Chromium, Python, Helm, Chromedriver, Libopenssl updates for SUSE

SUSE 5617 Published 2026-04-13 08:07 by Philipp Esselbach

News

openSUSE has issued multiple security advisories addressing critical flaws within chromium, helm3, and various Python libraries. One major update fixes more than one hundred sixty issues in the chromium browser including dangerous memory corruption bugs found in the V8 engine and WebRTC modules. Additionally, moderate severity patches exist for Flask-HTTPAuth and OpenSSL libraries on Tumbleweed and SLE-based backports to resolve specific validation errors. Administrators should apply these updates using YaST online_update or zypper patch commands to ensure their systems remain protected against the listed exploits.

openSUSE-SU-2026:0124-1: important: Security update for chromium
openSUSE-SU-2026:0121-1: moderate: Security update for python-Flask-HTTPAuth
openSUSE-SU-2026:0122-1: moderate: Security update for python-Flask-HTTPAuth
openSUSE-SU-2026:10532-1: moderate: helm3-3.20.2-1.1 on GA media
openSUSE-SU-2026:10530-1: moderate: chromedriver-147.0.7727.55-1.1 on GA media
openSUSE-SU-2026:10533-1: moderate: libopenssl-3-devel-3.5.3-4.1 on GA media

openSUSE-SU-2026:0124-1: important: Security update for chromium

openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2026:0124-1
Rating: important
References: #1261758
Cross-References: CVE-2013-6643 CVE-2016-1663 CVE-2017-15420
CVE-2017-5070 CVE-2017-5071 CVE-2017-5072
CVE-2017-5073 CVE-2017-5074 CVE-2017-5075
CVE-2017-5076 CVE-2017-5077 CVE-2017-5078
CVE-2017-5079 CVE-2017-5080 CVE-2017-5081
CVE-2017-5082 CVE-2017-5083 CVE-2017-5085
CVE-2017-5086 CVE-2018-6031 CVE-2018-6032
CVE-2018-6033 CVE-2018-6034 CVE-2018-6035
CVE-2018-6036 CVE-2018-6037 CVE-2018-6038
CVE-2018-6039 CVE-2018-6040 CVE-2018-6041
CVE-2018-6042 CVE-2018-6043 CVE-2018-6045
CVE-2018-6046 CVE-2018-6047 CVE-2018-6048
CVE-2018-6049 CVE-2018-6050 CVE-2018-6051
CVE-2018-6052 CVE-2018-6053 CVE-2018-6054
CVE-2019-5754 CVE-2019-5755 CVE-2019-5756
CVE-2019-5757 CVE-2019-5758 CVE-2019-5759
CVE-2019-5760 CVE-2019-5761 CVE-2019-5762
CVE-2019-5763 CVE-2019-5764 CVE-2019-5765
CVE-2019-5766 CVE-2019-5767 CVE-2019-5768
CVE-2019-5769 CVE-2019-5770 CVE-2019-5771
CVE-2019-5772 CVE-2019-5773 CVE-2019-5774
CVE-2019-5775 CVE-2019-5776 CVE-2019-5777
CVE-2019-5778 CVE-2019-5779 CVE-2019-5780
CVE-2019-5781 CVE-2019-5782 CVE-2020-6465
CVE-2020-6466 CVE-2020-6467 CVE-2020-6468
CVE-2020-6469 CVE-2020-6470 CVE-2020-6471
CVE-2020-6472 CVE-2020-6473 CVE-2020-6474
CVE-2020-6475 CVE-2020-6476 CVE-2020-6477
CVE-2020-6478 CVE-2020-6479 CVE-2020-6480
CVE-2020-6481 CVE-2020-6482 CVE-2020-6483
CVE-2020-6484 CVE-2020-6485 CVE-2020-6486
CVE-2020-6487 CVE-2020-6488 CVE-2020-6489
CVE-2020-6490 CVE-2020-6491 CVE-2024-3834
CVE-2024-7000 CVE-2025-4050 CVE-2025-4051
CVE-2025-4052 CVE-2025-4096 CVE-2026-5858
CVE-2026-5859 CVE-2026-5860 CVE-2026-5861
CVE-2026-5862 CVE-2026-5863 CVE-2026-5864
CVE-2026-5865 CVE-2026-5866 CVE-2026-5867
CVE-2026-5868 CVE-2026-5869 CVE-2026-5870
CVE-2026-5871 CVE-2026-5872 CVE-2026-5873
CVE-2026-5874 CVE-2026-5875 CVE-2026-5876
CVE-2026-5877 CVE-2026-5878 CVE-2026-5879
CVE-2026-5880 CVE-2026-5881 CVE-2026-5882
CVE-2026-5883 CVE-2026-5884 CVE-2026-5885
CVE-2026-5886 CVE-2026-5887 CVE-2026-5888
CVE-2026-5889 CVE-2026-5890 CVE-2026-5891
CVE-2026-5892 CVE-2026-5893 CVE-2026-5894
CVE-2026-5895 CVE-2026-5896 CVE-2026-5897
CVE-2026-5898 CVE-2026-5899 CVE-2026-5900
CVE-2026-5901 CVE-2026-5902 CVE-2026-5903
CVE-2026-5904 CVE-2026-5905 CVE-2026-5906
CVE-2026-5907 CVE-2026-5908 CVE-2026-5909
CVE-2026-5910 CVE-2026-5911 CVE-2026-5912
CVE-2026-5913 CVE-2026-5914 CVE-2026-5915
CVE-2026-5918 CVE-2026-5919
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes 164 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

