Apps
* CVE-2026-14043: Use after free in GetUserMedia
* CVE-2026-14044: Use after free in ANGLE
* CVE-2026-14045: Insufficient validation of untrusted input in Network
* CVE-2026-14046: Inappropriate implementation in CustomTabs
* CVE-2026-14047: Insufficient policy enforcement in Extensions
* CVE-2026-14048: Use after free in Chromecast
* CVE-2026-14049: Inappropriate implementation in GPU
* CVE-2026-14050: Insufficient policy enforcement in Passwords
* CVE-2026-14051: Uninitialized Use in GamepadAPI
* CVE-2026-14052: Insufficient policy enforcement in FileSystem
* CVE-2026-14053: Insufficient policy enforcement in Extensions
* CVE-2026-14054: Insufficient policy enforcement in Network
* CVE-2026-14055: Insufficient validation of untrusted input in Device
Trust
* CVE-2026-14056: Insufficient validation of untrusted input in Media
* CVE-2026-14057: Insufficient policy enforcement in FedCM
* CVE-2026-14058: Policy bypass in Parser
* CVE-2026-14059: Insufficient policy enforcement in Related-Website-Sets
* CVE-2026-14060: Insufficient validation of untrusted input in
Chromoting
* CVE-2026-14061: Inappropriate implementation in Dawn
* CVE-2026-14062: Inappropriate implementation in Views
* CVE-2026-14063: Out of bounds memory access in Chromecast
* CVE-2026-14064: Use after free in PageInfo
* CVE-2026-14065: Insufficient validation of untrusted input in PageInfo
* CVE-2026-14066: Insufficient validation of untrusted input in Chrome
for iOS
* CVE-2026-14067: Use after free in Chrome for iOS
* CVE-2026-14068: Inappropriate implementation in Omnibox
* CVE-2026-14069: Integer overflow in WebNN
* CVE-2026-14070: Uninitialized Use in WebNN
* CVE-2026-14071: Side-channel information leakage in WebAudio
* CVE-2026-14072: Incorrect security UI in SplitView
* CVE-2026-14073: Insufficient policy enforcement in WebXR
* CVE-2026-14394: Use after free in V8
* CVE-2026-14395: Out of bounds write in V8
* CVE-2026-14074: Side-channel information leakage in WebAuthentication
* CVE-2026-14075: Policy bypass in Chrome for iOS
* CVE-2026-14076: Policy bypass in Network
* CVE-2026-14077: Incorrect security UI in Select
* CVE-2026-14078: Policy bypass in WebRTC
* CVE-2026-14079: Policy bypass in Network
* CVE-2026-14080: Insufficient validation of untrusted input in
TabSwitcher
* CVE-2026-14081: Insufficient policy enforcement in DevTools
* CVE-2026-14082: Race in Storage
* CVE-2026-14083: Insufficient validation of untrusted input in HTML
* CVE-2026-14084: Insufficient validation of untrusted input in
Chromoting
* CVE-2026-14085: Side-channel information leakage in CSS
* CVE-2026-14086: Insufficient policy enforcement in HID
* CVE-2026-14087: Insufficient validation of untrusted input in WebNN
* CVE-2026-14088: Uninitialized Use in Canvas
* CVE-2026-14089: Insufficient validation of untrusted input in
PopupBlocker
* CVE-2026-14090: Out of bounds read in CameraCapture
* CVE-2026-14091: Use after free in DevTools
* CVE-2026-14092: Insufficient policy enforcement in Privacy
* CVE-2026-14093: Use after free in Cast
* CVE-2026-14094: Use after free in Installer
* CVE-2026-14095: Insufficient validation of untrusted input in Browser
* CVE-2026-14403: Use after free in V8
* CVE-2026-14096: Object lifecycle issue in Input
* CVE-2026-14097: Inappropriate implementation in WebAppInstalls
* CVE-2026-14098: Inappropriate implementation in CSS
* CVE-2026-14405: Uninitialized Use in V8
* CVE-2026-14099: Use after free in Chrome for iOS
* CVE-2026-14100: Insufficient data validation in NetworkCache
* CVE-2026-14101: Insufficient policy enforcement in Sandbox
* CVE-2026-14102: Use after free in Passwords
* CVE-2026-14103: Use after free in SSL
* CVE-2026-14104: Insufficient validation of untrusted input in
WebAppInstalls
* CVE-2026-14105: Insufficient policy enforcement in Speech
* CVE-2026-14106: Insufficient validation of untrusted input in Text
* CVE-2026-14107: Use after free in Scheduling
* CVE-2026-14108: Use after free in PDFium
* CVE-2026-14109: Insufficient policy enforcement in Mojo
* CVE-2026-14110: Inappropriate implementation in DarkMode
* CVE-2026-14111: Use after free in WebProtect
* CVE-2026-14112: Inappropriate implementation in Enterprise
