SUSE-SU-2026:3084-1: moderate: Security update for python-Pillow
SUSE-SU-2026:3086-1: important: Security update for python-python-socketio
SUSE-SU-2026:3085-1: important: Security update for python-python-engineio
SUSE-SU-2026:3087-1: moderate: Security update for tomcat11
SUSE-SU-2026:3089-1: important: Security update for the Linux Kernel
SUSE-SU-2026:3093-1: moderate: Security update for python-paramiko
SUSE-SU-2026:3094-1: moderate: Security update for openssl-3
SUSE-SU-2026:3095-1: important: Security update for libxml2
SUSE-SU-2026:3096-1: important: Security update for libxml2
openSUSE-SU-2026:21363-1: critical: Security update for chromium
openSUSE-SU-2026:11286-1: moderate: python315-3.15.0~b3-2.1 on GA media
openSUSE-SU-2026:11283-1: moderate: python313-Pillow-12.3.0-2.1 on GA media
openSUSE-SU-2026:0250-1: important: Security update for opam
SUSE-SU-2026:3102-1: important: Security update for go1.26-openssl
SUSE-SU-2026:3104-1: important: Security update for python311
SUSE-SU-2026:3105-1: important: Security update for php-composer2
SUSE-SU-2026:3110-1: important: Security update for mariadb-connector-c
SUSE-SU-2026:3084-1: moderate: Security update for python-Pillow
# Security update for python-Pillow
Announcement ID: SUSE-SU-2026:3084-1
Release Date: 2026-07-16T17:46:49Z
Rating: moderate
References:
* bsc#1271418
* bsc#1271419
* bsc#1271420
* bsc#1271421
* bsc#1271422
* bsc#1271424
* bsc#1271425
Cross-References:
* CVE-2026-54058
* CVE-2026-59197
* CVE-2026-59198
* CVE-2026-59199
* CVE-2026-59200
* CVE-2026-59204
* CVE-2026-59205
CVSS scores:
* CVE-2026-54058 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-54058 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-54058 ( NVD ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-59197 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-59197 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-59197 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-59198 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-59198 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-59198 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-59198 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-59199 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-59199 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-59199 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-59200 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-59200 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-59200 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-59204 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-59204 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-59204 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-59204 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-59205 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-59205 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-59205 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.3
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7
An update that solves seven vulnerabilities can now be installed.
## Description:
This update for python-Pillow fixes the following issues
* CVE-2026-54058: out-of-bounds read via attacker-controlled row stride on
`mmap` path (bsc#1271419).
* CVE-2026-59197: heap out-of-bounds write in `ImageFilter.RankFilter` via
integer overflow in `ImagingExpand` (bsc#1271418).
* CVE-2026-59198: out-of-bounds heap data copied into file generated by TGA
RLE encoder (bsc#1271420).
* CVE-2026-59199: heap out-of-bounds write in `Image.paste()` and
`Image.crop()` via signed coordinate overflow (bsc#1271421).
* CVE-2026-59200: decompression bomb DoS via `PdfParser.PdfStream.decode()`
(bsc#1271422).
* CVE-2026-59204: denial of service through memory exhaustion via JPEG2000
tiled decoder (bsc#1271424).
* CVE-2026-59205: controlled heap out-of-bounds write in
`ImageCmsTransform.apply()` via output mode mismatch
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-3084=1
* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-3084=1
## Package List:
* openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64)
* python3-Pillow-debuginfo-7.2.0-150300.3.30.1
* python-Pillow-debuginfo-7.2.0-150300.3.30.1
* python3-Pillow-tk-debuginfo-7.2.0-150300.3.30.1
* python-Pillow-debugsource-7.2.0-150300.3.30.1
* python3-Pillow-7.2.0-150300.3.30.1
* python3-Pillow-tk-7.2.0-150300.3.30.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* python3-Pillow-debuginfo-7.2.0-150300.3.30.1
* python-Pillow-debugsource-7.2.0-150300.3.30.1
* python-Pillow-debuginfo-7.2.0-150300.3.30.1
* python3-Pillow-7.2.0-150300.3.30.1
## References:
* https://www.suse.com/security/cve/CVE-2026-54058.html
* https://www.suse.com/security/cve/CVE-2026-59197.html
* https://www.suse.com/security/cve/CVE-2026-59198.html
* https://www.suse.com/security/cve/CVE-2026-59199.html
* https://www.suse.com/security/cve/CVE-2026-59200.html
* https://www.suse.com/security/cve/CVE-2026-59204.html
* https://www.suse.com/security/cve/CVE-2026-59205.html
* https://bugzilla.suse.com/show_bug.cgi?id=1271418
* https://bugzilla.suse.com/show_bug.cgi?id=1271419
* https://bugzilla.suse.com/show_bug.cgi?id=1271420
* https://bugzilla.suse.com/show_bug.cgi?id=1271421
* https://bugzilla.suse.com/show_bug.cgi?id=1271422
* https://bugzilla.suse.com/show_bug.cgi?id=1271424
* https://bugzilla.suse.com/show_bug.cgi?id=1271425
SUSE-SU-2026:3086-1: important: Security update for python-python-socketio
# Security update for python-python-socketio
Announcement ID: SUSE-SU-2026:3086-1
Release Date: 2026-07-16T17:53:06Z
Rating: important
References:
* bsc#1269491
Cross-References:
* CVE-2026-48804
CVSS scores:
* CVE-2026-48804 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.6
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for python-python-socketio fixes the following issues:
* CVE-2026-48804: Binary attachment accumulation can cause denial of service
(bsc#1269491).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3086=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3086=1
* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-3086=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3086=1
## Package List:
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* python311-python-socketio-5.7.2-150600.3.6.1
* Python 3 Module 15-SP7 (noarch)
* python311-python-socketio-5.7.2-150600.3.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* python311-python-socketio-5.7.2-150600.3.6.1
* openSUSE Leap 15.6 (noarch)
* python311-python-socketio-5.7.2-150600.3.6.1
## References:
* https://www.suse.com/security/cve/CVE-2026-48804.html
* https://bugzilla.suse.com/show_bug.cgi?id=1269491
SUSE-SU-2026:3085-1: important: Security update for python-python-engineio
# Security update for python-python-engineio
Announcement ID: SUSE-SU-2026:3085-1
Release Date: 2026-07-16T17:51:00Z
Rating: important
References:
* bsc#1269544
* bsc#1269545
Cross-References:
* CVE-2026-48802
* CVE-2026-48809
CVSS scores:
* CVE-2026-48802 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-48802 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-48809 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-48809 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.6
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves two vulnerabilities can now be installed.
## Description:
This update for python-python-engineio fixes the following issues:
* CVE-2026-48802: remote user can cause the creation of unnecessary background
threads in the server through the heartbeat mechanism and cause a DoS
(bsc#1269544).
* CVE-2026-48809: size of incoming messages is not checked before they are
loaded into memory and allows remote users to cause a DoS via excessive
memory allocation (bsc#1269545).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-3085=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3085=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3085=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3085=1
## Package List:
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* python311-python-engineio-4.3.4-150600.3.3.1
* Python 3 Module 15-SP7 (noarch)
* python311-python-engineio-4.3.4-150600.3.3.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* python311-python-engineio-4.3.4-150600.3.3.1
* openSUSE Leap 15.6 (noarch)
* python311-python-engineio-4.3.4-150600.3.3.1
## References:
* https://www.suse.com/security/cve/CVE-2026-48802.html
* https://www.suse.com/security/cve/CVE-2026-48809.html
* https://bugzilla.suse.com/show_bug.cgi?id=1269544
* https://bugzilla.suse.com/show_bug.cgi?id=1269545
SUSE-SU-2026:3087-1: moderate: Security update for tomcat11
# Security update for tomcat11
Announcement ID: SUSE-SU-2026:3087-1
Release Date: 2026-07-16T17:56:56Z
Rating: moderate
References:
* bsc#1232390
* bsc#1269791
* bsc#1269824
* bsc#1269907
* bsc#1269908
* bsc#1269909
* bsc#1269910
Cross-References:
* CVE-2026-50229
* CVE-2026-53404
* CVE-2026-53434
* CVE-2026-55276
* CVE-2026-55955
* CVE-2026-55956
CVSS scores:
* CVE-2026-50229 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-50229 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-50229 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-53404 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-53404 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-53404 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-53434 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-53434 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-53434 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-55276 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-55276 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-55276 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-55955 ( SUSE ): 2.3
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-55955 ( SUSE ): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-55955 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-55956 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-55956 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-55956 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* Web and Scripting Module 15-SP7
An update that solves six vulnerabilities and has one security fix can now be
installed.
## Description:
This update for tomcat11 fixes the following issues
Update to Tomcat 11.0.23.
Security issues fixed:
* CVE-2026-50229: improper neutralization of script-related HTML tags in the
number guess example (bsc#1269791).
* CVE-2026-53404: always-incorrect control flow implementation in the rewrite
valve caused non-OR conditions to be skipped if the first condition in an OR
chain matched (bsc#1269910).
* CVE-2026-53434: error condition not handled when configuring CRLs for a FFM
based connector (bsc#1269824).
* CVE-2026-55276: always-incorrect control flow implementation caused special
roles and empty authorization constraints to not be included when the
effective web.xml was logged (bsc#1269909).
* CVE-2026-55955: improper authentication allows a replay attack against the
EncryptionInterceptor in the cluster component (bsc#1269908).
* CVE-2026-55956: improper authorization leads to security constraints
specified for the default servlet ignoring any method or method omission
configured as part of the constraint (bsc#1269907).
Other updates and bugfixes:
* Upgrade libtcnative to v2 (bsc#1232390).