Chromium 147.0.7727.55 (boo#1261758):

* CVE-2026-5858: Heap buffer overflow in WebML
* CVE-2026-5859: Integer overflow in WebML
* CVE-2026-5860: Use after free in WebRTC
* CVE-2026-5861: Use after free in V8
* CVE-2026-5862: Inappropriate implementation in V8
* CVE-2026-5863: Inappropriate implementation in V8
* CVE-2026-5864: Heap buffer overflow in WebAudio
* CVE-2026-5865: Type Confusion in V8
* CVE-2026-5866: Use after free in Media
* CVE-2026-5867: Heap buffer overflow in WebML
* CVE-2026-5868: Heap buffer overflow in ANGLE
* CVE-2026-5869: Heap buffer overflow in WebML
* CVE-2026-5870: Integer overflow in Skia
* CVE-2026-5871: Type Confusion in V8
* CVE-2026-5872: Use after free in Blink
* CVE-2026-5873: Out of bounds read and write in V8
* CVE-2026-5874: Use after free in PrivateAI
* CVE-2026-5875: Policy bypass in Blink
* CVE-2026-5876: Side-channel information leakage in Navigation
* CVE-2026-5877: Use after free in Navigation
* CVE-2026-5878: Incorrect security UI in Blink
* CVE-2026-5879: Insufficient validation of untrusted input in ANGLE
* CVE-2026-5880: Incorrect security UI in browser UI
* CVE-2026-5881: Policy bypass in LocalNetworkAccess
* CVE-2026-5882: Incorrect security UI in Fullscreen
* CVE-2026-5883: Use after free in Media
* CVE-2026-5884: Insufficient validation of untrusted input in Media
* CVE-2026-5885: Insufficient validation of untrusted input in WebML
* CVE-2026-5886: Out of bounds read in WebAudio
* CVE-2026-5887: Insufficient validation of untrusted input in Downloads
* CVE-2026-5888: Uninitialized Use in WebCodecs
* CVE-2026-5889: Cryptographic Flaw in PDFium
* CVE-2026-5890: Race in WebCodecs
* CVE-2026-5891: Insufficient policy enforcement in browser UI
* CVE-2026-5892: Insufficient policy enforcement in PWAs
* CVE-2026-5893: Race in V8
* CVE-2026-5894: Inappropriate implementation in PDF
* CVE-2026-5895: Incorrect security UI in Omnibox
* CVE-2026-5896: Policy bypass in Audio
* CVE-2026-5897: Incorrect security UI in Downloads
* CVE-2026-5898: Incorrect security UI in Omnibox
* CVE-2026-5899: Incorrect security UI in History Navigation
* CVE-2026-5900: Policy bypass in Downloads
* CVE-2026-5901: Policy bypass in DevTools
* CVE-2026-5902: Race in Media
* CVE-2026-5903: Policy bypass in IFrameSandbox
* CVE-2026-5904: Use after free in V8
* CVE-2026-5905: Incorrect security UI in Permissions
* CVE-2026-5906: Incorrect security UI in Omnibox
* CVE-2026-5907: Insufficient data validation in Media
* CVE-2026-5908: Integer overflow in Media
* CVE-2026-5909: Integer overflow in Media
* CVE-2026-5910: Integer overflow in Media
* CVE-2026-5911: Policy bypass in ServiceWorkers
* CVE-2026-5912: Integer overflow in WebRTC
* CVE-2026-5913: Out of bounds read in Blink
* CVE-2026-5914: Type Confusion in CSS
* CVE-2026-5915: Insufficient validation of untrusted input in WebML
* CVE-2026-5918: Inappropriate implementation in Navigation
* CVE-2026-5919: Insufficient validation of untrusted input in WebSockets
* enforce a num,ber of new Local Area Network (LAN) restrictions
* New Web Printing API
* vertical tabs support (trial)

- new in 147 (for developers):