* CVE-2026-14113: Use after free in Updater
* CVE-2026-14114: Inappropriate implementation in WebAppInstalls
* CVE-2026-14115: Insufficient validation of untrusted input in Cast
* CVE-2026-14116: Insufficient validation of untrusted input in DevTools
* CVE-2026-14117: Insufficient validation of untrusted input in DevTools
* CVE-2026-14118: Insufficient data validation in DevTools
* CVE-2026-14119: Type Confusion in Bluetooth
* CVE-2026-14120: Inappropriate implementation in DevTools
* CVE-2026-14121: Use after free in Chromoting
* CVE-2026-14409: Inappropriate implementation in V8
* CVE-2026-14122: Insufficient validation of untrusted input in
WebAppInstalls
* CVE-2026-14410: Inappropriate implementation in Skia
* CVE-2026-14123: Incorrect security UI in Chrome for iOS
* CVE-2026-14124: Inappropriate implementation in CredentialProvider
* CVE-2026-14125: Uninitialized Use in ANGLE
* CVE-2026-14126: Incorrect security UI in UI
* CVE-2026-14127: Inappropriate implementation in Printing
* CVE-2026-14128: Insufficient data validation in Chrome for iOS
* CVE-2026-14129: Incorrect security UI in PreviewTab
* CVE-2026-14130: Incorrect security UI in Omnibox
* CVE-2026-14131: Insufficient validation of untrusted input in
WebAppInstalls
* CVE-2026-14132: Inappropriate implementation in WebXR
* CVE-2026-14133: Race in History Embeddings
* CVE-2026-14134: Inappropriate implementation in Autofill
* CVE-2026-14135: Insufficient validation of untrusted input in Network
* CVE-2026-14136: Incorrect security UI in Chrome for iOS
* CVE-2026-14137: Insufficient validation of untrusted input in Chrome
for iOS
* CVE-2026-14138: Inappropriate implementation in WebAppInstalls
* CVE-2026-14139: Inappropriate implementation in TabStrip
* CVE-2026-14140: Insufficient validation of untrusted input in Input
* CVE-2026-14141: Incorrect security UI in Document Picture-in-Picture
* CVE-2026-14142: Inappropriate implementation in Extensions
* CVE-2026-14143: Incorrect security UI in Passwords
* CVE-2026-14144: Incorrect security UI in Views
* CVE-2026-14145: Inappropriate implementation in CSS
* CVE-2026-14146: Inappropriate implementation in CSS
* CVE-2026-14147: Inappropriate implementation in CSS
* CVE-2026-14415: Inappropriate implementation in V8
* CVE-2026-14148: Type Confusion in CSS
* CVE-2026-14149: Use after free in Audio
* CVE-2026-14416: Out of bounds read in Dawn
* CVE-2026-14150: Insufficient validation of untrusted input in Speech
* CVE-2026-14151: Inappropriate implementation in AI
* CVE-2026-14152: Out of bounds write in ANGLE
* CVE-2026-14153: Inappropriate implementation in Glic
* CVE-2026-14154: Inappropriate implementation in DevTools
* CVE-2026-14155: Insufficient policy enforcement in StorageAccessAPI
* CVE-2026-14156: Policy bypass in StorageAccessAPI
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-233=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le x86_64):
chromedriver-150.0.7871.46-bp157.2.181.1
chromium-150.0.7871.46-bp157.2.181.1
References:
https://www.suse.com/security/cve/CVE-2026-13774.html
https://www.suse.com/security/cve/CVE-2026-13775.html
https://www.suse.com/security/cve/CVE-2026-13776.html
https://www.suse.com/security/cve/CVE-2026-13777.html
https://www.suse.com/security/cve/CVE-2026-13778.html
https://www.suse.com/security/cve/CVE-2026-13779.html
https://www.suse.com/security/cve/CVE-2026-13780.html
https://www.suse.com/security/cve/CVE-2026-13781.html
https://www.suse.com/security/cve/CVE-2026-13782.html
https://www.suse.com/security/cve/CVE-2026-13783.html
https://www.suse.com/security/cve/CVE-2026-13784.html
https://www.suse.com/security/cve/CVE-2026-13785.html
https://www.suse.com/security/cve/CVE-2026-13786.html
https://www.suse.com/security/cve/CVE-2026-13787.html
https://www.suse.com/security/cve/CVE-2026-13788.html
https://www.suse.com/security/cve/CVE-2026-13790.html
https://www.suse.com/security/cve/CVE-2026-13791.html
https://www.suse.com/security/cve/CVE-2026-13792.html
https://www.suse.com/security/cve/CVE-2026-13793.html
https://www.suse.com/security/cve/CVE-2026-13794.html
https://www.suse.com/security/cve/CVE-2026-13795.html
https://www.suse.com/security/cve/CVE-2026-13796.html