* Tomcat 11.0.23:
* Catalina
* Add: Add support for literal '%' characters in access log output. Based on pull request #1002 by Fabian Hahn. (markt)
* Fix: Lower the log level to debug when OpenSSL initialization fails in OpenSSLLifecycleListener to avoid stack traces when libssl.so is not present and to align the behavior of the isAvailable() check with the AprLifecycleListener and gracefully fail when natives are not present. (csutherl)
* Fix: 70038: Cookie.clone() should also clone the internal attribute map. (markt)
* Code: Remove unnecessary code from the SSI processing engine that was duplicating some of the normalisation checks. (markt)
* Fix: Cleaner handling of invalid SPNEGO tokens. (remm)
* Fix: Avoid some NPEs in the Connector class on an uninitialize protocol. (remm)
* Fix: Incorrect session average life calculation. (remm)
* Fix: Improve robustness on using Pipeline.setBasic on a running pipeline. (remm)
* Fix: Avoid any init parameter updates when conflicts are found for filters, similar to what is done for servlets, as required by the servlet specification. (remm)
* Fix: Fix container event cleanups in some edge cases. (remm)
* Fix: Check for last-modified header in ExpiresFilter when a servlet uses addDateHeader to avoid wrongly considering it has been set. (remm)
* Fix: Fix hour unit used by ExpiresFilter. (remm)
* Fix: Remove exception swallowing in DataSourceStore to align it with FileStore and avoid session loss on errors. (remm)
* Fix: Add support for single-quote escaped literal as well as quoted literals in DateFormatCache. (schultz)
* Fix: On JAAS logout, clear out role principals on the subject that were added on commit, as recommended by the JAAS specification. (remm)
* Fix: MemoryRealm should not add a dummy role when none is specified in the configuration. (remm)
* Fix: DataSourceUserDatabase should return a null principal on a non existing user. (remm)
* Fix: Fix shared lock expiration in WebDAV. (remm)
* Fix: Inaccurate session exipration statistics when using the persistent manager. (remm)
* Fix: Skip BOM when serving files with UTF-32 encoding. (remm)
* Fix: Mixup of WrapperListener and WrapperLifecycle elements in storeconfig. (remm)
* Fix: Incorrect processing of modified users in DataSourceUserDatabase. (remm)
* Update: Clarify behavior in the UserDatabase for user, role and group creation that it does not immediately override existing elements. Removal (or update) needs to be used instead. (remm)
* Fix: 70049: Align the web application class loader with parent class loaders and swallow any errors caused by invalid paths when looking up resources and behave as if the resources were not found in that case. (markt)
* Fix: Improve validation of Range and Content-Range parsers so invalid ranges trigger a 4xx response rather than a 500 response. Pull request #1012 provided by Sahana Surendra Bogar. (markt)
* Fix: Fix connection leak in ProxyErrorReportValve. (remm)
* Fix: When using the RewriteValve, %{SSL:HTTPS} now returns on or off rather than true or false to align with httpd. (markt)
* Fix: Reset the encoding used for query string parameters between requests in case an application changed the encoding in a previous request. (markt)
* Fix: When encoding URLs with the CsrfPreventionFilter, don't add the nonce to URLs that are known not to require it. (markt)
* Fix: Fix SSO cookie partitioned configuration. (remm)
* Fix: Fix CombinedRealm isAvailable, it allows authentication if at least one sub realm is available. (remm)
* Fix: 70048: Correctly handle asynchronous requests in PersistentValve. (markt)
* Fix: Improve the detection of cross-context dispatches when using a RequestDispatcher. (markt)
* Fix: Fix various instances of double decoding of URL patterns configured either programmatically or in web.xml. (remm/markt)
* Fix: Align the rewrite conditions ornext flag processing with mod_rewrite, which follows a purely sequential evaluation strategy. (remm)
* Fix: Update default web.xml version to match supported Servlet specification version. (markt)
* Fix: Change the default for the useRedirect attribute of the ProxyErrorReportValve from true to false. (markt)
* Add: Add support for the showReport attribute in JsonErrorReportValve and ProxyErrorReportValve. When set to false, detailed error information (message, description, stack trace) is suppressed from error responses. (dsoumis)
* Fix: Avoid a NoClassDefFoundError at startup when catalina-tribes.jar is removed but catalina-ha.jar is present and the Cluster element is enabled in server.xml. Cluster digester rules are now fully conditional on both JARs being available. (dsoumis)
* Fix: Fix a potential deadlock when copying resources using WebDAV. (markt)
* Fix: Add jakarta., org.apache.catalina. and org.apache.tomcat.to the list of reserved prefixes for SSI variables and request attributes. (markt)
* Fix: Missing URL decoding when processing addMapping on a Servlet registration. (remm)
* Fix: The Timeout WebDAV header allows comma separated values (according to the examples in the RFC). Use the first acceptable value. (remm)
* Fix: Fix various issues when logging the effective web.xml for a web application. Empty sections are no longer logged. Special roles and empty authorisation constraints are included. All session cookie attributes are included. (markt)
* Fix: Expand the write lock for the save process in the MemoryUserDatabase to avoid concurrency issues with the file save operations. (markt)
* Fix: Ensure atomic session persistence in FileStore. Based on pull request #1016 by sahvx655-wq. (markt)
* Fix: Do not ignore methods configured on security constraints that map to the default servlet. (markt)
* Cluster
* Fix: Expand wording and increase visibility of log message when cloud membership is configured without a trust store as all certificates will be trusted in this configuration. (markt)
* Fix: Ensure listeners are correctly added and removed when configuring the channel coordinator. (markt)
* Fix: Fix some concurrency issues in FragmentationInterceptor. (markt)
* Fix: Fix some concurrency issues in OrderInterceptor. (markt)
* Fix: Fix some concurrency issues in TwoPhaseCommitInterceptor. (markt)
* Fix: Fix concurrency issues generating MD5 digests in the CloudMembershipProvider implementations. (markt)
* Add: Add replay protection to the EncryptInterceptor. This us a breaking change for the EncryptInterceptor.(markt)
* Coyote
* Add: Log a suitable warning if an encrypted PEM file is detected using an insecure form for encryption. (markt)
* Fix: If TLS groups have been configured, use the configured groups rather than using OpenSSL's default TLS groups when using Tomcat Native with OpenSSL based connectors. (markt)
* Fix: For HTTP/2, ensure that any in progress request body reads are cancelled if the container resets the associated stream. This prevents delays waiting for reads to time out when it is known that no more data will be received. (markt)
* Fix: Ensure that malformed HTTP/2 messages that should trigger a stream reset do so, rather than triggered a connection close. (markt)
* Fix: Improve enforcement of header trailer allow list for HTTP/2. (remm)
* Fix: 70050: Avoid NPE when no header frame is processed in HTTP/2, following refactor clean-up of header buffer. (remm)
* Fix: Properly use pollerThreadPriority for the NIO poller thread. (remm)
* Fix: Fix MessageByte.equals if called on a null MB. (remm)
* Fix: Call the delegate key manager in JSSE to retrieve the server key. (remm)
* Fix: Avoid overflow scenarios in Asn1Parser. (remm)
* Fix: 70091: Add a new attribute, allowSchemeMismatch to Http2Protocol that allows the consistency check for the scheme provided by the user agent to be bypassed. (markt)
* Fix: isTrailerFieldsReady was always returning true. (remm)
* Fix: Align OpenSSL/Panama TLS implementation with other implementations and throw an exception if there is an error loading the provided CRL(s). (markt)
* Fix: Parsing of OpenSSL format cipher expressions incorrectly stopped if @STRENGTH was encountered, ignoring any subsequent expressions. (markt)
* Fix: Handle the case where the HTTP/2 payload length is insufficient for the mandatory data required by the flags set in the header. (markt)
* Fix: 70102: Correct expected size of ticket keys when calling setSessionTicketKeys with an FFM connector. (markt)
* Fix: 69988: Fix post handshake authentication for TLS 1.3. It was broken by a breaking change in OpenSSL between 1.1.1 and 3.0.0. (markt)
* Fix: When processing an OpenSSL cipher specification, fully align the order of the resulting ciphers with the order produced by OpenSSL. (markt)
* Add: Add support for Brainpool TLS groups. Patch provided by YStankov. (schultz)
* Update: Update both the minimum and recommended version for Tomcat Native 2.x to 2.0.15. (markt)
* Update: Update the minimum version for Tomcat Native 1.x to 1.3.8. (markt)
* Jasper
* Fix: Fix possible EL argument mismatch when it was set to null. (remm)
* Fix: Fix thread safety of TagPluginManager. (remm)
* Fix: Correctly use flush on JSP include. (remm)
* Web applications
* Add: Manager: Add checks to ensure that any uploaded files are uploaded to the expected location. (markt)
* Add: Manager: Add checks to ensure that the requested context path for a deployed WAR, directory or descriptor file is valid. (markt)
* Add: Documentation: Expand the description of some of the attributes of the CrawlerSessionManagerValve. (markt)
* Fix: Documentation: Clearer description and correct documented default for ocspSoftFail. (markt)
* Fix: Fix double escaping in the context names for the JSON mode of the manager servlet. (remm)
* Fix: Manager: Ensure automatic deployment does not trigger an undeployment during a Manager triggered web application reload. (markt)
* Fix: Documentation: Provide better documentation for the scheme and secure attributes of a Connector. (markt)
* Websocket
* Fix: Incorrect Future.isDone() return by AsyncChannelWrapperSecure. (remm)
* Fix: Trigger standard WebSocket error handling if a call to Endpoint.onOpen() fails for a programmatic endpoint. (markt)
* Fix: 70110: Fix memory leak if a call to Endpoint.onOpen() fails for a programmatic endpoint. Test case provided by uabdur. (markt)
* Fix: If a client presents invalid parameters when negotiating a WebSocket extension, decline the negotiation offer that includes the invalid parameters rather than failing the connection. Pull request #1019 provided by sahvx655-wq. (markt)
* Other
* Fix: Use per connection authenticator when executing an Ant task. (remm/markt)
* Update: Update Commons Daemon to 1.6.1. (markt)
* Fix: Prevent duplicate log messages when clustering JARs are not present on startup. (csutherl)
* Update: Improvements to French translations. (remm)
* Update: Improvements to Japanese translations provided by tak7iji. (markt)
* Update: Update the packaged version of the Tomcat Migration Tool for Jakarta EE to 1.0.12. (markt)
* Update: Update Tomcat Native to 2.0.15. (markt)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Web and Scripting Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-3087=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3087=1
## Package List:
* Web and Scripting Module 15-SP7 (noarch)
* tomcat11-11.0.23-150600.13.24.1
* tomcat11-el-6_0-api-11.0.23-150600.13.24.1
* tomcat11-servlet-6_1-api-11.0.23-150600.13.24.1
* tomcat11-lib-11.0.23-150600.13.24.1
* tomcat11-admin-webapps-11.0.23-150600.13.24.1
* tomcat11-jsp-4_0-api-11.0.23-150600.13.24.1
* tomcat11-webapps-11.0.23-150600.13.24.1
* openSUSE Leap 15.6 (noarch)
* tomcat11-jsvc-11.0.23-150600.13.24.1
* tomcat11-docs-webapp-11.0.23-150600.13.24.1
* tomcat11-11.0.23-150600.13.24.1
* tomcat11-el-6_0-api-11.0.23-150600.13.24.1
* tomcat11-servlet-6_1-api-11.0.23-150600.13.24.1
* tomcat11-lib-11.0.23-150600.13.24.1
* tomcat11-admin-webapps-11.0.23-150600.13.24.1
* tomcat11-jsp-4_0-api-11.0.23-150600.13.24.1
* tomcat11-webapps-11.0.23-150600.13.24.1
* tomcat11-embed-11.0.23-150600.13.24.1
* tomcat11-doc-11.0.23-150600.13.24.1
## References:
* https://www.suse.com/security/cve/CVE-2026-50229.html
* https://www.suse.com/security/cve/CVE-2026-53404.html
* https://www.suse.com/security/cve/CVE-2026-53434.html
* https://www.suse.com/security/cve/CVE-2026-55276.html
* https://www.suse.com/security/cve/CVE-2026-55955.html
* https://www.suse.com/security/cve/CVE-2026-55956.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232390
* https://bugzilla.suse.com/show_bug.cgi?id=1269791
* https://bugzilla.suse.com/show_bug.cgi?id=1269824
* https://bugzilla.suse.com/show_bug.cgi?id=1269907
* https://bugzilla.suse.com/show_bug.cgi?id=1269908
* https://bugzilla.suse.com/show_bug.cgi?id=1269909
* https://bugzilla.suse.com/show_bug.cgi?id=1269910
SUSE-SU-2026:3089-1: important: Security update for the Linux Kernel
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2026:3089-1
Release Date: 2026-07-17T01:35:33Z
Rating: important
References:
* bsc#1264097
* bsc#1264145
* bsc#1265421
* bsc#1267381
* bsc#1267531
* bsc#1267567
* bsc#1267635
* bsc#1267684
* bsc#1267722
* bsc#1267918
* bsc#1267993
* bsc#1268022
* bsc#1268660
* bsc#1269022
* bsc#1269033
* bsc#1269036
* bsc#1269090
* bsc#1269100
* bsc#1269159
* bsc#1269184
* bsc#1269193
* bsc#1269195
* bsc#1269310
* bsc#1269398
* bsc#1269574
* bsc#1269678
* bsc#1269681
* bsc#1269821
* bsc#1270059
Cross-References:
* CVE-2026-31771
* CVE-2026-43038
* CVE-2026-46090
* CVE-2026-46173
* CVE-2026-46197
* CVE-2026-46229
* CVE-2026-46253
* CVE-2026-46266
* CVE-2026-46274
* CVE-2026-46319
* CVE-2026-46320
* CVE-2026-46331
* CVE-2026-52909
* CVE-2026-52918
* CVE-2026-52923
* CVE-2026-52924
* CVE-2026-52943
* CVE-2026-52955
* CVE-2026-52969
* CVE-2026-52972
* CVE-2026-52993
* CVE-2026-53016
* CVE-2026-53041
* CVE-2026-53053
* CVE-2026-53071
* CVE-2026-53072
* CVE-2026-53133
* CVE-2026-53253
* CVE-2026-53359
CVSS scores:
* CVE-2026-31771 ( SUSE ): 8.7
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31771 ( SUSE ): 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31771 ( NVD ): 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-43038 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-43038 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43038 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-46090 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46090 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46197 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46197 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46197 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46229 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46229 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-46229 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46253 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46266 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46266 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-46274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46319 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46319 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46320 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-46320 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-46320 ( NVD ): 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
* CVE-2026-46331 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46331 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46331 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52918 ( SUSE ): 8.6
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52918 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52918 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52923 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52923 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52923 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52923 ( NVD ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-52924 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52924 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-52924 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52924 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52955 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-52955 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52955 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-52969 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52969 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52969 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52972 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52972 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52972 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52972 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-52993 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52993 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52993 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52993 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53016 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-53016 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53016 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53041 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-53041 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-53053 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-53053 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53053 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-53071 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53071 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53071 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53072 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53072 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53133 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-53133 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53133 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53253 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-53253 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-53359 ( SUSE ): 9.3
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-53359 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves 29 vulnerabilities can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security
issues
The following security issues were fixed:
* CVE-2026-31771: Bluetooth: Ignore HCI_ERROR_CANCELLED_BY_HOST on adv set
terminated event (bsc#1264145).