* Element-scoped view transitions exposes startViewTransition on
arbitrary HTML elements.
* CSS contrast-color() helps meet accessibility requirements
* The CSS border-shape property lets you create non-rectangular borders

* CVE-2025-4096: Heap buffer overflow in HTML
* CVE-2025-4050: Out of bounds memory access in DevTools
* CVE-2025-4051: Insufficient data validation in DevTools
* CVE-2025-4052: Inappropriate implementation in DevTools
* CVE-2024-7000: Use after free in CSS
* CVE-2024-3834: Use after free in Downloads
* CVE-2020-6465: Use after free in reader mode
* CVE-2020-6466: Use after free in media
* CVE-2020-6467: Use after free in WebRTC
* CVE-2020-6468: Type Confusion in V8
* CVE-2020-6469: Insufficient policy enforcement in developer tools
* CVE-2020-6470: Insufficient validation of untrusted input in clipboard
* CVE-2020-6471: Insufficient policy enforcement in developer tools
* CVE-2020-6472: Insufficient policy enforcement in developer tools
* CVE-2020-6473: Insufficient policy enforcement in Blink
* CVE-2020-6474: Use after free in Blink
* CVE-2020-6475: Incorrect security UI in full screen
* CVE-2020-6476: Insufficient policy enforcement in tab strip
* CVE-2020-6477: Inappropriate implementation in installer
* CVE-2020-6478: Inappropriate implementation in full screen
* CVE-2020-6479: Inappropriate implementation in sharing
* CVE-2020-6480: Insufficient policy enforcement in enterprise
* CVE-2020-6481: Insufficient policy enforcement in URL formatting
* CVE-2020-6482: Insufficient policy enforcement in developer tools
* CVE-2020-6483: Insufficient policy enforcement in payments
* CVE-2020-6484: Insufficient data validation in ChromeDriver
* CVE-2020-6485: Insufficient data validation in media router
* CVE-2020-6486: Insufficient policy enforcement in navigations
* CVE-2020-6487: Insufficient policy enforcement in downloads
* CVE-2020-6488: Insufficient policy enforcement in downloads
* CVE-2020-6489: Inappropriate implementation in developer tools
* CVE-2020-6490: Insufficient data validation in loader
* CVE-2020-6491: Incorrect security UI in site information
* CVE-2019-5754: Inappropriate implementation in QUIC Networking
* CVE-2019-5782: Inappropriate implementation in V8
* CVE-2019-5755: Inappropriate implementation in V8
* CVE-2019-5756: Use after free in PDFium
* CVE-2019-5757: Type Confusion in SVG
* CVE-2019-5758: Use after free in Blink
* CVE-2019-5759: Use after free in HTML select elements
* CVE-2019-5760: Use after free in WebRTC
* CVE-2019-5761: Use after free in SwiftShader
* CVE-2019-5762: Use after free in PDFium
* CVE-2019-5763: Insufficient validation of untrusted input in V8
* CVE-2019-5764: Use after free in WebRTC
* CVE-2019-5765: Insufficient policy enforcement in the browser
* CVE-2019-5766: Insufficient policy enforcement in Canvas
* CVE-2019-5767: Incorrect security UI in WebAPKs
* CVE-2019-5768: Insufficient policy enforcement in DevTools
* CVE-2019-5769: Insufficient validation of untrusted input in Blink