https://www.suse.com/security/cve/CVE-2026-13797.html
https://www.suse.com/security/cve/CVE-2026-13798.html
https://www.suse.com/security/cve/CVE-2026-13799.html
https://www.suse.com/security/cve/CVE-2026-13800.html
https://www.suse.com/security/cve/CVE-2026-13801.html
https://www.suse.com/security/cve/CVE-2026-13802.html
https://www.suse.com/security/cve/CVE-2026-13803.html
https://www.suse.com/security/cve/CVE-2026-13804.html
https://www.suse.com/security/cve/CVE-2026-13805.html
https://www.suse.com/security/cve/CVE-2026-13806.html
https://www.suse.com/security/cve/CVE-2026-13807.html
https://www.suse.com/security/cve/CVE-2026-13808.html
https://www.suse.com/security/cve/CVE-2026-13809.html
https://www.suse.com/security/cve/CVE-2026-13810.html
https://www.suse.com/security/cve/CVE-2026-13811.html
https://www.suse.com/security/cve/CVE-2026-13812.html
https://www.suse.com/security/cve/CVE-2026-13813.html
https://www.suse.com/security/cve/CVE-2026-13814.html
https://www.suse.com/security/cve/CVE-2026-13815.html
https://www.suse.com/security/cve/CVE-2026-13816.html
https://www.suse.com/security/cve/CVE-2026-13817.html
https://www.suse.com/security/cve/CVE-2026-13818.html
https://www.suse.com/security/cve/CVE-2026-13819.html
https://www.suse.com/security/cve/CVE-2026-13820.html
https://www.suse.com/security/cve/CVE-2026-13821.html
https://www.suse.com/security/cve/CVE-2026-13822.html
https://www.suse.com/security/cve/CVE-2026-13823.html
https://www.suse.com/security/cve/CVE-2026-13824.html
https://www.suse.com/security/cve/CVE-2026-13825.html
https://www.suse.com/security/cve/CVE-2026-13826.html
https://www.suse.com/security/cve/CVE-2026-13827.html
https://www.suse.com/security/cve/CVE-2026-13828.html
https://www.suse.com/security/cve/CVE-2026-13829.html
https://www.suse.com/security/cve/CVE-2026-13830.html
https://www.suse.com/security/cve/CVE-2026-13831.html
https://www.suse.com/security/cve/CVE-2026-13832.html
https://www.suse.com/security/cve/CVE-2026-13833.html
https://www.suse.com/security/cve/CVE-2026-13834.html
https://www.suse.com/security/cve/CVE-2026-13835.html
https://www.suse.com/security/cve/CVE-2026-13836.html
https://www.suse.com/security/cve/CVE-2026-13837.html
https://www.suse.com/security/cve/CVE-2026-13838.html
https://www.suse.com/security/cve/CVE-2026-13839.html
https://www.suse.com/security/cve/CVE-2026-13840.html
https://www.suse.com/security/cve/CVE-2026-13841.html
https://www.suse.com/security/cve/CVE-2026-13842.html
https://www.suse.com/security/cve/CVE-2026-13843.html
https://www.suse.com/security/cve/CVE-2026-13844.html
https://www.suse.com/security/cve/CVE-2026-13845.html
https://www.suse.com/security/cve/CVE-2026-13846.html
https://www.suse.com/security/cve/CVE-2026-13847.html
https://www.suse.com/security/cve/CVE-2026-13848.html
https://www.suse.com/security/cve/CVE-2026-13849.html
https://www.suse.com/security/cve/CVE-2026-13850.html
https://www.suse.com/security/cve/CVE-2026-13851.html
https://www.suse.com/security/cve/CVE-2026-13852.html
https://www.suse.com/security/cve/CVE-2026-13853.html
https://www.suse.com/security/cve/CVE-2026-13854.html
https://www.suse.com/security/cve/CVE-2026-13855.html
https://www.suse.com/security/cve/CVE-2026-13856.html
https://www.suse.com/security/cve/CVE-2026-13857.html
https://www.suse.com/security/cve/CVE-2026-13858.html
https://www.suse.com/security/cve/CVE-2026-13859.html
https://www.suse.com/security/cve/CVE-2026-13860.html
https://www.suse.com/security/cve/CVE-2026-13861.html
https://www.suse.com/security/cve/CVE-2026-13862.html
https://www.suse.com/security/cve/CVE-2026-13863.html
https://www.suse.com/security/cve/CVE-2026-13864.html
https://www.suse.com/security/cve/CVE-2026-13865.html
https://www.suse.com/security/cve/CVE-2026-13866.html
https://www.suse.com/security/cve/CVE-2026-13867.html
https://www.suse.com/security/cve/CVE-2026-13868.html
https://www.suse.com/security/cve/CVE-2026-13869.html
https://www.suse.com/security/cve/CVE-2026-13870.html
https://www.suse.com/security/cve/CVE-2026-13871.html
https://www.suse.com/security/cve/CVE-2026-13872.html
https://www.suse.com/security/cve/CVE-2026-13873.html