* CVE-2026-43038: ipv6: icmp: clear skb2->cb in ip6_err_gen_icmpv6_unreach()
(bsc#1264097).
* CVE-2026-46090: ALSA: aloop: Fix peer runtime UAF during format-change stop
(bsc#1267531).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267722).
* CVE-2026-46197: drm/amdkfd: validate SVM ioctl nattr against buffer size
(bsc#1267381).
* CVE-2026-46229: drm/amdkfd: Clear VRAM on allocation to prevent stale data
exposure (bsc#1267567).
* CVE-2026-46253: pstore/ram: fix buffer overflow in persistent_ram_save_old()
(bsc#1267635).
* CVE-2026-46266: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP
(bsc#1267684).
* CVE-2026-46319: net/sched: act_ct: Only release RCU read lock after ct_ft
(bsc#1268022).
* CVE-2026-46320: tap: free page on error paths in tap_get_user_xdp()
(bsc#1267993).
* CVE-2026-46331: net/sched: fix pedit partial COW leading to page cache
(bsc#1265421).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268660).
* CVE-2026-52918: Bluetooth: serialize accept_q access (bsc#1269100).
* CVE-2026-52923: ipc: limit next_id allocation to the valid ID range
(bsc#1269033).
* CVE-2026-52924: sctp: purge outqueue on stale COOKIE-ECHO handling
(bsc#1269036).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269022).
* CVE-2026-52955: libceph: Fix potential out-of-bounds access in
crush_decode() (bsc#1269159).
* CVE-2026-52969: KVM: Reject wrapped offset in kvm_reset_dirty_gfn()
(bsc#1269184).
* CVE-2026-52972: crypto: af_alg - Cap AEAD AD length to 0x80000000
(bsc#1269195).
* CVE-2026-52993: tipc: fix double-free in tipc_buf_append() (bsc#1269193).
* CVE-2026-53016: crypto: ccp - copy IV using skcipher ivsize (bsc#1269090).
* CVE-2026-53041: ocfs2: fix listxattr handling when the buffer is full
(bsc#1269398).
* CVE-2026-53053: iommu/amd: Fix clone_alias() to use the original device's
devid (bsc#1269310).
* CVE-2026-53071: Bluetooth: l2cap: Add missing chan lock in
l2cap_ecred_reconf_rsp (bsc#1269678).
* CVE-2026-53072: Bluetooth: fix locking in hci_conn_request_evt() with
HCI_PROTO_DEFER (bsc#1269681).
* CVE-2026-53133: RDMA/umem: Fix truncation for block sizes >= 4G
(bsc#1269821).
* CVE-2026-53253: Bluetooth: bnep: fix incorrect length parsing in
bnep_rx_frame() extension handling (bsc#1269574).
* CVE-2026-53359: KVM: x86: Fix shadow paging use-after-free due to unexpected
role (bsc#1270059).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-3089=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-3089=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-3089=1
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-3089=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-3089=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-3089=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-3089=1
## Package List:
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* kernel-obs-build-debugsource-5.14.21-150500.55.177.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.177.1
* ocfs2-kmp-default-5.14.21-150500.55.177.1
* kernel-obs-build-5.14.21-150500.55.177.1
* kernel-default-devel-5.14.21-150500.55.177.1
* reiserfs-kmp-default-5.14.21-150500.55.177.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.177.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.177.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.177.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.177.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.177.1
* cluster-md-kmp-default-5.14.21-150500.55.177.1
* kernel-default-base-5.14.21-150500.55.177.1.150500.6.83.2
* dlm-kmp-default-5.14.21-150500.55.177.1
* kernel-syms-5.14.21-150500.55.177.1
* kernel-default-debuginfo-5.14.21-150500.55.177.1
* gfs2-kmp-default-5.14.21-150500.55.177.1
* kernel-default-debugsource-5.14.21-150500.55.177.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* kernel-macros-5.14.21-150500.55.177.1
* kernel-devel-5.14.21-150500.55.177.1
* kernel-source-5.14.21-150500.55.177.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (nosrc ppc64le
x86_64)
* kernel-default-5.14.21-150500.55.177.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.177.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* kernel-obs-build-debugsource-5.14.21-150500.55.177.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.177.1
* kernel-obs-build-5.14.21-150500.55.177.1
* ocfs2-kmp-default-5.14.21-150500.55.177.1
* kernel-default-devel-5.14.21-150500.55.177.1
* reiserfs-kmp-default-5.14.21-150500.55.177.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.177.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.177.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.177.1
* cluster-md-kmp-default-5.14.21-150500.55.177.1
* kernel-default-debuginfo-5.14.21-150500.55.177.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.177.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.177.1
* dlm-kmp-default-5.14.21-150500.55.177.1
* kernel-syms-5.14.21-150500.55.177.1
* gfs2-kmp-default-5.14.21-150500.55.177.1
* kernel-default-debugsource-5.14.21-150500.55.177.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch nosrc)
* kernel-docs-5.14.21-150500.55.177.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* kernel-macros-5.14.21-150500.55.177.1
* kernel-devel-5.14.21-150500.55.177.1
* kernel-source-5.14.21-150500.55.177.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64)
* kernel-64kb-debuginfo-5.14.21-150500.55.177.1
* kernel-64kb-debugsource-5.14.21-150500.55.177.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.177.1
* kernel-64kb-devel-5.14.21-150500.55.177.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150500.55.177.1.150500.6.83.2
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 nosrc ppc64le s390x
x86_64)
* kernel-default-5.14.21-150500.55.177.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.177.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150500.55.177.1
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.177.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.177.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.177.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* kernel-macros-5.14.21-150500.55.177.1
* kernel-devel-5.14.21-150500.55.177.1
* kernel-source-5.14.21-150500.55.177.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 nosrc
x86_64)
* kernel-default-5.14.21-150500.55.177.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* kernel-syms-5.14.21-150500.55.177.1
* kernel-obs-build-debugsource-5.14.21-150500.55.177.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.177.1
* ocfs2-kmp-default-5.14.21-150500.55.177.1
* kernel-obs-build-5.14.21-150500.55.177.1
* kernel-default-devel-5.14.21-150500.55.177.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.177.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.177.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.177.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.177.1
* cluster-md-kmp-default-5.14.21-150500.55.177.1
* kernel-default-base-5.14.21-150500.55.177.1.150500.6.83.2
* dlm-kmp-default-5.14.21-150500.55.177.1
* kernel-default-debuginfo-5.14.21-150500.55.177.1
* gfs2-kmp-default-5.14.21-150500.55.177.1
* kernel-default-debugsource-5.14.21-150500.55.177.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
nosrc)
* kernel-64kb-5.14.21-150500.55.177.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64)
* kernel-64kb-debuginfo-5.14.21-150500.55.177.1
* kernel-64kb-debugsource-5.14.21-150500.55.177.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.177.1
* kernel-64kb-devel-5.14.21-150500.55.177.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150500.55.177.1
* kernel-livepatch-5_14_21-150500_55_177-default-debuginfo-1-150500.11.5.1
* kernel-livepatch-SLE15-SP5_Update_43-debugsource-1-150500.11.5.1
* kernel-default-livepatch-5.14.21-150500.55.177.1
* kernel-livepatch-5_14_21-150500_55_177-default-1-150500.11.5.1
* kernel-default-debuginfo-5.14.21-150500.55.177.1
* kernel-default-livepatch-devel-5.14.21-150500.55.177.1
* SUSE Linux Enterprise Live Patching 15-SP5 (nosrc)
* kernel-default-5.14.21-150500.55.177.1
* openSUSE Leap 15.5 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150500.55.177.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* kernel-default-devel-5.14.21-150500.55.177.1
* reiserfs-kmp-default-debuginfo-5.14.21-150500.55.177.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.177.1
* kernel-default-debuginfo-5.14.21-150500.55.177.1
* kernel-default-optional-5.14.21-150500.55.177.1
* ocfs2-kmp-default-5.14.21-150500.55.177.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.177.1
* kernel-default-devel-debuginfo-5.14.21-150500.55.177.1
* dlm-kmp-default-5.14.21-150500.55.177.1
* kernel-default-extra-5.14.21-150500.55.177.1
* kselftests-kmp-default-debuginfo-5.14.21-150500.55.177.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.177.1
* kernel-obs-build-5.14.21-150500.55.177.1
* kernel-default-extra-debuginfo-5.14.21-150500.55.177.1
* cluster-md-kmp-default-5.14.21-150500.55.177.1
* kernel-syms-5.14.21-150500.55.177.1
* kernel-obs-qa-5.14.21-150500.55.177.1
* kernel-obs-build-debugsource-5.14.21-150500.55.177.1
* kernel-default-optional-debuginfo-5.14.21-150500.55.177.1
* reiserfs-kmp-default-5.14.21-150500.55.177.1
* kernel-default-livepatch-5.14.21-150500.55.177.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.177.1
* gfs2-kmp-default-5.14.21-150500.55.177.1
* kernel-default-debugsource-5.14.21-150500.55.177.1
* kselftests-kmp-default-5.14.21-150500.55.177.1
* openSUSE Leap 15.5 (aarch64)
* reiserfs-kmp-64kb-5.14.21-150500.55.177.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.177.1
* dtb-amazon-5.14.21-150500.55.177.1
* dtb-nvidia-5.14.21-150500.55.177.1
* kernel-64kb-devel-5.14.21-150500.55.177.1
* dtb-mediatek-5.14.21-150500.55.177.1
* cluster-md-kmp-64kb-5.14.21-150500.55.177.1
* dtb-renesas-5.14.21-150500.55.177.1
* kselftests-kmp-64kb-5.14.21-150500.55.177.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.177.1
* dtb-allwinner-5.14.21-150500.55.177.1
* kernel-64kb-debuginfo-5.14.21-150500.55.177.1