* CVE-2019-5770: Heap buffer overflow in WebGL
* CVE-2019-5771: Heap buffer overflow in SwiftShader
* CVE-2019-5772: Use after free in PDFium
* CVE-2019-5773: Insufficient data validation in IndexedDB
* CVE-2019-5774: Insufficient validation of untrusted input in
SafeBrowsing
* CVE-2019-5775: Insufficient policy enforcement in Omnibox
* CVE-2019-5776: Insufficient policy enforcement in Omnibox
* CVE-2019-5777: Insufficient policy enforcement in Omnibox
* CVE-2019-5778: Insufficient policy enforcement in Extensions
* CVE-2019-5779: Insufficient policy enforcement in ServiceWorker
* CVE-2019-5780: Insufficient policy enforcement
* CVE-2019-5781: Insufficient policy enforcement in Omnibox
* High CVE-2018-6031: Use after free in PDFium
* High CVE-2018-6032: Same origin bypass in Shared Worker
* High CVE-2018-6033: Race when opening downloaded files
* Medium CVE-2018-6034: Integer overflow in Blink
* Medium CVE-2018-6035: Insufficient isolation of devtools from
extensions
* Medium CVE-2018-6036: Integer underflow in WebAssembly
* Medium CVE-2018-6037: Insufficient user gesture requirements in
autofill
* Medium CVE-2018-6038: Heap buffer overflow in WebGL
* Medium CVE-2018-6039: XSS in DevTools
* Medium CVE-2018-6040: Content security policy bypass
* Medium CVE-2018-6041: URL spoof in Navigation
* Medium CVE-2018-6042: URL spoof in OmniBox
* Medium CVE-2018-6043: Insufficient escaping with external URL handlers
* Medium CVE-2018-6045: Insufficient isolation of devtools from
extensions
* Medium CVE-2018-6046: Insufficient isolation of devtools from
extensions
* Medium CVE-2018-6047: Cross origin URL leak in WebGL
* Low CVE-2018-6048: Referrer policy bypass in Blink
* Low CVE-2017-15420: URL spoofing in Omnibox
* Low CVE-2018-6049: UI spoof in Permissions
* Low CVE-2018-6050: URL spoof in OmniBox
* Low CVE-2018-6051: Referrer leak in XSS Auditor
* Low CVE-2018-6052: Incomplete no-referrer policy implementation
* Low CVE-2018-6053: Leak of page thumbnails in New Tab Page
* Low CVE-2018-6054: Use after free in WebUI
* CVE-2017-5070: Type confusion in V8
* CVE-2017-5071: Out of bounds read in V8
* CVE-2017-5072: Address spoofing in Omnibox
* CVE-2017-5073: Use after free in print preview
* CVE-2017-5074: Use after free in Apps Bluetooth
* CVE-2017-5075: Information leak in CSP reporting
* CVE-2017-5086: Address spoofing in Omnibox
* CVE-2017-5076: Address spoofing in Omnibox
* CVE-2017-5077: Heap buffer overflow in Skia
* CVE-2017-5078: Possible command injection in mailto handling
* CVE-2017-5079: UI spoofing in Blink
* CVE-2017-5080: Use after free in credit card autofill
* CVE-2017-5081: Extension verification bypass
* CVE-2017-5082: Insufficient hardening in credit card editor
* CVE-2017-5083: UI spoofing in Blink
* CVE-2017-5085: Inappropriate javascript execution on WebUI pages
- CVE-2016-1663: Use-after-free in Blink's V8 bindings
* CVE-2013-6643: Unprompted sync with an attacker's
* Use Google's online spellchecker to identify misspelled words