https://www.suse.com/security/cve/CVE-2026-13874.html
https://www.suse.com/security/cve/CVE-2026-13875.html
https://www.suse.com/security/cve/CVE-2026-13876.html
https://www.suse.com/security/cve/CVE-2026-13877.html
https://www.suse.com/security/cve/CVE-2026-13878.html
https://www.suse.com/security/cve/CVE-2026-13879.html
https://www.suse.com/security/cve/CVE-2026-13880.html
https://www.suse.com/security/cve/CVE-2026-13881.html
https://www.suse.com/security/cve/CVE-2026-13882.html
https://www.suse.com/security/cve/CVE-2026-13883.html
https://www.suse.com/security/cve/CVE-2026-13884.html
https://www.suse.com/security/cve/CVE-2026-13885.html
https://www.suse.com/security/cve/CVE-2026-13886.html
https://www.suse.com/security/cve/CVE-2026-13887.html
https://www.suse.com/security/cve/CVE-2026-13888.html
https://www.suse.com/security/cve/CVE-2026-13889.html
https://www.suse.com/security/cve/CVE-2026-13890.html
https://www.suse.com/security/cve/CVE-2026-13891.html
https://www.suse.com/security/cve/CVE-2026-13892.html
https://www.suse.com/security/cve/CVE-2026-13893.html
https://www.suse.com/security/cve/CVE-2026-13894.html
https://www.suse.com/security/cve/CVE-2026-13895.html
https://www.suse.com/security/cve/CVE-2026-13896.html
https://www.suse.com/security/cve/CVE-2026-13897.html
https://www.suse.com/security/cve/CVE-2026-13898.html
https://www.suse.com/security/cve/CVE-2026-13899.html
https://www.suse.com/security/cve/CVE-2026-13900.html
https://www.suse.com/security/cve/CVE-2026-13901.html
https://www.suse.com/security/cve/CVE-2026-13902.html
https://www.suse.com/security/cve/CVE-2026-13903.html
https://www.suse.com/security/cve/CVE-2026-13904.html
https://www.suse.com/security/cve/CVE-2026-13905.html
https://www.suse.com/security/cve/CVE-2026-13906.html
https://www.suse.com/security/cve/CVE-2026-13907.html
https://www.suse.com/security/cve/CVE-2026-13908.html
https://www.suse.com/security/cve/CVE-2026-13909.html
https://www.suse.com/security/cve/CVE-2026-13910.html
https://www.suse.com/security/cve/CVE-2026-13911.html
https://www.suse.com/security/cve/CVE-2026-13912.html
https://www.suse.com/security/cve/CVE-2026-13913.html
https://www.suse.com/security/cve/CVE-2026-13914.html
https://www.suse.com/security/cve/CVE-2026-13915.html
https://www.suse.com/security/cve/CVE-2026-13916.html
https://www.suse.com/security/cve/CVE-2026-13917.html
https://www.suse.com/security/cve/CVE-2026-13918.html
https://www.suse.com/security/cve/CVE-2026-13919.html
https://www.suse.com/security/cve/CVE-2026-13920.html
https://www.suse.com/security/cve/CVE-2026-13921.html
https://www.suse.com/security/cve/CVE-2026-13922.html
https://www.suse.com/security/cve/CVE-2026-13923.html
https://www.suse.com/security/cve/CVE-2026-13924.html
https://www.suse.com/security/cve/CVE-2026-13925.html
https://www.suse.com/security/cve/CVE-2026-13926.html
https://www.suse.com/security/cve/CVE-2026-13927.html
https://www.suse.com/security/cve/CVE-2026-13928.html
https://www.suse.com/security/cve/CVE-2026-13929.html
https://www.suse.com/security/cve/CVE-2026-13930.html
https://www.suse.com/security/cve/CVE-2026-13931.html
https://www.suse.com/security/cve/CVE-2026-13932.html
https://www.suse.com/security/cve/CVE-2026-13933.html
https://www.suse.com/security/cve/CVE-2026-13934.html
https://www.suse.com/security/cve/CVE-2026-13935.html
https://www.suse.com/security/cve/CVE-2026-13936.html
https://www.suse.com/security/cve/CVE-2026-13937.html
https://www.suse.com/security/cve/CVE-2026-13938.html
https://www.suse.com/security/cve/CVE-2026-13939.html
https://www.suse.com/security/cve/CVE-2026-13940.html
https://www.suse.com/security/cve/CVE-2026-13941.html
https://www.suse.com/security/cve/CVE-2026-13942.html
https://www.suse.com/security/cve/CVE-2026-13943.html
https://www.suse.com/security/cve/CVE-2026-13944.html
https://www.suse.com/security/cve/CVE-2026-13945.html
https://www.suse.com/security/cve/CVE-2026-13946.html
https://www.suse.com/security/cve/CVE-2026-13947.html
https://www.suse.com/security/cve/CVE-2026-13948.html
https://www.suse.com/security/cve/CVE-2026-13949.html
https://www.suse.com/security/cve/CVE-2026-13950.html
https://www.suse.com/security/cve/CVE-2026-13951.html