* dtb-amlogic-5.14.21-150500.55.177.1
* dtb-socionext-5.14.21-150500.55.177.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.177.1
* dtb-amd-5.14.21-150500.55.177.1
* dtb-broadcom-5.14.21-150500.55.177.1
* dtb-freescale-5.14.21-150500.55.177.1
* kernel-64kb-optional-debuginfo-5.14.21-150500.55.177.1
* dtb-rockchip-5.14.21-150500.55.177.1
* kernel-64kb-optional-5.14.21-150500.55.177.1
* dtb-xilinx-5.14.21-150500.55.177.1
* kernel-64kb-extra-debuginfo-5.14.21-150500.55.177.1
* dtb-sprd-5.14.21-150500.55.177.1
* dlm-kmp-64kb-5.14.21-150500.55.177.1
* dtb-arm-5.14.21-150500.55.177.1
* kernel-64kb-extra-5.14.21-150500.55.177.1
* dtb-apm-5.14.21-150500.55.177.1
* dtb-cavium-5.14.21-150500.55.177.1
* dtb-exynos-5.14.21-150500.55.177.1
* dtb-qcom-5.14.21-150500.55.177.1
* gfs2-kmp-64kb-5.14.21-150500.55.177.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.177.1
* kernel-64kb-debugsource-5.14.21-150500.55.177.1
* dlm-kmp-64kb-debuginfo-5.14.21-150500.55.177.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.177.1
* dtb-apple-5.14.21-150500.55.177.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.177.1
* dtb-marvell-5.14.21-150500.55.177.1
* dtb-hisilicon-5.14.21-150500.55.177.1
* dtb-altera-5.14.21-150500.55.177.1
* ocfs2-kmp-64kb-5.14.21-150500.55.177.1
* dtb-lg-5.14.21-150500.55.177.1
* openSUSE Leap 15.5 (aarch64 ppc64le x86_64)
* kernel-kvmsmall-devel-5.14.21-150500.55.177.1
* kernel-kvmsmall-debuginfo-5.14.21-150500.55.177.1
* kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.177.1
* kernel-default-base-5.14.21-150500.55.177.1.150500.6.83.2
* kernel-default-base-rebuild-5.14.21-150500.55.177.1.150500.6.83.2
* kernel-kvmsmall-debugsource-5.14.21-150500.55.177.1
* openSUSE Leap 15.5 (aarch64 nosrc ppc64le s390x x86_64)
* kernel-default-5.14.21-150500.55.177.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_177-default-debuginfo-1-150500.11.5.1
* kernel-livepatch-SLE15-SP5_Update_43-debugsource-1-150500.11.5.1
* kernel-livepatch-5_14_21-150500_55_177-default-1-150500.11.5.1
* kernel-default-livepatch-devel-5.14.21-150500.55.177.1
* openSUSE Leap 15.5 (nosrc)
* dtb-aarch64-5.14.21-150500.55.177.1
* openSUSE Leap 15.5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.177.1
* openSUSE Leap 15.5 (x86_64)
* kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.177.1
* kernel-default-vdso-5.14.21-150500.55.177.1
* kernel-kvmsmall-vdso-5.14.21-150500.55.177.1
* kernel-default-vdso-debuginfo-5.14.21-150500.55.177.1
* openSUSE Leap 15.5 (noarch)
* kernel-macros-5.14.21-150500.55.177.1
* kernel-docs-html-5.14.21-150500.55.177.1
* kernel-devel-5.14.21-150500.55.177.1
* kernel-source-5.14.21-150500.55.177.1
* kernel-source-vanilla-5.14.21-150500.55.177.1
* openSUSE Leap 15.5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.177.1
* openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150500.55.177.1
* openSUSE Leap 15.5 (s390x)
* kernel-zfcpdump-debugsource-5.14.21-150500.55.177.1
* kernel-zfcpdump-debuginfo-5.14.21-150500.55.177.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* kernel-macros-5.14.21-150500.55.177.1
* kernel-devel-5.14.21-150500.55.177.1
* kernel-source-5.14.21-150500.55.177.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* kernel-default-devel-debuginfo-5.14.21-150500.55.177.1
* kernel-obs-build-debugsource-5.14.21-150500.55.177.1
* gfs2-kmp-default-debuginfo-5.14.21-150500.55.177.1
* kernel-obs-build-5.14.21-150500.55.177.1
* ocfs2-kmp-default-5.14.21-150500.55.177.1
* kernel-default-devel-5.14.21-150500.55.177.1
* cluster-md-kmp-default-debuginfo-5.14.21-150500.55.177.1
* dlm-kmp-default-debuginfo-5.14.21-150500.55.177.1
* ocfs2-kmp-default-debuginfo-5.14.21-150500.55.177.1
* kernel-default-debuginfo-5.14.21-150500.55.177.1
* cluster-md-kmp-default-5.14.21-150500.55.177.1
* kernel-default-base-5.14.21-150500.55.177.1.150500.6.83.2
* dlm-kmp-default-5.14.21-150500.55.177.1
* kernel-syms-5.14.21-150500.55.177.1
* gfs2-kmp-default-5.14.21-150500.55.177.1
* kernel-default-debugsource-5.14.21-150500.55.177.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 nosrc
x86_64)
* kernel-default-5.14.21-150500.55.177.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 nosrc)
* kernel-64kb-5.14.21-150500.55.177.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch nosrc)
* kernel-docs-5.14.21-150500.55.177.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64)
* kernel-64kb-debuginfo-5.14.21-150500.55.177.1
* kernel-64kb-debugsource-5.14.21-150500.55.177.1
* kernel-64kb-devel-debuginfo-5.14.21-150500.55.177.1
* kernel-64kb-devel-5.14.21-150500.55.177.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* kernel-macros-5.14.21-150500.55.177.1
* kernel-source-5.14.21-150500.55.177.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 nosrc ppc64le s390x x86_64)
* kernel-default-5.14.21-150500.55.177.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* kernel-default-debuginfo-5.14.21-150500.55.177.1
* kernel-default-debugsource-5.14.21-150500.55.177.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64)
* kernel-default-base-5.14.21-150500.55.177.1.150500.6.83.2
## References:
* https://www.suse.com/security/cve/CVE-2026-31771.html
* https://www.suse.com/security/cve/CVE-2026-43038.html
* https://www.suse.com/security/cve/CVE-2026-46090.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46197.html
* https://www.suse.com/security/cve/CVE-2026-46229.html
* https://www.suse.com/security/cve/CVE-2026-46253.html
* https://www.suse.com/security/cve/CVE-2026-46266.html
* https://www.suse.com/security/cve/CVE-2026-46274.html
* https://www.suse.com/security/cve/CVE-2026-46319.html
* https://www.suse.com/security/cve/CVE-2026-46320.html
* https://www.suse.com/security/cve/CVE-2026-46331.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52918.html
* https://www.suse.com/security/cve/CVE-2026-52923.html
* https://www.suse.com/security/cve/CVE-2026-52924.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://www.suse.com/security/cve/CVE-2026-52955.html
* https://www.suse.com/security/cve/CVE-2026-52969.html
* https://www.suse.com/security/cve/CVE-2026-52972.html
* https://www.suse.com/security/cve/CVE-2026-52993.html
* https://www.suse.com/security/cve/CVE-2026-53016.html
* https://www.suse.com/security/cve/CVE-2026-53041.html
* https://www.suse.com/security/cve/CVE-2026-53053.html
* https://www.suse.com/security/cve/CVE-2026-53071.html
* https://www.suse.com/security/cve/CVE-2026-53072.html
* https://www.suse.com/security/cve/CVE-2026-53133.html
* https://www.suse.com/security/cve/CVE-2026-53253.html
* https://www.suse.com/security/cve/CVE-2026-53359.html
* https://bugzilla.suse.com/show_bug.cgi?id=1264097
* https://bugzilla.suse.com/show_bug.cgi?id=1264145
* https://bugzilla.suse.com/show_bug.cgi?id=1265421
* https://bugzilla.suse.com/show_bug.cgi?id=1267381
* https://bugzilla.suse.com/show_bug.cgi?id=1267531
* https://bugzilla.suse.com/show_bug.cgi?id=1267567
* https://bugzilla.suse.com/show_bug.cgi?id=1267635
* https://bugzilla.suse.com/show_bug.cgi?id=1267684
* https://bugzilla.suse.com/show_bug.cgi?id=1267722
* https://bugzilla.suse.com/show_bug.cgi?id=1267918
* https://bugzilla.suse.com/show_bug.cgi?id=1267993
* https://bugzilla.suse.com/show_bug.cgi?id=1268022
* https://bugzilla.suse.com/show_bug.cgi?id=1268660
* https://bugzilla.suse.com/show_bug.cgi?id=1269022
* https://bugzilla.suse.com/show_bug.cgi?id=1269033
* https://bugzilla.suse.com/show_bug.cgi?id=1269036
* https://bugzilla.suse.com/show_bug.cgi?id=1269090
* https://bugzilla.suse.com/show_bug.cgi?id=1269100
* https://bugzilla.suse.com/show_bug.cgi?id=1269159
* https://bugzilla.suse.com/show_bug.cgi?id=1269184
* https://bugzilla.suse.com/show_bug.cgi?id=1269193
* https://bugzilla.suse.com/show_bug.cgi?id=1269195
* https://bugzilla.suse.com/show_bug.cgi?id=1269310
* https://bugzilla.suse.com/show_bug.cgi?id=1269398
* https://bugzilla.suse.com/show_bug.cgi?id=1269574
* https://bugzilla.suse.com/show_bug.cgi?id=1269678
* https://bugzilla.suse.com/show_bug.cgi?id=1269681
* https://bugzilla.suse.com/show_bug.cgi?id=1269821
* https://bugzilla.suse.com/show_bug.cgi?id=1270059
SUSE-SU-2026:3093-1: moderate: Security update for python-paramiko
# Security update for python-paramiko
Announcement ID: SUSE-SU-2026:3093-1
Release Date: 2026-07-17T09:48:50Z
Rating: moderate
References:
* bsc#1264225
Cross-References:
* CVE-2026-44405
CVSS scores:
* CVE-2026-44405 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-44405 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-44405 ( NVD ): 3.4 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Affected Products:
* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for python-paramiko fixes the following issue
* CVE-2026-44405: data integrity compromise due to allowed SHA-1 algorithm use
(bsc#1264225).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-3093=1
* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-3093=1
## Package List:
* openSUSE Leap 15.4 (noarch)
* python-paramiko-doc-3.4.0-150400.13.13.1
* python311-paramiko-3.4.0-150400.13.13.1
* Public Cloud Module 15-SP4 (noarch)
* python-paramiko-doc-3.4.0-150400.13.13.1
* python311-paramiko-3.4.0-150400.13.13.1
## References:
* https://www.suse.com/security/cve/CVE-2026-44405.html
* https://bugzilla.suse.com/show_bug.cgi?id=1264225
SUSE-SU-2026:3094-1: moderate: Security update for openssl-3
# Security update for openssl-3
Announcement ID: SUSE-SU-2026:3094-1
Release Date: 2026-07-17T09:54:11Z
Rating: moderate
References:
* bsc#1266344
* bsc#1266350
Cross-References:
* CVE-2026-34182
* CVE-2026-42767
CVSS scores:
* CVE-2026-34182 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34182 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-34182 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42767 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42767 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42767 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves two vulnerabilities can now be installed.