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2026-124=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64):

chromedriver-147.0.7727.55-bp156.2.260.1
chromium-147.0.7727.55-bp156.2.260.1

References:

https://www.suse.com/security/cve/CVE-2013-6643.html
https://www.suse.com/security/cve/CVE-2016-1663.html
https://www.suse.com/security/cve/CVE-2017-15420.html
https://www.suse.com/security/cve/CVE-2017-5070.html
https://www.suse.com/security/cve/CVE-2017-5071.html
https://www.suse.com/security/cve/CVE-2017-5072.html
https://www.suse.com/security/cve/CVE-2017-5073.html
https://www.suse.com/security/cve/CVE-2017-5074.html
https://www.suse.com/security/cve/CVE-2017-5075.html
https://www.suse.com/security/cve/CVE-2017-5076.html
https://www.suse.com/security/cve/CVE-2017-5077.html
https://www.suse.com/security/cve/CVE-2017-5078.html
https://www.suse.com/security/cve/CVE-2017-5079.html
https://www.suse.com/security/cve/CVE-2017-5080.html
https://www.suse.com/security/cve/CVE-2017-5081.html
https://www.suse.com/security/cve/CVE-2017-5082.html
https://www.suse.com/security/cve/CVE-2017-5083.html
https://www.suse.com/security/cve/CVE-2017-5085.html
https://www.suse.com/security/cve/CVE-2017-5086.html
https://www.suse.com/security/cve/CVE-2018-6031.html
https://www.suse.com/security/cve/CVE-2018-6032.html
https://www.suse.com/security/cve/CVE-2018-6033.html
https://www.suse.com/security/cve/CVE-2018-6034.html
https://www.suse.com/security/cve/CVE-2018-6035.html
https://www.suse.com/security/cve/CVE-2018-6036.html
https://www.suse.com/security/cve/CVE-2018-6037.html
https://www.suse.com/security/cve/CVE-2018-6038.html
https://www.suse.com/security/cve/CVE-2018-6039.html
https://www.suse.com/security/cve/CVE-2018-6040.html
https://www.suse.com/security/cve/CVE-2018-6041.html
https://www.suse.com/security/cve/CVE-2018-6042.html
https://www.suse.com/security/cve/CVE-2018-6043.html
https://www.suse.com/security/cve/CVE-2018-6045.html
https://www.suse.com/security/cve/CVE-2018-6046.html
https://www.suse.com/security/cve/CVE-2018-6047.html
https://www.suse.com/security/cve/CVE-2018-6048.html
https://www.suse.com/security/cve/CVE-2018-6049.html
https://www.suse.com/security/cve/CVE-2018-6050.html
https://www.suse.com/security/cve/CVE-2018-6051.html
https://www.suse.com/security/cve/CVE-2018-6052.html
https://www.suse.com/security/cve/CVE-2018-6053.html
https://www.suse.com/security/cve/CVE-2018-6054.html
https://www.suse.com/security/cve/CVE-2019-5754.html
https://www.suse.com/security/cve/CVE-2019-5755.html
https://www.suse.com/security/cve/CVE-2019-5756.html
https://www.suse.com/security/cve/CVE-2019-5757.html
https://www.suse.com/security/cve/CVE-2019-5758.html
https://www.suse.com/security/cve/CVE-2019-5759.html
https://www.suse.com/security/cve/CVE-2019-5760.html
https://www.suse.com/security/cve/CVE-2019-5761.html
https://www.suse.com/security/cve/CVE-2019-5762.html
https://www.suse.com/security/cve/CVE-2019-5763.html
https://www.suse.com/security/cve/CVE-2019-5764.html
https://www.suse.com/security/cve/CVE-2019-5765.html
https://www.suse.com/security/cve/CVE-2019-5766.html
https://www.suse.com/security/cve/CVE-2019-5767.html
https://www.suse.com/security/cve/CVE-2019-5768.html
https://www.suse.com/security/cve/CVE-2019-5769.html
https://www.suse.com/security/cve/CVE-2019-5770.html
https://www.suse.com/security/cve/CVE-2019-5771.html
https://www.suse.com/security/cve/CVE-2019-5772.html
https://www.suse.com/security/cve/CVE-2019-5773.html
https://www.suse.com/security/cve/CVE-2019-5774.html
https://www.suse.com/security/cve/CVE-2019-5775.html
https://www.suse.com/security/cve/CVE-2019-5776.html
https://www.suse.com/security/cve/CVE-2019-5777.html
https://www.suse.com/security/cve/CVE-2019-5778.html
https://www.suse.com/security/cve/CVE-2019-5779.html
https://www.suse.com/security/cve/CVE-2019-5780.html
https://www.suse.com/security/cve/CVE-2019-5781.html
https://www.suse.com/security/cve/CVE-2019-5782.html
https://www.suse.com/security/cve/CVE-2020-6465.html
https://www.suse.com/security/cve/CVE-2020-6466.html
https://www.suse.com/security/cve/CVE-2020-6467.html
https://www.suse.com/security/cve/CVE-2020-6468.html
https://www.suse.com/security/cve/CVE-2020-6469.html
https://www.suse.com/security/cve/CVE-2020-6470.html
https://www.suse.com/security/cve/CVE-2020-6471.html
https://www.suse.com/security/cve/CVE-2020-6472.html
https://www.suse.com/security/cve/CVE-2020-6473.html