https://www.suse.com/security/cve/CVE-2026-13952.html
https://www.suse.com/security/cve/CVE-2026-13953.html
https://www.suse.com/security/cve/CVE-2026-13954.html
https://www.suse.com/security/cve/CVE-2026-13955.html
https://www.suse.com/security/cve/CVE-2026-13956.html
https://www.suse.com/security/cve/CVE-2026-13957.html
https://www.suse.com/security/cve/CVE-2026-13958.html
https://www.suse.com/security/cve/CVE-2026-13959.html
https://www.suse.com/security/cve/CVE-2026-13960.html
https://www.suse.com/security/cve/CVE-2026-13961.html
https://www.suse.com/security/cve/CVE-2026-13962.html
https://www.suse.com/security/cve/CVE-2026-13963.html
https://www.suse.com/security/cve/CVE-2026-13964.html
https://www.suse.com/security/cve/CVE-2026-13965.html
https://www.suse.com/security/cve/CVE-2026-13966.html
https://www.suse.com/security/cve/CVE-2026-13967.html
https://www.suse.com/security/cve/CVE-2026-13968.html
https://www.suse.com/security/cve/CVE-2026-13969.html
https://www.suse.com/security/cve/CVE-2026-13970.html
https://www.suse.com/security/cve/CVE-2026-13971.html
https://www.suse.com/security/cve/CVE-2026-13972.html
https://www.suse.com/security/cve/CVE-2026-13973.html
https://www.suse.com/security/cve/CVE-2026-13974.html
https://www.suse.com/security/cve/CVE-2026-13975.html
https://www.suse.com/security/cve/CVE-2026-13976.html
https://www.suse.com/security/cve/CVE-2026-13977.html
https://www.suse.com/security/cve/CVE-2026-13978.html
https://www.suse.com/security/cve/CVE-2026-13979.html
https://www.suse.com/security/cve/CVE-2026-13980.html
https://www.suse.com/security/cve/CVE-2026-13981.html
https://www.suse.com/security/cve/CVE-2026-13982.html
https://www.suse.com/security/cve/CVE-2026-13983.html
https://www.suse.com/security/cve/CVE-2026-13984.html
https://www.suse.com/security/cve/CVE-2026-13985.html
https://www.suse.com/security/cve/CVE-2026-13986.html
https://www.suse.com/security/cve/CVE-2026-13987.html
https://www.suse.com/security/cve/CVE-2026-13988.html
https://www.suse.com/security/cve/CVE-2026-13989.html
https://www.suse.com/security/cve/CVE-2026-13990.html
https://www.suse.com/security/cve/CVE-2026-13991.html
https://www.suse.com/security/cve/CVE-2026-13992.html
https://www.suse.com/security/cve/CVE-2026-13993.html
https://www.suse.com/security/cve/CVE-2026-13994.html
https://www.suse.com/security/cve/CVE-2026-13995.html
https://www.suse.com/security/cve/CVE-2026-13996.html
https://www.suse.com/security/cve/CVE-2026-13997.html
https://www.suse.com/security/cve/CVE-2026-13998.html
https://www.suse.com/security/cve/CVE-2026-13999.html
https://www.suse.com/security/cve/CVE-2026-14000.html
https://www.suse.com/security/cve/CVE-2026-14001.html
https://www.suse.com/security/cve/CVE-2026-14002.html
https://www.suse.com/security/cve/CVE-2026-14003.html
https://www.suse.com/security/cve/CVE-2026-14004.html
https://www.suse.com/security/cve/CVE-2026-14005.html
https://www.suse.com/security/cve/CVE-2026-14006.html
https://www.suse.com/security/cve/CVE-2026-14007.html
https://www.suse.com/security/cve/CVE-2026-14008.html
https://www.suse.com/security/cve/CVE-2026-14009.html
https://www.suse.com/security/cve/CVE-2026-14010.html
https://www.suse.com/security/cve/CVE-2026-14011.html
https://www.suse.com/security/cve/CVE-2026-14012.html
https://www.suse.com/security/cve/CVE-2026-14013.html
https://www.suse.com/security/cve/CVE-2026-14014.html
https://www.suse.com/security/cve/CVE-2026-14015.html
https://www.suse.com/security/cve/CVE-2026-14016.html
https://www.suse.com/security/cve/CVE-2026-14017.html
https://www.suse.com/security/cve/CVE-2026-14018.html
https://www.suse.com/security/cve/CVE-2026-14019.html
https://www.suse.com/security/cve/CVE-2026-14020.html
https://www.suse.com/security/cve/CVE-2026-14021.html
https://www.suse.com/security/cve/CVE-2026-14022.html
https://www.suse.com/security/cve/CVE-2026-14023.html
https://www.suse.com/security/cve/CVE-2026-14024.html
https://www.suse.com/security/cve/CVE-2026-14025.html
https://www.suse.com/security/cve/CVE-2026-14026.html
https://www.suse.com/security/cve/CVE-2026-14027.html
https://www.suse.com/security/cve/CVE-2026-14028.html