## Description:
This update for openssl-3 fixes the following issues
* CVE-2026-34182: CMS AuthEnvelopedData Processing May Accept Forged Messages
(bsc#1266344).
* CVE-2026-42767: NULL Pointer Dereference in CRMF EncryptedValue Decryption
(bsc#1266350).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-3094=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-3094=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-3094=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-3094=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-3094=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-3094=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-3094=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-3094=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-3094=1
## Package List:
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libopenssl-3-devel-3.0.8-150400.4.90.1
* openssl-3-3.0.8-150400.4.90.1
* openssl-3-debuginfo-3.0.8-150400.4.90.1
* openssl-3-debugsource-3.0.8-150400.4.90.1
* libopenssl3-3.0.8-150400.4.90.1
* libopenssl3-debuginfo-3.0.8-150400.4.90.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libopenssl-3-devel-3.0.8-150400.4.90.1
* openssl-3-3.0.8-150400.4.90.1
* openssl-3-debuginfo-3.0.8-150400.4.90.1
* openssl-3-debugsource-3.0.8-150400.4.90.1
* libopenssl3-3.0.8-150400.4.90.1
* libopenssl3-debuginfo-3.0.8-150400.4.90.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* libopenssl-3-devel-3.0.8-150400.4.90.1
* openssl-3-3.0.8-150400.4.90.1
* openssl-3-debuginfo-3.0.8-150400.4.90.1
* openssl-3-debugsource-3.0.8-150400.4.90.1
* libopenssl3-3.0.8-150400.4.90.1
* libopenssl3-debuginfo-3.0.8-150400.4.90.1
* openSUSE Leap 15.4 (x86_64)
* libopenssl3-32bit-3.0.8-150400.4.90.1
* libopenssl-3-devel-32bit-3.0.8-150400.4.90.1
* libopenssl3-32bit-debuginfo-3.0.8-150400.4.90.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libopenssl3-64bit-3.0.8-150400.4.90.1
* libopenssl3-64bit-debuginfo-3.0.8-150400.4.90.1
* libopenssl-3-devel-64bit-3.0.8-150400.4.90.1
* openSUSE Leap 15.4 (noarch)
* openssl-3-doc-3.0.8-150400.4.90.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libopenssl-3-devel-3.0.8-150400.4.90.1
* openssl-3-3.0.8-150400.4.90.1
* libopenssl3-debuginfo-3.0.8-150400.4.90.1
* openssl-3-debugsource-3.0.8-150400.4.90.1
* libopenssl3-3.0.8-150400.4.90.1
* openssl-3-debuginfo-3.0.8-150400.4.90.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libopenssl-3-devel-3.0.8-150400.4.90.1
* openssl-3-3.0.8-150400.4.90.1
* libopenssl3-debuginfo-3.0.8-150400.4.90.1
* openssl-3-debugsource-3.0.8-150400.4.90.1
* libopenssl3-3.0.8-150400.4.90.1
* openssl-3-debuginfo-3.0.8-150400.4.90.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.90.1
* libopenssl3-3.0.8-150400.4.90.1
* libopenssl3-debuginfo-3.0.8-150400.4.90.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.90.1
* libopenssl3-3.0.8-150400.4.90.1
* libopenssl3-debuginfo-3.0.8-150400.4.90.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.90.1
* libopenssl3-3.0.8-150400.4.90.1
* libopenssl3-debuginfo-3.0.8-150400.4.90.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* openssl-3-debugsource-3.0.8-150400.4.90.1
* libopenssl3-3.0.8-150400.4.90.1
* libopenssl3-debuginfo-3.0.8-150400.4.90.1
## References:
* https://www.suse.com/security/cve/CVE-2026-34182.html
* https://www.suse.com/security/cve/CVE-2026-42767.html
* https://bugzilla.suse.com/show_bug.cgi?id=1266344
* https://bugzilla.suse.com/show_bug.cgi?id=1266350
SUSE-SU-2026:3095-1: important: Security update for libxml2
# Security update for libxml2
Announcement ID: SUSE-SU-2026:3095-1
Release Date: 2026-07-17T11:38:38Z
Rating: important
References:
* bsc#1269790
Cross-References:
* CVE-2026-11979
CVSS scores:
* CVE-2026-11979 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-11979 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-11979 ( NVD ): 1.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-11979 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves one vulnerability can now be installed.
## Description:
This update for libxml2 fixes the following issue
* CVE-2026-11979: stack-based buffer overflows in the `xmlcatalog` utility
when running in `--shell` mode (bsc#1269790).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-3095=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-3095=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-3095=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-3095=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-3095=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-3095=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-3095=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-3095=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-3095=1
## Package List:
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libxml2-devel-2.9.14-150400.5.58.1
* python3-libxml2-2.9.14-150400.5.58.1
* libxml2-tools-2.9.14-150400.5.58.1
* python311-libxml2-2.9.14-150400.5.58.1
* libxml2-2-debuginfo-2.9.14-150400.5.58.1
* python3-libxml2-debuginfo-2.9.14-150400.5.58.1
* libxml2-tools-debuginfo-2.9.14-150400.5.58.1
* python311-libxml2-debuginfo-2.9.14-150400.5.58.1
* libxml2-2-2.9.14-150400.5.58.1
* libxml2-debugsource-2.9.14-150400.5.58.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.58.1
* libxml2-2-32bit-2.9.14-150400.5.58.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* python3-libxml2-2.9.14-150400.5.58.1
* libxml2-debugsource-2.9.14-150400.5.58.1
* libxml2-2-debuginfo-2.9.14-150400.5.58.1
* python3-libxml2-debuginfo-2.9.14-150400.5.58.1
* libxml2-python-debugsource-2.9.14-150400.5.58.1
* libxml2-tools-debuginfo-2.9.14-150400.5.58.1
* libxml2-2-2.9.14-150400.5.58.1
* libxml2-tools-2.9.14-150400.5.58.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* python3-libxml2-2.9.14-150400.5.58.1
* libxml2-debugsource-2.9.14-150400.5.58.1
* libxml2-2-debuginfo-2.9.14-150400.5.58.1
* python3-libxml2-debuginfo-2.9.14-150400.5.58.1
* libxml2-python-debugsource-2.9.14-150400.5.58.1
* libxml2-tools-debuginfo-2.9.14-150400.5.58.1
* libxml2-2-2.9.14-150400.5.58.1
* libxml2-tools-2.9.14-150400.5.58.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* libxml2-devel-2.9.14-150400.5.58.1
* python3-libxml2-2.9.14-150400.5.58.1
* libxml2-debugsource-2.9.14-150400.5.58.1
* python311-libxml2-2.9.14-150400.5.58.1
* libxml2-2-debuginfo-2.9.14-150400.5.58.1
* python3-libxml2-debuginfo-2.9.14-150400.5.58.1
* libxml2-python-debugsource-2.9.14-150400.5.58.1
* libxml2-tools-debuginfo-2.9.14-150400.5.58.1
* python311-libxml2-debuginfo-2.9.14-150400.5.58.1
* libxml2-2-2.9.14-150400.5.58.1
* libxml2-tools-2.9.14-150400.5.58.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libxml2-2-64bit-debuginfo-2.9.14-150400.5.58.1
* libxml2-2-64bit-2.9.14-150400.5.58.1
* libxml2-devel-64bit-2.9.14-150400.5.58.1
* openSUSE Leap 15.4 (noarch)
* libxml2-doc-2.9.14-150400.5.58.1
* openSUSE Leap 15.4 (x86_64)
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.58.1
* libxml2-2-32bit-2.9.14-150400.5.58.1
* libxml2-devel-32bit-2.9.14-150400.5.58.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libxml2-devel-2.9.14-150400.5.58.1
* python3-libxml2-2.9.14-150400.5.58.1
* libxml2-debugsource-2.9.14-150400.5.58.1
* python311-libxml2-2.9.14-150400.5.58.1
* libxml2-2-debuginfo-2.9.14-150400.5.58.1
* python3-libxml2-debuginfo-2.9.14-150400.5.58.1
* libxml2-tools-debuginfo-2.9.14-150400.5.58.1
* python311-libxml2-debuginfo-2.9.14-150400.5.58.1
* libxml2-2-2.9.14-150400.5.58.1
* libxml2-tools-2.9.14-150400.5.58.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.58.1
* libxml2-2-32bit-2.9.14-150400.5.58.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libxml2-devel-2.9.14-150400.5.58.1
* python3-libxml2-2.9.14-150400.5.58.1
* libxml2-debugsource-2.9.14-150400.5.58.1
* python311-libxml2-2.9.14-150400.5.58.1
* libxml2-2-debuginfo-2.9.14-150400.5.58.1
* python3-libxml2-debuginfo-2.9.14-150400.5.58.1
* libxml2-tools-debuginfo-2.9.14-150400.5.58.1
* python311-libxml2-debuginfo-2.9.14-150400.5.58.1
* libxml2-2-2.9.14-150400.5.58.1
* libxml2-tools-2.9.14-150400.5.58.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.58.1
* libxml2-2-32bit-2.9.14-150400.5.58.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* python3-libxml2-2.9.14-150400.5.58.1
* libxml2-tools-2.9.14-150400.5.58.1
* libxml2-2-debuginfo-2.9.14-150400.5.58.1
* python3-libxml2-debuginfo-2.9.14-150400.5.58.1
* libxml2-python-debugsource-2.9.14-150400.5.58.1