https://www.suse.com/security/cve/CVE-2020-6474.html
https://www.suse.com/security/cve/CVE-2020-6475.html
https://www.suse.com/security/cve/CVE-2020-6476.html
https://www.suse.com/security/cve/CVE-2020-6477.html
https://www.suse.com/security/cve/CVE-2020-6478.html
https://www.suse.com/security/cve/CVE-2020-6479.html
https://www.suse.com/security/cve/CVE-2020-6480.html
https://www.suse.com/security/cve/CVE-2020-6481.html
https://www.suse.com/security/cve/CVE-2020-6482.html
https://www.suse.com/security/cve/CVE-2020-6483.html
https://www.suse.com/security/cve/CVE-2020-6484.html
https://www.suse.com/security/cve/CVE-2020-6485.html
https://www.suse.com/security/cve/CVE-2020-6486.html
https://www.suse.com/security/cve/CVE-2020-6487.html
https://www.suse.com/security/cve/CVE-2020-6488.html
https://www.suse.com/security/cve/CVE-2020-6489.html
https://www.suse.com/security/cve/CVE-2020-6490.html
https://www.suse.com/security/cve/CVE-2020-6491.html
https://www.suse.com/security/cve/CVE-2024-3834.html
https://www.suse.com/security/cve/CVE-2024-7000.html
https://www.suse.com/security/cve/CVE-2025-4050.html
https://www.suse.com/security/cve/CVE-2025-4051.html
https://www.suse.com/security/cve/CVE-2025-4052.html
https://www.suse.com/security/cve/CVE-2025-4096.html
https://www.suse.com/security/cve/CVE-2026-5858.html
https://www.suse.com/security/cve/CVE-2026-5859.html
https://www.suse.com/security/cve/CVE-2026-5860.html
https://www.suse.com/security/cve/CVE-2026-5861.html
https://www.suse.com/security/cve/CVE-2026-5862.html
https://www.suse.com/security/cve/CVE-2026-5863.html
https://www.suse.com/security/cve/CVE-2026-5864.html
https://www.suse.com/security/cve/CVE-2026-5865.html
https://www.suse.com/security/cve/CVE-2026-5866.html
https://www.suse.com/security/cve/CVE-2026-5867.html
https://www.suse.com/security/cve/CVE-2026-5868.html
https://www.suse.com/security/cve/CVE-2026-5869.html
https://www.suse.com/security/cve/CVE-2026-5870.html
https://www.suse.com/security/cve/CVE-2026-5871.html
https://www.suse.com/security/cve/CVE-2026-5872.html
https://www.suse.com/security/cve/CVE-2026-5873.html
https://www.suse.com/security/cve/CVE-2026-5874.html
https://www.suse.com/security/cve/CVE-2026-5875.html
https://www.suse.com/security/cve/CVE-2026-5876.html
https://www.suse.com/security/cve/CVE-2026-5877.html
https://www.suse.com/security/cve/CVE-2026-5878.html
https://www.suse.com/security/cve/CVE-2026-5879.html
https://www.suse.com/security/cve/CVE-2026-5880.html
https://www.suse.com/security/cve/CVE-2026-5881.html
https://www.suse.com/security/cve/CVE-2026-5882.html
https://www.suse.com/security/cve/CVE-2026-5883.html
https://www.suse.com/security/cve/CVE-2026-5884.html
https://www.suse.com/security/cve/CVE-2026-5885.html
https://www.suse.com/security/cve/CVE-2026-5886.html
https://www.suse.com/security/cve/CVE-2026-5887.html
https://www.suse.com/security/cve/CVE-2026-5888.html
https://www.suse.com/security/cve/CVE-2026-5889.html
https://www.suse.com/security/cve/CVE-2026-5890.html
https://www.suse.com/security/cve/CVE-2026-5891.html
https://www.suse.com/security/cve/CVE-2026-5892.html
https://www.suse.com/security/cve/CVE-2026-5893.html
https://www.suse.com/security/cve/CVE-2026-5894.html
https://www.suse.com/security/cve/CVE-2026-5895.html
https://www.suse.com/security/cve/CVE-2026-5896.html
https://www.suse.com/security/cve/CVE-2026-5897.html
https://www.suse.com/security/cve/CVE-2026-5898.html
https://www.suse.com/security/cve/CVE-2026-5899.html
https://www.suse.com/security/cve/CVE-2026-5900.html
https://www.suse.com/security/cve/CVE-2026-5901.html
https://www.suse.com/security/cve/CVE-2026-5902.html
https://www.suse.com/security/cve/CVE-2026-5903.html
https://www.suse.com/security/cve/CVE-2026-5904.html
https://www.suse.com/security/cve/CVE-2026-5905.html
https://www.suse.com/security/cve/CVE-2026-5906.html
https://www.suse.com/security/cve/CVE-2026-5907.html
https://www.suse.com/security/cve/CVE-2026-5908.html
https://www.suse.com/security/cve/CVE-2026-5909.html
https://www.suse.com/security/cve/CVE-2026-5910.html
https://www.suse.com/security/cve/CVE-2026-5911.html
https://www.suse.com/security/cve/CVE-2026-5912.html
https://www.suse.com/security/cve/CVE-2026-5913.html
https://www.suse.com/security/cve/CVE-2026-5914.html
https://www.suse.com/security/cve/CVE-2026-5915.html
https://www.suse.com/security/cve/CVE-2026-5918.html
https://www.suse.com/security/cve/CVE-2026-5919.html
https://bugzilla.suse.com/1261758