https://www.suse.com/security/cve/CVE-2026-14030.html
https://www.suse.com/security/cve/CVE-2026-14031.html
https://www.suse.com/security/cve/CVE-2026-14032.html
https://www.suse.com/security/cve/CVE-2026-14033.html
https://www.suse.com/security/cve/CVE-2026-14034.html
https://www.suse.com/security/cve/CVE-2026-14035.html
https://www.suse.com/security/cve/CVE-2026-14036.html
https://www.suse.com/security/cve/CVE-2026-14037.html
https://www.suse.com/security/cve/CVE-2026-14038.html
https://www.suse.com/security/cve/CVE-2026-14039.html
https://www.suse.com/security/cve/CVE-2026-14040.html
https://www.suse.com/security/cve/CVE-2026-14041.html
https://www.suse.com/security/cve/CVE-2026-14042.html
https://www.suse.com/security/cve/CVE-2026-14043.html
https://www.suse.com/security/cve/CVE-2026-14044.html
https://www.suse.com/security/cve/CVE-2026-14045.html
https://www.suse.com/security/cve/CVE-2026-14046.html
https://www.suse.com/security/cve/CVE-2026-14047.html
https://www.suse.com/security/cve/CVE-2026-14048.html
https://www.suse.com/security/cve/CVE-2026-14049.html
https://www.suse.com/security/cve/CVE-2026-14050.html
https://www.suse.com/security/cve/CVE-2026-14051.html
https://www.suse.com/security/cve/CVE-2026-14052.html
https://www.suse.com/security/cve/CVE-2026-14053.html
https://www.suse.com/security/cve/CVE-2026-14054.html
https://www.suse.com/security/cve/CVE-2026-14055.html
https://www.suse.com/security/cve/CVE-2026-14056.html
https://www.suse.com/security/cve/CVE-2026-14057.html
https://www.suse.com/security/cve/CVE-2026-14058.html
https://www.suse.com/security/cve/CVE-2026-14059.html
https://www.suse.com/security/cve/CVE-2026-14060.html
https://www.suse.com/security/cve/CVE-2026-14061.html
https://www.suse.com/security/cve/CVE-2026-14062.html
https://www.suse.com/security/cve/CVE-2026-14063.html
https://www.suse.com/security/cve/CVE-2026-14064.html
https://www.suse.com/security/cve/CVE-2026-14065.html
https://www.suse.com/security/cve/CVE-2026-14066.html
https://www.suse.com/security/cve/CVE-2026-14067.html
https://www.suse.com/security/cve/CVE-2026-14068.html
https://www.suse.com/security/cve/CVE-2026-14069.html
https://www.suse.com/security/cve/CVE-2026-14070.html
https://www.suse.com/security/cve/CVE-2026-14071.html
https://www.suse.com/security/cve/CVE-2026-14072.html
https://www.suse.com/security/cve/CVE-2026-14073.html
https://www.suse.com/security/cve/CVE-2026-14074.html
https://www.suse.com/security/cve/CVE-2026-14075.html
https://www.suse.com/security/cve/CVE-2026-14076.html
https://www.suse.com/security/cve/CVE-2026-14077.html
https://www.suse.com/security/cve/CVE-2026-14078.html
https://www.suse.com/security/cve/CVE-2026-14079.html
https://www.suse.com/security/cve/CVE-2026-14080.html
https://www.suse.com/security/cve/CVE-2026-14081.html
https://www.suse.com/security/cve/CVE-2026-14082.html
https://www.suse.com/security/cve/CVE-2026-14083.html
https://www.suse.com/security/cve/CVE-2026-14084.html
https://www.suse.com/security/cve/CVE-2026-14085.html
https://www.suse.com/security/cve/CVE-2026-14086.html
https://www.suse.com/security/cve/CVE-2026-14087.html
https://www.suse.com/security/cve/CVE-2026-14088.html
https://www.suse.com/security/cve/CVE-2026-14089.html
https://www.suse.com/security/cve/CVE-2026-14090.html
https://www.suse.com/security/cve/CVE-2026-14091.html
https://www.suse.com/security/cve/CVE-2026-14092.html
https://www.suse.com/security/cve/CVE-2026-14093.html
https://www.suse.com/security/cve/CVE-2026-14094.html
https://www.suse.com/security/cve/CVE-2026-14095.html
https://www.suse.com/security/cve/CVE-2026-14096.html
https://www.suse.com/security/cve/CVE-2026-14097.html
https://www.suse.com/security/cve/CVE-2026-14098.html
https://www.suse.com/security/cve/CVE-2026-14099.html
https://www.suse.com/security/cve/CVE-2026-14100.html
https://www.suse.com/security/cve/CVE-2026-14101.html
https://www.suse.com/security/cve/CVE-2026-14102.html
https://www.suse.com/security/cve/CVE-2026-14103.html
https://www.suse.com/security/cve/CVE-2026-14104.html
https://www.suse.com/security/cve/CVE-2026-14105.html
https://www.suse.com/security/cve/CVE-2026-14106.html
https://www.suse.com/security/cve/CVE-2026-14107.html