* libxml2-tools-debuginfo-2.9.14-150400.5.58.1
* libxml2-2-2.9.14-150400.5.58.1
* libxml2-debugsource-2.9.14-150400.5.58.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* python3-libxml2-2.9.14-150400.5.58.1
* libxml2-tools-2.9.14-150400.5.58.1
* libxml2-2-debuginfo-2.9.14-150400.5.58.1
* python3-libxml2-debuginfo-2.9.14-150400.5.58.1
* libxml2-python-debugsource-2.9.14-150400.5.58.1
* libxml2-tools-debuginfo-2.9.14-150400.5.58.1
* libxml2-2-2.9.14-150400.5.58.1
* libxml2-debugsource-2.9.14-150400.5.58.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libxml2-devel-2.9.14-150400.5.58.1
* python3-libxml2-2.9.14-150400.5.58.1
* libxml2-debugsource-2.9.14-150400.5.58.1
* python311-libxml2-2.9.14-150400.5.58.1
* libxml2-2-debuginfo-2.9.14-150400.5.58.1
* python3-libxml2-debuginfo-2.9.14-150400.5.58.1
* libxml2-tools-debuginfo-2.9.14-150400.5.58.1
* python311-libxml2-debuginfo-2.9.14-150400.5.58.1
* libxml2-2-2.9.14-150400.5.58.1
* libxml2-tools-2.9.14-150400.5.58.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* libxml2-2-32bit-debuginfo-2.9.14-150400.5.58.1
* libxml2-2-32bit-2.9.14-150400.5.58.1
## References:
* https://www.suse.com/security/cve/CVE-2026-11979.html
* https://bugzilla.suse.com/show_bug.cgi?id=1269790
SUSE-SU-2026:3096-1: important: Security update for libxml2
# Security update for libxml2
Announcement ID: SUSE-SU-2026:3096-1
Release Date: 2026-07-17T11:39:17Z
Rating: important
References:
* bsc#1269790
Cross-References:
* CVE-2026-11979
CVSS scores:
* CVE-2026-11979 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-11979 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-11979 ( NVD ): 1.8
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-11979 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for libxml2 fixes the following issue
* CVE-2026-11979: stack-based buffer overflows in the `xmlcatalog` utility
when running in `--shell` mode (bsc#1269790).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3096=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-3096=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3096=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-3096=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-3096=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-3096=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-3096=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-3096=1
## Package List:
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libxml2-python-debugsource-2.10.3-150500.5.41.1
* python311-libxml2-2.10.3-150500.5.41.1
* python311-libxml2-debuginfo-2.10.3-150500.5.41.1
* libxml2-debugsource-2.10.3-150500.5.41.1
* libxml2-2-2.10.3-150500.5.41.1
* libxml2-devel-2.10.3-150500.5.41.1
* python3-libxml2-2.10.3-150500.5.41.1
* libxml2-2-debuginfo-2.10.3-150500.5.41.1
* libxml2-tools-debuginfo-2.10.3-150500.5.41.1
* python3-libxml2-debuginfo-2.10.3-150500.5.41.1
* libxml2-tools-2.10.3-150500.5.41.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64)
* libxml2-2-32bit-2.10.3-150500.5.41.1
* libxml2-2-32bit-debuginfo-2.10.3-150500.5.41.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libxml2-python-debugsource-2.10.3-150500.5.41.1
* libxml2-debugsource-2.10.3-150500.5.41.1
* libxml2-2-2.10.3-150500.5.41.1
* python3-libxml2-2.10.3-150500.5.41.1
* libxml2-2-debuginfo-2.10.3-150500.5.41.1
* libxml2-tools-debuginfo-2.10.3-150500.5.41.1
* python3-libxml2-debuginfo-2.10.3-150500.5.41.1
* libxml2-tools-2.10.3-150500.5.41.1
* openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64)
* libxml2-python-debugsource-2.10.3-150500.5.41.1
* python311-libxml2-2.10.3-150500.5.41.1
* python311-libxml2-debuginfo-2.10.3-150500.5.41.1
* libxml2-debugsource-2.10.3-150500.5.41.1
* libxml2-2-2.10.3-150500.5.41.1
* libxml2-devel-2.10.3-150500.5.41.1
* python3-libxml2-2.10.3-150500.5.41.1
* libxml2-2-debuginfo-2.10.3-150500.5.41.1
* libxml2-tools-debuginfo-2.10.3-150500.5.41.1
* python3-libxml2-debuginfo-2.10.3-150500.5.41.1
* libxml2-tools-2.10.3-150500.5.41.1
* openSUSE Leap 15.5 (x86_64)
* libxml2-devel-32bit-2.10.3-150500.5.41.1
* libxml2-2-32bit-2.10.3-150500.5.41.1
* libxml2-2-32bit-debuginfo-2.10.3-150500.5.41.1
* openSUSE Leap 15.5 (noarch)
* libxml2-doc-2.10.3-150500.5.41.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libxml2-2-64bit-debuginfo-2.10.3-150500.5.41.1
* libxml2-2-64bit-2.10.3-150500.5.41.1
* libxml2-devel-64bit-2.10.3-150500.5.41.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libxml2-python-debugsource-2.10.3-150500.5.41.1
* python311-libxml2-2.10.3-150500.5.41.1
* python311-libxml2-debuginfo-2.10.3-150500.5.41.1
* libxml2-debugsource-2.10.3-150500.5.41.1
* libxml2-2-2.10.3-150500.5.41.1
* libxml2-devel-2.10.3-150500.5.41.1
* python3-libxml2-2.10.3-150500.5.41.1
* libxml2-2-debuginfo-2.10.3-150500.5.41.1
* libxml2-tools-debuginfo-2.10.3-150500.5.41.1
* python3-libxml2-debuginfo-2.10.3-150500.5.41.1
* libxml2-tools-2.10.3-150500.5.41.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64)
* libxml2-2-32bit-2.10.3-150500.5.41.1
* libxml2-2-32bit-debuginfo-2.10.3-150500.5.41.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libxml2-python-debugsource-2.10.3-150500.5.41.1
* python311-libxml2-2.10.3-150500.5.41.1
* python311-libxml2-debuginfo-2.10.3-150500.5.41.1
* libxml2-debugsource-2.10.3-150500.5.41.1
* libxml2-2-2.10.3-150500.5.41.1
* libxml2-devel-2.10.3-150500.5.41.1
* python3-libxml2-2.10.3-150500.5.41.1
* libxml2-2-debuginfo-2.10.3-150500.5.41.1
* libxml2-tools-debuginfo-2.10.3-150500.5.41.1
* python3-libxml2-debuginfo-2.10.3-150500.5.41.1
* libxml2-tools-2.10.3-150500.5.41.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
* libxml2-2-32bit-2.10.3-150500.5.41.1
* libxml2-2-32bit-debuginfo-2.10.3-150500.5.41.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libxml2-python-debugsource-2.10.3-150500.5.41.1
* python311-libxml2-2.10.3-150500.5.41.1
* python311-libxml2-debuginfo-2.10.3-150500.5.41.1
* libxml2-debugsource-2.10.3-150500.5.41.1
* libxml2-2-2.10.3-150500.5.41.1
* libxml2-devel-2.10.3-150500.5.41.1
* python3-libxml2-2.10.3-150500.5.41.1
* libxml2-2-debuginfo-2.10.3-150500.5.41.1
* libxml2-tools-debuginfo-2.10.3-150500.5.41.1
* python3-libxml2-debuginfo-2.10.3-150500.5.41.1
* libxml2-tools-2.10.3-150500.5.41.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* libxml2-2-32bit-2.10.3-150500.5.41.1
* libxml2-2-32bit-debuginfo-2.10.3-150500.5.41.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libxml2-python-debugsource-2.10.3-150500.5.41.1
* python311-libxml2-2.10.3-150500.5.41.1
* python311-libxml2-debuginfo-2.10.3-150500.5.41.1
* libxml2-debugsource-2.10.3-150500.5.41.1
* libxml2-2-2.10.3-150500.5.41.1
* libxml2-devel-2.10.3-150500.5.41.1
* python3-libxml2-2.10.3-150500.5.41.1
* libxml2-2-debuginfo-2.10.3-150500.5.41.1
* libxml2-tools-debuginfo-2.10.3-150500.5.41.1
* python3-libxml2-debuginfo-2.10.3-150500.5.41.1
* libxml2-tools-2.10.3-150500.5.41.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64)
* libxml2-2-32bit-2.10.3-150500.5.41.1
* libxml2-2-32bit-debuginfo-2.10.3-150500.5.41.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64)
* libxml2-2-32bit-2.10.3-150500.5.41.1
* libxml2-2-32bit-debuginfo-2.10.3-150500.5.41.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libxml2-python-debugsource-2.10.3-150500.5.41.1
* python311-libxml2-2.10.3-150500.5.41.1
* python311-libxml2-debuginfo-2.10.3-150500.5.41.1
* libxml2-debugsource-2.10.3-150500.5.41.1
* libxml2-2-2.10.3-150500.5.41.1
* libxml2-devel-2.10.3-150500.5.41.1
* python3-libxml2-2.10.3-150500.5.41.1
* libxml2-2-debuginfo-2.10.3-150500.5.41.1
* libxml2-tools-debuginfo-2.10.3-150500.5.41.1
* python3-libxml2-debuginfo-2.10.3-150500.5.41.1
* libxml2-tools-2.10.3-150500.5.41.1
## References:
* https://www.suse.com/security/cve/CVE-2026-11979.html
* https://bugzilla.suse.com/show_bug.cgi?id=1269790
openSUSE-SU-2026:21363-1: critical: Security update for chromium
openSUSE security update: security update for chromium
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:21363-1
Rating: critical
References:
* bsc#1271415
Cross-References:
* CVE-2026-15764
* CVE-2026-15765
* CVE-2026-15766
* CVE-2026-15767
* CVE-2026-15768
* CVE-2026-15769
* CVE-2026-15770
* CVE-2026-15771
* CVE-2026-15772
* CVE-2026-15773
* CVE-2026-15774
* CVE-2026-15775
* CVE-2026-15776
* CVE-2026-15777
* CVE-2026-15778
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 15 vulnerabilities and has one bug fix can now be installed.