openSUSE-SU-2026:0121-1: moderate: Security update for python-Flask-HTTPAuth

openSUSE Security Update: Security update for python-Flask-HTTPAuth
_______________________________

Announcement ID: openSUSE-SU-2026:0121-1
Rating: moderate
References: #1261355
Cross-References: CVE-2026-34531
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for python-Flask-HTTPAuth fixes the following issues:

- CVE-2026-34531: Do not accept empty tokens (boo#1261355)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2026-121=1

Package List:

- openSUSE Backports SLE-15-SP6 (noarch):

python311-Flask-HTTPAuth-4.8.0-bp156.2.3.1

References:

https://www.suse.com/security/cve/CVE-2026-34531.html
https://bugzilla.suse.com/1261355

openSUSE-SU-2026:0122-1: moderate: Security update for python-Flask-HTTPAuth

openSUSE Security Update: Security update for python-Flask-HTTPAuth
_______________________________

Announcement ID: openSUSE-SU-2026:0122-1
Rating: moderate
References: #1261355
Cross-References: CVE-2026-34531
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for python-Flask-HTTPAuth fixes the following issues:

- CVE-2026-34531: Do not accept empty tokens (boo#1261355)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-122=1

Package List:

- openSUSE Backports SLE-15-SP7 (noarch):

python311-Flask-HTTPAuth-4.8.0-bp157.2.3.1

References:

https://www.suse.com/security/cve/CVE-2026-34531.html
https://bugzilla.suse.com/1261355

openSUSE-SU-2026:10532-1: moderate: helm3-3.20.2-1.1 on GA media

# helm3-3.20.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10532-1
Rating: moderate

Cross-References:

* CVE-2026-35206

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the helm3-3.20.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* helm3 3.20.2-1.1
* helm3-bash-completion 3.20.2-1.1
* helm3-fish-completion 3.20.2-1.1
* helm3-zsh-completion 3.20.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-35206.html

openSUSE-SU-2026:10530-1: moderate: chromedriver-147.0.7727.55-1.1 on GA media

# chromedriver-147.0.7727.55-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10530-1
Rating: moderate

Cross-References:

* CVE-2026-5858
* CVE-2026-5859
* CVE-2026-5860
* CVE-2026-5861
* CVE-2026-5862
* CVE-2026-5863
* CVE-2026-5864
* CVE-2026-5865
* CVE-2026-5866
* CVE-2026-5867
* CVE-2026-5868
* CVE-2026-5869
* CVE-2026-5870
* CVE-2026-5871
* CVE-2026-5872
* CVE-2026-5873
* CVE-2026-5874
* CVE-2026-5875
* CVE-2026-5876
* CVE-2026-5877
* CVE-2026-5878
* CVE-2026-5879
* CVE-2026-5880
* CVE-2026-5881
* CVE-2026-5882
* CVE-2026-5883
* CVE-2026-5884
* CVE-2026-5885
* CVE-2026-5886
* CVE-2026-5887
* CVE-2026-5888
* CVE-2026-5889
* CVE-2026-5890
* CVE-2026-5891
* CVE-2026-5892
* CVE-2026-5893
* CVE-2026-5894
* CVE-2026-5895
* CVE-2026-5896
* CVE-2026-5897
* CVE-2026-5898
* CVE-2026-5899
* CVE-2026-5900
* CVE-2026-5901
* CVE-2026-5902
* CVE-2026-5903
* CVE-2026-5904
* CVE-2026-5905
* CVE-2026-5906
* CVE-2026-5907
* CVE-2026-5908
* CVE-2026-5909
* CVE-2026-5910
* CVE-2026-5911
* CVE-2026-5912
* CVE-2026-5913
* CVE-2026-5914
* CVE-2026-5915
* CVE-2026-5918
* CVE-2026-5919

Affected Products:

