openSUSE-SU-2026:20460-1: important: Security update for chromium
openSUSE-SU-2026:20458-1: important: Security update for python-Pillow
openSUSE-SU-2026:10485-1: moderate: python311-Flask-Cors-6.0.2-1.1 on GA media
openSUSE-SU-2026:20460-1: important: Security update for chromium
openSUSE security update: security update for chromium
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:20460-1
Rating: important
References:
* bsc#1261249
Cross-References:
* CVE-2026-5272
* CVE-2026-5273
* CVE-2026-5274
* CVE-2026-5275
* CVE-2026-5276
* CVE-2026-5277
* CVE-2026-5278
* CVE-2026-5279
* CVE-2026-5280
* CVE-2026-5281
* CVE-2026-5282
* CVE-2026-5283
* CVE-2026-5284
* CVE-2026-5285
* CVE-2026-5286
* CVE-2026-5287
* CVE-2026-5288
* CVE-2026-5289
* CVE-2026-5290
* CVE-2026-5291
* CVE-2026-5292
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves 21 vulnerabilities and has one bug fix can now be installed.
Description:
This update for chromium fixes the following issues:
Changes in chromium:
- Chromium 146.0.7680.177 (boo#1261249)
* CVE-2026-5273: Use after free in CSS
* CVE-2026-5272: Heap buffer overflow in GPU
* CVE-2026-5274: Integer overflow in Codecs
* CVE-2026-5275: Heap buffer overflow in ANGLE
* CVE-2026-5276: Insufficient policy enforcement in WebUSB
* CVE-2026-5277: Integer overflow in ANGLE
* CVE-2026-5278: Use after free in Web MIDI
* CVE-2026-5279: Object corruption in V8
* CVE-2026-5280: Use after free in WebCodecs
* CVE-2026-5281: Use after free in Dawn
* CVE-2026-5282: Out of bounds read in WebCodecs
* CVE-2026-5283: Inappropriate implementation in ANGLE
* CVE-2026-5284: Use after free in Dawn
* CVE-2026-5285: Use after free in WebGL
* CVE-2026-5286: Use after free in Dawn
* CVE-2026-5287: Use after free in PDF
* CVE-2026-5288: Use after free in WebView
* CVE-2026-5289: Use after free in Navigation
* CVE-2026-5290: Use after free in Compositing
* CVE-2026-5291: Inappropriate implementation in WebGL
* CVE-2026-5292: Out of bounds read in WebCodecs
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-packagehub-186=1
Package List:
- openSUSE Leap 16.0:
chromedriver-146.0.7680.177-bp160.1.1
chromium-146.0.7680.177-bp160.1.1
References:
* https://www.suse.com/security/cve/CVE-2026-5272.html
* https://www.suse.com/security/cve/CVE-2026-5273.html
* https://www.suse.com/security/cve/CVE-2026-5274.html
* https://www.suse.com/security/cve/CVE-2026-5275.html
* https://www.suse.com/security/cve/CVE-2026-5276.html
* https://www.suse.com/security/cve/CVE-2026-5277.html
* https://www.suse.com/security/cve/CVE-2026-5278.html
* https://www.suse.com/security/cve/CVE-2026-5279.html
* https://www.suse.com/security/cve/CVE-2026-5280.html
* https://www.suse.com/security/cve/CVE-2026-5281.html
* https://www.suse.com/security/cve/CVE-2026-5282.html
* https://www.suse.com/security/cve/CVE-2026-5283.html
* https://www.suse.com/security/cve/CVE-2026-5284.html
* https://www.suse.com/security/cve/CVE-2026-5285.html
* https://www.suse.com/security/cve/CVE-2026-5286.html
* https://www.suse.com/security/cve/CVE-2026-5287.html
* https://www.suse.com/security/cve/CVE-2026-5288.html
* https://www.suse.com/security/cve/CVE-2026-5289.html
* https://www.suse.com/security/cve/CVE-2026-5290.html
* https://www.suse.com/security/cve/CVE-2026-5291.html
* https://www.suse.com/security/cve/CVE-2026-5292.html
openSUSE-SU-2026:20458-1: important: Security update for python-Pillow
openSUSE security update: security update for python-pillow
-------------------------------------------------------------
Announcement ID: openSUSE-SU-2026:20458-1
Rating: important
References:
* bsc#1258125
Cross-References:
* CVE-2026-25990
CVSS scores:
* CVE-2026-25990 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25990 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
An update that solves one vulnerability and has one bug fix can now be installed.
Description:
This update for python-Pillow fixes the following issues:
- CVE-2026-25990: Fixed an out-of-bounds write when opening a specially crafted PSD image. (bsc#1258125)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-473=1
Package List:
- openSUSE Leap 16.0:
python313-Pillow-11.3.0-160000.3.1
python313-Pillow-tk-11.3.0-160000.3.1
References:
* https://www.suse.com/security/cve/CVE-2026-25990.html
openSUSE-SU-2026:10485-1: moderate: python311-Flask-Cors-6.0.2-1.1 on GA media
# python311-Flask-Cors-6.0.2-1.1 on GA media
Announcement ID: openSUSE-SU-2026:10485-1
Rating: moderate
Cross-References:
* CVE-2024-6839
* CVE-2024-6844
* CVE-2024-6866
Affected Products:
* openSUSE Tumbleweed
An update that solves 3 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the python311-Flask-Cors-6.0.2-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* python311-Flask-Cors 6.0.2-1.1
* python313-Flask-Cors 6.0.2-1.1
* python314-Flask-Cors 6.0.2-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-6839.html
* https://www.suse.com/security/cve/CVE-2024-6844.html
* https://www.suse.com/security/cve/CVE-2024-6866.html