Description:
This update for chromium fixes the following issues:
Changes in chromium:
- Chromium 150.0.7871.124 (boo#1271415):
* CVE-2026-15764: Use after free in Ozone
* CVE-2026-15765: Use after free in Ozone
* CVE-2026-15766: Uninitialized Use in Skia
* CVE-2026-15767: Heap buffer overflow in libyuv
* CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas
* CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming
* CVE-2026-15770: Uninitialized Use in V8
* CVE-2026-15771: Insufficient validation of untrusted input in Media
* CVE-2026-15772: Use after free in GPU
* CVE-2026-15773: Use after free in Core
* CVE-2026-15774: Use after free in Skia
* CVE-2026-15775: Insufficient policy enforcement in V8
* CVE-2026-15776: Type Confusion in V8
* CVE-2026-15777: Use after free in UI
* CVE-2026-15778: Insufficient validation of untrusted input in Navigation
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-packagehub-424=1
Package List:
- openSUSE Leap 16.0:
chromedriver-150.0.7871.124-bp160.1.1
chromium-150.0.7871.124-bp160.1.1
References:
* https://www.suse.com/security/cve/CVE-2026-15764.html
* https://www.suse.com/security/cve/CVE-2026-15765.html
* https://www.suse.com/security/cve/CVE-2026-15766.html
* https://www.suse.com/security/cve/CVE-2026-15767.html
* https://www.suse.com/security/cve/CVE-2026-15768.html
* https://www.suse.com/security/cve/CVE-2026-15769.html
* https://www.suse.com/security/cve/CVE-2026-15770.html
* https://www.suse.com/security/cve/CVE-2026-15771.html
* https://www.suse.com/security/cve/CVE-2026-15772.html
* https://www.suse.com/security/cve/CVE-2026-15773.html
* https://www.suse.com/security/cve/CVE-2026-15774.html
* https://www.suse.com/security/cve/CVE-2026-15775.html
* https://www.suse.com/security/cve/CVE-2026-15776.html
* https://www.suse.com/security/cve/CVE-2026-15777.html
* https://www.suse.com/security/cve/CVE-2026-15778.html
openSUSE-SU-2026:11286-1: moderate: python315-3.15.0~b3-2.1 on GA media
# python315-3.15.0~b3-2.1 on GA media
Announcement ID: openSUSE-SU-2026:11286-1
Rating: moderate
Cross-References:
* CVE-2026-11940
CVSS scores:
* CVE-2026-11940 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-11940 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the python315-3.15.0~b3-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* python315 3.15.0~b3-2.1
* python315-curses 3.15.0~b3-2.1
* python315-dbm 3.15.0~b3-2.1
* python315-idle 3.15.0~b3-2.1
* python315-profiling 3.15.0~b3-2.1
* python315-tk 3.15.0~b3-2.1
* python315-x86-64-v3 3.15.0~b3-2.1
## References:
* https://www.suse.com/security/cve/CVE-2026-11940.html
openSUSE-SU-2026:11283-1: moderate: python313-Pillow-12.3.0-2.1 on GA media
# python313-Pillow-12.3.0-2.1 on GA media
Announcement ID: openSUSE-SU-2026:11283-1
Rating: moderate
Cross-References:
* CVE-2026-54058
* CVE-2026-54060
* CVE-2026-55380
* CVE-2026-59198
* CVE-2026-59200
* CVE-2026-59204
CVSS scores:
* CVE-2026-54058 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-54058 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-54060 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-55380 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-59198 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-59198 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-59200 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-59200 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-59204 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-59204 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 6 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the python313-Pillow-12.3.0-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* python313-Pillow 12.3.0-2.1
* python313-Pillow-tk 12.3.0-2.1
* python314-Pillow 12.3.0-2.1
* python314-Pillow-tk 12.3.0-2.1
## References:
* https://www.suse.com/security/cve/CVE-2026-54058.html
* https://www.suse.com/security/cve/CVE-2026-54060.html
* https://www.suse.com/security/cve/CVE-2026-55380.html
* https://www.suse.com/security/cve/CVE-2026-59198.html
* https://www.suse.com/security/cve/CVE-2026-59200.html
* https://www.suse.com/security/cve/CVE-2026-59204.html
openSUSE-SU-2026:0250-1: important: Security update for opam
openSUSE Security Update: Security update for opam
_______________________________
Announcement ID: openSUSE-SU-2026:0250-1
Rating: important
References:
Cross-References: CVE-2026-57825
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that fixes one vulnerability is now available.
Description:
This update for opam fixes the following issues:
Update to version 2.5.2:
- CVE-2026-57825: Fixed a bug that allowed a package to install files
anywhere
on the system using a symlink to an external directory without warning
the user and asking for their permission.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-250=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):
opam-2.5.2-bp157.2.6.1
opam-devel-2.5.2-bp157.2.6.1
opam-installer-2.5.2-bp157.2.6.1
References:
https://www.suse.com/security/cve/CVE-2026-57825.html
SUSE-SU-2026:3102-1: important: Security update for go1.26-openssl
# Security update for go1.26-openssl
Announcement ID: SUSE-SU-2026:3102-1
Release Date: 2026-07-17T13:10:42Z
Rating: important
References:
* bsc#1245878
* bsc#1255111
* bsc#1264395
* bsc#1267442
* bsc#1267444
* bsc#1267450
* bsc#1271014
* bsc#1271015
* jsc#PED-1962
* jsc#SLE-18320
Cross-References:
* CVE-2026-27145
* CVE-2026-39822
* CVE-2026-42504
* CVE-2026-42505
* CVE-2026-42507
CVSS scores:
* CVE-2026-27145 ( SUSE ): 4.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-27145 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-27145 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-27145 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39822 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2026-39822 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-42504 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42504 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-42504 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42505 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-42505 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-42507 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42507 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-42507 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products:
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves five vulnerabilities, contains two features and has three
security fixes can now be installed.
## Description:
This update for go1.26-openssl fixes the following issues
* Update to version go1.26.5 (bsc#1255111).
* CVE-2026-27145: crypto/x509: split candidate hostname only once
(bsc#1267450).
* CVE-2026-39822: os: Root escape via symlink plus trailing slash
(bsc#1271014).
* CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader
(bsc#1267442).
* CVE-2026-42505: crypto/tls: omit PSK in ECH outer client hello
(bsc#1271015).
* CVE-2026-42507: net/textproto: arbitrary input are included in errors
without any escaping (bsc#1267444).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3102=1
* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-3102=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3102=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3102=1
## Package List:
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* go1.26-openssl-doc-1.26.5-150600.13.9.1
* go1.26-openssl-1.26.5-150600.13.9.1
* go1.26-openssl-race-1.26.5-150600.13.9.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.26-openssl-race-1.26.5-150600.13.9.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* go1.26-openssl-doc-1.26.5-150600.13.9.1
* go1.26-openssl-1.26.5-150600.13.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* go1.26-openssl-doc-1.26.5-150600.13.9.1
* go1.26-openssl-1.26.5-150600.13.9.1
* go1.26-openssl-race-1.26.5-150600.13.9.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* go1.26-openssl-doc-1.26.5-150600.13.9.1
* go1.26-openssl-1.26.5-150600.13.9.1
* go1.26-openssl-race-1.26.5-150600.13.9.1
## References:
* https://www.suse.com/security/cve/CVE-2026-27145.html
* https://www.suse.com/security/cve/CVE-2026-39822.html
* https://www.suse.com/security/cve/CVE-2026-42504.html
* https://www.suse.com/security/cve/CVE-2026-42505.html
* https://www.suse.com/security/cve/CVE-2026-42507.html
* https://bugzilla.suse.com/show_bug.cgi?id=1245878
* https://bugzilla.suse.com/show_bug.cgi?id=1255111
* https://bugzilla.suse.com/show_bug.cgi?id=1264395
* https://bugzilla.suse.com/show_bug.cgi?id=1267442
* https://bugzilla.suse.com/show_bug.cgi?id=1267444
* https://bugzilla.suse.com/show_bug.cgi?id=1267450
* https://bugzilla.suse.com/show_bug.cgi?id=1271014
* https://bugzilla.suse.com/show_bug.cgi?id=1271015
* https://jira.suse.com/browse/PED-1962
* https://jira.suse.com/browse/SLE-18320
SUSE-SU-2026:3104-1: important: Security update for python311
# Security update for python311
Announcement ID: SUSE-SU-2026:3104-1
Release Date: 2026-07-17T13:31:49Z
Rating: important
References:
* bsc#1261969
* bsc#1262098
* bsc#1262319
* bsc#1262654
Cross-References:
* CVE-2026-1502
* CVE-2026-4786
* CVE-2026-6019
* CVE-2026-6100
CVSS scores:
* CVE-2026-1502 ( SUSE ): 5.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-1502 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-1502 ( NVD ): 5.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-4786 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-4786 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
* CVE-2026-4786 ( NVD ): 7.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-4786 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
* CVE-2026-6019 ( SUSE ): 2.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-6019 ( SUSE ): 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-6019 ( NVD ): 2.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-6019 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-6100 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-6100 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6100 ( NVD ): 9.1
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-6100 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves four vulnerabilities can now be installed.
## Description:
This update for python311 fixes the following issues
* CVE-2026-1502: CR/LF bytes not rejected by HTTP client proxy tunnel headers
or host (bsc#1261969).
* CVE-2026-4786: URLs containing `%action` can bypass mitigation that allows
command injection via the `webbrowser.open()` API (bsc#1262319).
* CVE-2026-6019: HTML parser-sensitive sequence not neutralized by
`http.cookies.Morsel.js_output()` (bsc#1262654).