* openSUSE Tumbleweed

An update that solves 60 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the chromedriver-147.0.7727.55-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* chromedriver 147.0.7727.55-1.1
* chromium 147.0.7727.55-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-5858.html
* https://www.suse.com/security/cve/CVE-2026-5859.html
* https://www.suse.com/security/cve/CVE-2026-5860.html
* https://www.suse.com/security/cve/CVE-2026-5861.html
* https://www.suse.com/security/cve/CVE-2026-5862.html
* https://www.suse.com/security/cve/CVE-2026-5863.html
* https://www.suse.com/security/cve/CVE-2026-5864.html
* https://www.suse.com/security/cve/CVE-2026-5865.html
* https://www.suse.com/security/cve/CVE-2026-5866.html
* https://www.suse.com/security/cve/CVE-2026-5867.html
* https://www.suse.com/security/cve/CVE-2026-5868.html
* https://www.suse.com/security/cve/CVE-2026-5869.html
* https://www.suse.com/security/cve/CVE-2026-5870.html
* https://www.suse.com/security/cve/CVE-2026-5871.html
* https://www.suse.com/security/cve/CVE-2026-5872.html
* https://www.suse.com/security/cve/CVE-2026-5873.html
* https://www.suse.com/security/cve/CVE-2026-5874.html
* https://www.suse.com/security/cve/CVE-2026-5875.html
* https://www.suse.com/security/cve/CVE-2026-5876.html
* https://www.suse.com/security/cve/CVE-2026-5877.html
* https://www.suse.com/security/cve/CVE-2026-5878.html
* https://www.suse.com/security/cve/CVE-2026-5879.html
* https://www.suse.com/security/cve/CVE-2026-5880.html
* https://www.suse.com/security/cve/CVE-2026-5881.html
* https://www.suse.com/security/cve/CVE-2026-5882.html
* https://www.suse.com/security/cve/CVE-2026-5883.html
* https://www.suse.com/security/cve/CVE-2026-5884.html
* https://www.suse.com/security/cve/CVE-2026-5885.html
* https://www.suse.com/security/cve/CVE-2026-5886.html
* https://www.suse.com/security/cve/CVE-2026-5887.html
* https://www.suse.com/security/cve/CVE-2026-5888.html
* https://www.suse.com/security/cve/CVE-2026-5889.html
* https://www.suse.com/security/cve/CVE-2026-5890.html
* https://www.suse.com/security/cve/CVE-2026-5891.html
* https://www.suse.com/security/cve/CVE-2026-5892.html
* https://www.suse.com/security/cve/CVE-2026-5893.html
* https://www.suse.com/security/cve/CVE-2026-5894.html
* https://www.suse.com/security/cve/CVE-2026-5895.html
* https://www.suse.com/security/cve/CVE-2026-5896.html
* https://www.suse.com/security/cve/CVE-2026-5897.html
* https://www.suse.com/security/cve/CVE-2026-5898.html
* https://www.suse.com/security/cve/CVE-2026-5899.html
* https://www.suse.com/security/cve/CVE-2026-5900.html
* https://www.suse.com/security/cve/CVE-2026-5901.html
* https://www.suse.com/security/cve/CVE-2026-5902.html
* https://www.suse.com/security/cve/CVE-2026-5903.html
* https://www.suse.com/security/cve/CVE-2026-5904.html
* https://www.suse.com/security/cve/CVE-2026-5905.html
* https://www.suse.com/security/cve/CVE-2026-5906.html
* https://www.suse.com/security/cve/CVE-2026-5907.html
* https://www.suse.com/security/cve/CVE-2026-5908.html
* https://www.suse.com/security/cve/CVE-2026-5909.html
* https://www.suse.com/security/cve/CVE-2026-5910.html
* https://www.suse.com/security/cve/CVE-2026-5911.html
* https://www.suse.com/security/cve/CVE-2026-5912.html
* https://www.suse.com/security/cve/CVE-2026-5913.html
* https://www.suse.com/security/cve/CVE-2026-5914.html
* https://www.suse.com/security/cve/CVE-2026-5915.html
* https://www.suse.com/security/cve/CVE-2026-5918.html
* https://www.suse.com/security/cve/CVE-2026-5919.html

openSUSE-SU-2026:10533-1: moderate: libopenssl-3-devel-3.5.3-4.1 on GA media

# libopenssl-3-devel-3.5.3-4.1 on GA media

Announcement ID: openSUSE-SU-2026:10533-1
Rating: moderate

Cross-References:

* CVE-2026-2673
* CVE-2026-28387
* CVE-2026-28388
* CVE-2026-28389
* CVE-2026-28390
* CVE-2026-31789
* CVE-2026-31790

CVSS scores:

* CVE-2026-2673 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-2673 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-28387 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-28390 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28390 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31789 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-31790 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected Products:

* openSUSE Tumbleweed

An update that solves 7 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the libopenssl-3-devel-3.5.3-4.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libopenssl-3-devel 3.5.3-4.1
* libopenssl-3-devel-32bit 3.5.3-4.1
* libopenssl-3-fips-provider 3.5.3-4.1
* libopenssl-3-fips-provider-32bit 3.5.3-4.1
* libopenssl-3-fips-provider-x86-64-v3 3.5.3-4.1
* libopenssl3 3.5.3-4.1
* libopenssl3-32bit 3.5.3-4.1
* libopenssl3-x86-64-v3 3.5.3-4.1
* openssl-3 3.5.3-4.1
* openssl-3-doc 3.5.3-4.1

## References:

* https://www.suse.com/security/cve/CVE-2026-2673.html
* https://www.suse.com/security/cve/CVE-2026-28387.html
* https://www.suse.com/security/cve/CVE-2026-28388.html
* https://www.suse.com/security/cve/CVE-2026-28389.html
* https://www.suse.com/security/cve/CVE-2026-28390.html
* https://www.suse.com/security/cve/CVE-2026-31789.html
* https://www.suse.com/security/cve/CVE-2026-31790.html

NodeJS and Kernel updates for Rocky Linux 10

Linux Kernel 7.0 released

Chromium, Python, Helm, Chromedriver, Libopenssl updates for SUSE

openSUSE-SU-2026:0124-1: important: Security update for chromium

openSUSE-SU-2026:0121-1: moderate: Security update for python-Flask-HTTPAuth

openSUSE-SU-2026:0122-1: moderate: Security update for python-Flask-HTTPAuth

openSUSE-SU-2026:10532-1: moderate: helm3-3.20.2-1.1 on GA media

openSUSE-SU-2026:10530-1: moderate: chromedriver-147.0.7727.55-1.1 on GA media

openSUSE-SU-2026:10533-1: moderate: libopenssl-3-devel-3.5.3-4.1 on GA media

Windows

Linux

macOS

Community