https://www.suse.com/security/cve/CVE-2026-14108.html
https://www.suse.com/security/cve/CVE-2026-14109.html
https://www.suse.com/security/cve/CVE-2026-14110.html
https://www.suse.com/security/cve/CVE-2026-14111.html
https://www.suse.com/security/cve/CVE-2026-14112.html
https://www.suse.com/security/cve/CVE-2026-14113.html
https://www.suse.com/security/cve/CVE-2026-14114.html
https://www.suse.com/security/cve/CVE-2026-14115.html
https://www.suse.com/security/cve/CVE-2026-14116.html
https://www.suse.com/security/cve/CVE-2026-14117.html
https://www.suse.com/security/cve/CVE-2026-14118.html
https://www.suse.com/security/cve/CVE-2026-14119.html
https://www.suse.com/security/cve/CVE-2026-14120.html
https://www.suse.com/security/cve/CVE-2026-14121.html
https://www.suse.com/security/cve/CVE-2026-14122.html
https://www.suse.com/security/cve/CVE-2026-14123.html
https://www.suse.com/security/cve/CVE-2026-14124.html
https://www.suse.com/security/cve/CVE-2026-14125.html
https://www.suse.com/security/cve/CVE-2026-14126.html
https://www.suse.com/security/cve/CVE-2026-14127.html
https://www.suse.com/security/cve/CVE-2026-14128.html
https://www.suse.com/security/cve/CVE-2026-14129.html
https://www.suse.com/security/cve/CVE-2026-14130.html
https://www.suse.com/security/cve/CVE-2026-14131.html
https://www.suse.com/security/cve/CVE-2026-14132.html
https://www.suse.com/security/cve/CVE-2026-14133.html
https://www.suse.com/security/cve/CVE-2026-14134.html
https://www.suse.com/security/cve/CVE-2026-14135.html
https://www.suse.com/security/cve/CVE-2026-14136.html
https://www.suse.com/security/cve/CVE-2026-14137.html
https://www.suse.com/security/cve/CVE-2026-14138.html
https://www.suse.com/security/cve/CVE-2026-14139.html
https://www.suse.com/security/cve/CVE-2026-14140.html
https://www.suse.com/security/cve/CVE-2026-14141.html
https://www.suse.com/security/cve/CVE-2026-14142.html
https://www.suse.com/security/cve/CVE-2026-14143.html
https://www.suse.com/security/cve/CVE-2026-14144.html
https://www.suse.com/security/cve/CVE-2026-14145.html
https://www.suse.com/security/cve/CVE-2026-14146.html
https://www.suse.com/security/cve/CVE-2026-14147.html
https://www.suse.com/security/cve/CVE-2026-14148.html
https://www.suse.com/security/cve/CVE-2026-14149.html
https://www.suse.com/security/cve/CVE-2026-14150.html
https://www.suse.com/security/cve/CVE-2026-14151.html
https://www.suse.com/security/cve/CVE-2026-14152.html
https://www.suse.com/security/cve/CVE-2026-14153.html
https://www.suse.com/security/cve/CVE-2026-14154.html
https://www.suse.com/security/cve/CVE-2026-14155.html
https://www.suse.com/security/cve/CVE-2026-14156.html
https://www.suse.com/security/cve/CVE-2026-14381.html
https://www.suse.com/security/cve/CVE-2026-14382.html
https://www.suse.com/security/cve/CVE-2026-14383.html
https://www.suse.com/security/cve/CVE-2026-14384.html
https://www.suse.com/security/cve/CVE-2026-14385.html
https://www.suse.com/security/cve/CVE-2026-14386.html
https://www.suse.com/security/cve/CVE-2026-14387.html
https://www.suse.com/security/cve/CVE-2026-14388.html
https://www.suse.com/security/cve/CVE-2026-14389.html
https://www.suse.com/security/cve/CVE-2026-14390.html
https://www.suse.com/security/cve/CVE-2026-14391.html
https://www.suse.com/security/cve/CVE-2026-14392.html
https://www.suse.com/security/cve/CVE-2026-14393.html
https://www.suse.com/security/cve/CVE-2026-14394.html
https://www.suse.com/security/cve/CVE-2026-14395.html
https://www.suse.com/security/cve/CVE-2026-14396.html
https://www.suse.com/security/cve/CVE-2026-14397.html
https://www.suse.com/security/cve/CVE-2026-14398.html
https://www.suse.com/security/cve/CVE-2026-14399.html
https://www.suse.com/security/cve/CVE-2026-14400.html
https://www.suse.com/security/cve/CVE-2026-14401.html
https://www.suse.com/security/cve/CVE-2026-14402.html
https://www.suse.com/security/cve/CVE-2026-14403.html
https://www.suse.com/security/cve/CVE-2026-14404.html
https://www.suse.com/security/cve/CVE-2026-14405.html
https://www.suse.com/security/cve/CVE-2026-14406.html
https://www.suse.com/security/cve/CVE-2026-14407.html
https://www.suse.com/security/cve/CVE-2026-14408.html