* CVE-2026-6100: use-after-free in decompression modules when a memory
allocation fails with a `MemoryError` and the decompression instance is re-
used (bsc#1262098).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-3104=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3104=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-3104=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3104=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3104=1
## Package List:
* openSUSE Leap 15.6 (aarch64_ilp32)
* libpython3_11-1_0-64bit-3.11.15-150600.3.59.3
* python311-base-64bit-debuginfo-3.11.15-150600.3.59.3
* python311-64bit-3.11.15-150600.3.59.3
* python311-base-64bit-3.11.15-150600.3.59.3
* libpython3_11-1_0-64bit-debuginfo-3.11.15-150600.3.59.3
* python311-64bit-debuginfo-3.11.15-150600.3.59.3
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* python311-doc-devhelp-3.11.15-150600.3.59.1
* python311-3.11.15-150600.3.59.3
* python311-curses-3.11.15-150600.3.59.3
* python311-core-debugsource-3.11.15-150600.3.59.3
* python311-tk-debuginfo-3.11.15-150600.3.59.3
* libpython3_11-1_0-debuginfo-3.11.15-150600.3.59.3
* python311-testsuite-3.11.15-150600.3.59.3
* python311-dbm-debuginfo-3.11.15-150600.3.59.3
* python311-dbm-3.11.15-150600.3.59.3
* python311-testsuite-debuginfo-3.11.15-150600.3.59.3
* python311-base-3.11.15-150600.3.59.3
* python311-curses-debuginfo-3.11.15-150600.3.59.3
* libpython3_11-1_0-3.11.15-150600.3.59.3
* python311-base-debuginfo-3.11.15-150600.3.59.3
* python311-debugsource-3.11.15-150600.3.59.3
* python311-tk-3.11.15-150600.3.59.3
* python311-tools-3.11.15-150600.3.59.3
* python311-idle-3.11.15-150600.3.59.3
* python311-doc-3.11.15-150600.3.59.1
* python311-debuginfo-3.11.15-150600.3.59.3
* python311-devel-3.11.15-150600.3.59.3
* openSUSE Leap 15.6 (x86_64)
* python311-base-32bit-debuginfo-3.11.15-150600.3.59.3
* python311-base-32bit-3.11.15-150600.3.59.3
* libpython3_11-1_0-32bit-3.11.15-150600.3.59.3
* python311-32bit-debuginfo-3.11.15-150600.3.59.3
* python311-32bit-3.11.15-150600.3.59.3
* libpython3_11-1_0-32bit-debuginfo-3.11.15-150600.3.59.3
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* python311-base-debuginfo-3.11.15-150600.3.59.3
* python311-dbm-debuginfo-3.11.15-150600.3.59.3
* python311-3.11.15-150600.3.59.3
* python311-curses-3.11.15-150600.3.59.3
* python311-dbm-3.11.15-150600.3.59.3
* python311-debugsource-3.11.15-150600.3.59.3
* libpython3_11-1_0-debuginfo-3.11.15-150600.3.59.3
* python311-core-debugsource-3.11.15-150600.3.59.3
* python311-tk-3.11.15-150600.3.59.3
* python311-base-3.11.15-150600.3.59.3
* python311-curses-debuginfo-3.11.15-150600.3.59.3
* python311-tools-3.11.15-150600.3.59.3
* python311-tk-debuginfo-3.11.15-150600.3.59.3
* python311-idle-3.11.15-150600.3.59.3
* libpython3_11-1_0-3.11.15-150600.3.59.3
* python311-debuginfo-3.11.15-150600.3.59.3
* python311-devel-3.11.15-150600.3.59.3
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* python311-base-debuginfo-3.11.15-150600.3.59.3
* python311-debugsource-3.11.15-150600.3.59.3
* python311-dbm-3.11.15-150600.3.59.3
* python311-curses-3.11.15-150600.3.59.3
* python311-dbm-debuginfo-3.11.15-150600.3.59.3
* python311-3.11.15-150600.3.59.3
* python311-core-debugsource-3.11.15-150600.3.59.3
* python311-tk-3.11.15-150600.3.59.3
* python311-base-3.11.15-150600.3.59.3
* python311-curses-debuginfo-3.11.15-150600.3.59.3
* python311-tk-debuginfo-3.11.15-150600.3.59.3
* python311-tools-3.11.15-150600.3.59.3
* libpython3_11-1_0-3.11.15-150600.3.59.3
* python311-idle-3.11.15-150600.3.59.3
* libpython3_11-1_0-debuginfo-3.11.15-150600.3.59.3
* python311-debuginfo-3.11.15-150600.3.59.3
* python311-devel-3.11.15-150600.3.59.3
* Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* python311-dbm-debuginfo-3.11.15-150600.3.59.3
* python311-dbm-3.11.15-150600.3.59.3
* python311-curses-3.11.15-150600.3.59.3
* python311-3.11.15-150600.3.59.3
* python311-debugsource-3.11.15-150600.3.59.3
* python311-core-debugsource-3.11.15-150600.3.59.3
* python311-tk-3.11.15-150600.3.59.3
* python311-curses-debuginfo-3.11.15-150600.3.59.3
* python311-tk-debuginfo-3.11.15-150600.3.59.3
* python311-tools-3.11.15-150600.3.59.3
* python311-idle-3.11.15-150600.3.59.3
* python311-debuginfo-3.11.15-150600.3.59.3
* python311-devel-3.11.15-150600.3.59.3
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* python311-base-debuginfo-3.11.15-150600.3.59.3
* libpython3_11-1_0-debuginfo-3.11.15-150600.3.59.3
* python311-core-debugsource-3.11.15-150600.3.59.3
* python311-base-3.11.15-150600.3.59.3
* libpython3_11-1_0-3.11.15-150600.3.59.3
## References:
* https://www.suse.com/security/cve/CVE-2026-1502.html
* https://www.suse.com/security/cve/CVE-2026-4786.html
* https://www.suse.com/security/cve/CVE-2026-6019.html
* https://www.suse.com/security/cve/CVE-2026-6100.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261969
* https://bugzilla.suse.com/show_bug.cgi?id=1262098
* https://bugzilla.suse.com/show_bug.cgi?id=1262319
* https://bugzilla.suse.com/show_bug.cgi?id=1262654
SUSE-SU-2026:3105-1: important: Security update for php-composer2
# Security update for php-composer2
Announcement ID: SUSE-SU-2026:3105-1
Release Date: 2026-07-17T13:32:58Z
Rating: important
References:
* bsc#1271122
* bsc#1271129
* bsc#1271151
* bsc#1271504
Cross-References:
* CVE-2024-35241
* CVE-2024-35242
* CVE-2025-67746
* CVE-2026-40176
* CVE-2026-40261
* CVE-2026-45793
* CVE-2026-59946
* CVE-2026-59947
* CVE-2026-59948
CVSS scores:
* CVE-2024-35241 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-35241 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-35242 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-35242 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-67746 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-67746 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-67746 ( NVD ): 1.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-67746 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-40176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-40176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-40176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-40261 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-40261 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-40261 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-45793 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-45793 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-59946 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-59946 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-59946 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
* CVE-2026-59947 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-59947 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-59947 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-59948 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-59948 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-59948 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* Web and Scripting Module 15-SP7
An update that solves nine vulnerabilities can now be installed.
## Description:
This update for php-composer2 fixes the following issues:
* CVE-2026-45793: Github Actions issued `GITHUB_TOKEN` disclosure in GitHub
Actions logs (bsc#1271504).
* CVE-2026-59946: path traversal in package `bin` field lets dependencies
`chmod` arbitrary host files (bsc#1271151).
* CVE-2026-59947: URL-embedded HTTP-Basic username leaks to verbose logs
(bsc#1271129).
* CVE-2026-59948: arbitrary file write outside `vendor`directory via malicious
transitive package name (bsc#1271122).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3105=1
* Web and Scripting Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-3105=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3105=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3105=1
## Package List:
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* php-composer2-2.6.4-150600.3.12.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* php-composer2-2.6.4-150600.3.12.1
* Web and Scripting Module 15-SP7 (noarch)
* php-composer2-2.6.4-150600.3.12.1
* openSUSE Leap 15.6 (noarch)
* php-composer2-2.6.4-150600.3.12.1
## References:
* https://www.suse.com/security/cve/CVE-2024-35241.html
* https://www.suse.com/security/cve/CVE-2024-35242.html
* https://www.suse.com/security/cve/CVE-2025-67746.html
* https://www.suse.com/security/cve/CVE-2026-40176.html
* https://www.suse.com/security/cve/CVE-2026-40261.html
* https://www.suse.com/security/cve/CVE-2026-45793.html
* https://www.suse.com/security/cve/CVE-2026-59946.html
* https://www.suse.com/security/cve/CVE-2026-59947.html
* https://www.suse.com/security/cve/CVE-2026-59948.html
* https://bugzilla.suse.com/show_bug.cgi?id=1271122
* https://bugzilla.suse.com/show_bug.cgi?id=1271129
* https://bugzilla.suse.com/show_bug.cgi?id=1271151
* https://bugzilla.suse.com/show_bug.cgi?id=1271504
SUSE-SU-2026:3110-1: important: Security update for mariadb-connector-c
# Security update for mariadb-connector-c
Announcement ID: SUSE-SU-2026:3110-1
Release Date: 2026-07-17T14:15:40Z
Rating: important
References:
* bsc#1266438
Cross-References:
* CVE-2026-44172
CVSS scores:
* CVE-2026-44172 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-44172 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-44172 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-44172 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for mariadb-connector-c fixes the following issue:
* CVE-2026-44172: mysql_real_escape_string() incorrectly handled big5
(bsc#1266438).
Changes for mariadb-connector-c:
* Update to 3.1.28.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-3110=1
* Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-3110=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3110=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3110=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3110=1
## Package List:
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libmariadb_plugins-debuginfo-3.1.28-150600.18.3.1
* libmariadb3-debuginfo-3.1.28-150600.18.3.1
* libmariadb-devel-3.1.28-150600.18.3.1
* libmariadb-devel-debuginfo-3.1.28-150600.18.3.1
* libmariadb3-3.1.28-150600.18.3.1
* libmariadb_plugins-3.1.28-150600.18.3.1
* mariadb-connector-c-debugsource-3.1.28-150600.18.3.1
* libmariadbprivate-3.1.28-150600.18.3.1
* libmariadbprivate-debuginfo-3.1.28-150600.18.3.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* libmariadb_plugins-debuginfo-3.1.28-150600.18.3.1
* libmariadb3-debuginfo-3.1.28-150600.18.3.1
* libmariadb-devel-3.1.28-150600.18.3.1
* libmariadb3-3.1.28-150600.18.3.1
* libmariadb-devel-debuginfo-3.1.28-150600.18.3.1
* libmariadb_plugins-3.1.28-150600.18.3.1
* mariadb-connector-c-debugsource-3.1.28-150600.18.3.1
* libmariadbprivate-3.1.28-150600.18.3.1
* libmariadbprivate-debuginfo-3.1.28-150600.18.3.1
* openSUSE Leap 15.6 (x86_64)
* libmariadb3-32bit-3.1.28-150600.18.3.1
* libmariadb3-32bit-debuginfo-3.1.28-150600.18.3.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libmariadb3-64bit-debuginfo-3.1.28-150600.18.3.1
* libmariadb3-64bit-3.1.28-150600.18.3.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libmariadb_plugins-debuginfo-3.1.28-150600.18.3.1
* libmariadb3-debuginfo-3.1.28-150600.18.3.1
* libmariadb-devel-3.1.28-150600.18.3.1
* libmariadb3-3.1.28-150600.18.3.1
* libmariadb-devel-debuginfo-3.1.28-150600.18.3.1
* libmariadb_plugins-3.1.28-150600.18.3.1
* mariadb-connector-c-debugsource-3.1.28-150600.18.3.1
* libmariadbprivate-3.1.28-150600.18.3.1
* libmariadbprivate-debuginfo-3.1.28-150600.18.3.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libmariadb3-debuginfo-3.1.28-150600.18.3.1
* libmariadb3-3.1.28-150600.18.3.1
* mariadb-connector-c-debugsource-3.1.28-150600.18.3.1
* libmariadbprivate-3.1.28-150600.18.3.1
* libmariadbprivate-debuginfo-3.1.28-150600.18.3.1
* Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libmariadb_plugins-debuginfo-3.1.28-150600.18.3.1
* libmariadb-devel-3.1.28-150600.18.3.1
* libmariadb-devel-debuginfo-3.1.28-150600.18.3.1
* libmariadb_plugins-3.1.28-150600.18.3.1
* mariadb-connector-c-debugsource-3.1.28-150600.18.3.1
## References:
* https://www.suse.com/security/cve/CVE-2026-44172.html
* https://bugzilla.suse.com/show_bug.cgi?id=1266438