https://www.suse.com/security/cve/CVE-2026-14409.html
https://www.suse.com/security/cve/CVE-2026-14410.html
https://www.suse.com/security/cve/CVE-2026-14411.html
https://www.suse.com/security/cve/CVE-2026-14412.html
https://www.suse.com/security/cve/CVE-2026-14413.html
https://www.suse.com/security/cve/CVE-2026-14414.html
https://www.suse.com/security/cve/CVE-2026-14415.html
https://www.suse.com/security/cve/CVE-2026-14416.html
https://www.suse.com/security/cve/CVE-2026-14417.html
https://www.suse.com/security/cve/CVE-2026-14418.html
https://www.suse.com/security/cve/CVE-2026-14419.html
https://www.suse.com/security/cve/CVE-2026-14420.html
https://www.suse.com/security/cve/CVE-2026-14421.html
https://www.suse.com/security/cve/CVE-2026-14422.html
https://www.suse.com/security/cve/CVE-2026-14423.html
https://www.suse.com/security/cve/CVE-2026-14424.html
https://www.suse.com/security/cve/CVE-2026-14425.html
https://www.suse.com/security/cve/CVE-2026-14426.html
https://www.suse.com/security/cve/CVE-2026-14427.html
https://www.suse.com/security/cve/CVE-2026-14428.html
https://www.suse.com/security/cve/CVE-2026-14429.html
https://www.suse.com/security/cve/CVE-2026-14430.html
https://www.suse.com/security/cve/CVE-2026-14431.html
https://www.suse.com/security/cve/CVE-2026-14432.html
https://bugzilla.suse.com/1269061
https://bugzilla.suse.com/1270051
openSUSE-SU-2026:11197-1: moderate: apptainer-1.5.1-3.1 on GA media
# apptainer-1.5.1-3.1 on GA media
Announcement ID: openSUSE-SU-2026:11197-1
Rating: moderate
Cross-References:
* CVE-2026-2303
CVSS scores:
* CVE-2026-2303 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the apptainer-1.5.1-3.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* apptainer 1.5.1-3.1
* apptainer-leap 1.5.1-3.1
## References:
* https://www.suse.com/security/cve/CVE-2026-2303.html
openSUSE-SU-2026:11196-1: moderate: python313-yt-dlp-2026.07.04-1.1 on GA media
# python313-yt-dlp-2026.07.04-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11196-1
Rating: moderate
Cross-References:
* CVE-2026-55404
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the python313-yt-dlp-2026.07.04-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* python313-yt-dlp 2026.07.04-1.1
* yt-dlp 2026.07.04-1.1
* yt-dlp-youtube-dl 2026.07.04-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-55404.html
openSUSE-SU-2026:11195-1: moderate: tomcat11-11.0.23-1.1 on GA media
# tomcat11-11.0.23-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11195-1
Rating: moderate
Cross-References:
* CVE-2026-50229
* CVE-2026-53404
* CVE-2026-53434
* CVE-2026-55276
* CVE-2026-55955
* CVE-2026-55956
CVSS scores:
* CVE-2026-50229 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-50229 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-53404 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-53404 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-53434 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-53434 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-55276 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-55276 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-55955 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-55955 ( SUSE ): 2.3 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-55956 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-55956 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 6 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the tomcat11-11.0.23-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* tomcat11 11.0.23-1.1
* tomcat11-admin-webapps 11.0.23-1.1
* tomcat11-doc 11.0.23-1.1
* tomcat11-docs-webapp 11.0.23-1.1
* tomcat11-el-6_0-api 11.0.23-1.1
* tomcat11-embed 11.0.23-1.1
* tomcat11-jsp-4_0-api 11.0.23-1.1
* tomcat11-jsvc 11.0.23-1.1
* tomcat11-lib 11.0.23-1.1
* tomcat11-servlet-6_1-api 11.0.23-1.1
* tomcat11-webapps 11.0.23-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-50229.html
* https://www.suse.com/security/cve/CVE-2026-53404.html
* https://www.suse.com/security/cve/CVE-2026-53434.html
* https://www.suse.com/security/cve/CVE-2026-55276.html
* https://www.suse.com/security/cve/CVE-2026-55955.html
* https://www.suse.com/security/cve/CVE-2026-55956.html