SUSE rolled out a comprehensive suite of critical security patches across their enterprise distributions. These updates tackle dozens of high severity flaws that could enable remote code execution or privilege escalation on vulnerable systems. Administrators must prioritize the kernel live patches for SUSE Linux Enterprise distributions first, then move on to patching widely used utilities like Chromium, busybox, and strongSwan before attackers can exploit them.

SUSE-SU-2026:2149-1: important: Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:2141-1: important: Security update for the Linux Kernel (Live Patch 45 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:2159-1: important: Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:2172-1: important: Security update for the Linux Kernel (Live Patch 21 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:2158-1: important: Security update for the Linux Kernel (Live Patch 49 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:2176-1: important: Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7)
SUSE-SU-2026:2202-1: important: Security update for the Linux Kernel
SUSE-SU-2026:2200-1: important: Security update for the Linux Kernel (Live Patch 22 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:2204-1: important: Security update for busybox
SUSE-SU-2026:2199-1: important: Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise 15 SP6)
openSUSE-SU-2026:20852-1: important: Security update for roundcubemail
openSUSE-SU-2026:20849-1: important: Security update for chromium
openSUSE-SU-2026:20842-1: important: Security update for openjpeg2
openSUSE-SU-2026:20846-1: important: Security update for python-python-multipart
openSUSE-SU-2026:20851-1: important: Security update for putty
openSUSE-SU-2026:20847-1: important: Security update for postgresql-jdbc
openSUSE-SU-2026:20841-1: important: Security update for apache-commons-lang3, apache-commons-text, apache-commons-configuration2, apache-commons-cli, apache-commons-io, apache-commons-codec
openSUSE-SU-2026:20845-1: important: Security update for libsoup
openSUSE-SU-2026:10896-1: moderate: libzypp-17.38.10-1.1 on GA media
openSUSE-SU-2026:10895-1: moderate: libsolv-demo-0.7.38-1.1 on GA media
openSUSE-SU-2026:10890-1: moderate: ffmpeg-8-8.1.1-3.1 on GA media
openSUSE-SU-2026:10892-1: moderate: ignition-2.26.0-4.1 on GA media
openSUSE-SU-2026:10893-1: moderate: java-26-openjdk-26.0.1.0-1.1 on GA media
openSUSE-SU-2026:10891-1: moderate: gsasl-2.2.3-1.1 on GA media
SUSE-SU-2026:2195-1: important: Security update for the Linux Kernel
SUSE-SU-2026:2197-1: important: Security update for strongswan
SUSE-SU-2026:2191-1: important: Security update for the Linux Kernel (Live Patch 51 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:2207-1: important: Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise 15 SP7)
openSUSE-SU-2026:0181-1: critical: Security update for re

SUSE-SU-2026:2149-1: important: Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5)

# Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:2149-1
Release Date: 2026-05-31T07:07:02Z
Rating: important
References:

* bsc#1259798
* bsc#1260563
* bsc#1260908
* bsc#1264096
* bsc#1265224
* bsc#1265384

Cross-References:

* CVE-2025-54518
* CVE-2026-23243
* CVE-2026-23274
* CVE-2026-23317
* CVE-2026-46300
* CVE-2026-46333

CVSS scores:

* CVE-2025-54518 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-54518 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-54518 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-23243 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23317 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46300 ( SUSE ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46300 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46333 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.121 fixes
various security issues

The following security issues were fixed:

* CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
* CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write
(bsc#1259798).
* CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer
labels (bsc#1260908).
* CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr
functions (bsc#1260563).
* CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit
(bsc#1265224).
* CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2150=1 SUSE-2026-2151=1 SUSE-2026-2152=1
SUSE-2026-2149=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-2150=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2026-2151=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2026-2152=1 SUSE-SLE-Module-Live-Patching-15-SP5-2026-2149=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-19-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-20-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-20-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-20-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-18-150500.2.1
* kernel-livepatch-5_14_21-150500_55_121-default-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_30-debugsource-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-19-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-19-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-18-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-18-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-19-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_26-debugsource-20-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-debuginfo-20-150500.2.1
* kernel-livepatch-5_14_21-150500_55_103-default-20-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-18-150500.2.1
* kernel-livepatch-5_14_21-150500_55_121-default-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-13-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_30-debugsource-13-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-19-150500.2.1
* kernel-livepatch-5_14_21-150500_55_110-default-19-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-18-150500.2.1
* kernel-livepatch-5_14_21-150500_55_113-default-18-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-54518.html
* https://www.suse.com/security/cve/CVE-2026-23243.html
* https://www.suse.com/security/cve/CVE-2026-23274.html
* https://www.suse.com/security/cve/CVE-2026-23317.html
* https://www.suse.com/security/cve/CVE-2026-46300.html
* https://www.suse.com/security/cve/CVE-2026-46333.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259798
* https://bugzilla.suse.com/show_bug.cgi?id=1260563
* https://bugzilla.suse.com/show_bug.cgi?id=1260908
* https://bugzilla.suse.com/show_bug.cgi?id=1264096
* https://bugzilla.suse.com/show_bug.cgi?id=1265224
* https://bugzilla.suse.com/show_bug.cgi?id=1265384

SUSE-SU-2026:2141-1: important: Security update for the Linux Kernel (Live Patch 45 for SUSE Linux Enterprise 15 SP4)

# Security update for the Linux Kernel (Live Patch 45 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:2141-1
Release Date: 2026-05-31T04:35:52Z
Rating: important
References:

* bsc#1259798
* bsc#1260908
* bsc#1264096
* bsc#1265224
* bsc#1265384

Cross-References:

* CVE-2025-54518
* CVE-2026-23243
* CVE-2026-23274
* CVE-2026-46300
* CVE-2026-46333

CVSS scores:

* CVE-2025-54518 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-54518 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-54518 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-23243 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46300 ( SUSE ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46300 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46333 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.179 fixes
various security issues

The following security issues were fixed:

* CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
* CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write
(bsc#1259798).
* CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer
labels (bsc#1260908).
* CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit
(bsc#1265224).
* CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2141=1 SUSE-2026-2142=1 SUSE-2026-2145=1
SUSE-2026-2143=1 SUSE-2026-2146=1 SUSE-2026-2147=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2141=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2026-2142=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2026-2145=1 SUSE-SLE-Module-Live-Patching-15-SP4-2026-2143=1
SUSE-SLE-Module-Live-Patching-15-SP4-2026-2146=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2026-2147=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_167-default-19-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-20-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_44-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-20-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-18-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-19-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_179-default-debuginfo-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-18-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-19-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-14-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_43-debugsource-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_179-default-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_45-debugsource-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-18-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-20-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_167-default-19-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-20-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_44-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_164-default-debuginfo-20-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-18-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-19-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_179-default-debuginfo-12-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-18-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-19-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-14-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_43-debugsource-15-150400.2.1
* kernel-livepatch-5_14_21-150400_24_179-default-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_45-debugsource-12-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-18-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_40-debugsource-20-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-54518.html
* https://www.suse.com/security/cve/CVE-2026-23243.html
* https://www.suse.com/security/cve/CVE-2026-23274.html
* https://www.suse.com/security/cve/CVE-2026-46300.html
* https://www.suse.com/security/cve/CVE-2026-46333.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259798
* https://bugzilla.suse.com/show_bug.cgi?id=1260908
* https://bugzilla.suse.com/show_bug.cgi?id=1264096
* https://bugzilla.suse.com/show_bug.cgi?id=1265224
* https://bugzilla.suse.com/show_bug.cgi?id=1265384

SUSE-SU-2026:2159-1: important: Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise 15 SP5)

# Security update for the Linux Kernel (Live Patch 36 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:2159-1
Release Date: 2026-05-31T11:35:08Z
Rating: important
References:

* bsc#1259798
* bsc#1260563
* bsc#1260908
* bsc#1264096
* bsc#1265224
* bsc#1265384

Cross-References:

* CVE-2025-54518
* CVE-2026-23243
* CVE-2026-23274
* CVE-2026-23317
* CVE-2026-46300
* CVE-2026-46333

CVSS scores:

* CVE-2025-54518 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-54518 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-54518 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-23243 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23317 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46300 ( SUSE ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46300 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46333 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.141 fixes
various security issues

The following security issues were fixed:

* CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
* CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write
(bsc#1259798).
* CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer
labels (bsc#1260908).
* CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr
functions (bsc#1260563).
* CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit
(bsc#1265224).
* CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2159=1 SUSE-2026-2160=1 SUSE-2026-2155=1
SUSE-2026-2162=1 SUSE-2026-2163=1 SUSE-2026-2164=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-2159=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2026-2160=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2026-2155=1 SUSE-SLE-Module-Live-Patching-15-SP5-2026-2162=1
SUSE-SLE-Module-Live-Patching-15-SP5-2026-2163=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2026-2164=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_133-default-8-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_32-debugsource-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-8-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_127-default-8-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_31-debugsource-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_136-default-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_35-debugsource-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_34-debugsource-8-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_36-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_141-default-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_141-default-debuginfo-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_124-default-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-16-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_133-default-8-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_32-debugsource-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-16-150500.2.1
* kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_127-default-8-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_31-debugsource-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_136-default-7-150500.2.1
* kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_35-debugsource-7-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_34-debugsource-8-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_36-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_141-default-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_141-default-debuginfo-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_124-default-11-150500.2.1
* kernel-livepatch-5_14_21-150500_55_116-default-16-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x)
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-16-150500.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-54518.html
* https://www.suse.com/security/cve/CVE-2026-23243.html
* https://www.suse.com/security/cve/CVE-2026-23274.html
* https://www.suse.com/security/cve/CVE-2026-23317.html
* https://www.suse.com/security/cve/CVE-2026-46300.html
* https://www.suse.com/security/cve/CVE-2026-46333.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259798
* https://bugzilla.suse.com/show_bug.cgi?id=1260563
* https://bugzilla.suse.com/show_bug.cgi?id=1260908
* https://bugzilla.suse.com/show_bug.cgi?id=1264096
* https://bugzilla.suse.com/show_bug.cgi?id=1265224
* https://bugzilla.suse.com/show_bug.cgi?id=1265384

SUSE-SU-2026:2172-1: important: Security update for the Linux Kernel (Live Patch 21 for SUSE Linux Enterprise 15 SP6)

# Security update for the Linux Kernel (Live Patch 21 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:2172-1
Release Date: 2026-05-31T15:06:21Z
Rating: important
References:

* bsc#1259798
* bsc#1260563
* bsc#1260908
* bsc#1264096
* bsc#1265224
* bsc#1265384

Cross-References:

* CVE-2025-54518
* CVE-2026-23243
* CVE-2026-23274
* CVE-2026-23317
* CVE-2026-46300
* CVE-2026-46333

CVSS scores:

* CVE-2025-54518 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-54518 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-54518 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-23243 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23317 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46300 ( SUSE ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46300 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46333 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.92 fixes
various security issues

The following security issues were fixed:

* CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
* CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write
(bsc#1259798).
* CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer
labels (bsc#1260908).
* CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr
functions (bsc#1260563).
* CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit
(bsc#1265224).
* CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2172=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-2172=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2170=1 SUSE-2026-2171=1 SUSE-2026-2165=1
SUSE-2026-2166=1 SUSE-2026-2167=1 SUSE-2026-2173=1 SUSE-2026-2169=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2170=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2026-2171=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2026-2165=1 SUSE-SLE-Module-Live-Patching-15-SP6-2026-2166=1
SUSE-SLE-Module-Live-Patching-15-SP6-2026-2167=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2026-2173=1 SUSE-SLE-Module-Live-Patching-15-SP6-2026-2169=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_130-default-8-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_33-debugsource-8-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-8-150500.2.1
* kernel-livepatch-5_14_21-150500_55_130-default-8-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_33-debugsource-8-150500.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-12-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_20-debugsource-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_92-default-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_87-default-6-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-18-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_21-debugsource-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_81-default-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-12-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_18-debugsource-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_92-default-debuginfo-4-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_50-default-debuginfo-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-12-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_20-debugsource-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_50-default-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_60-default-16-150600.2.1
* kernel-livepatch-6_4_0-150600_23_92-default-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_87-default-6-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_11-debugsource-18-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_21-debugsource-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_81-default-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-12-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_18-debugsource-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-18-150600.2.1
* kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-6-150600.2.1
* kernel-livepatch-6_4_0-150600_23_92-default-debuginfo-4-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-54518.html
* https://www.suse.com/security/cve/CVE-2026-23243.html
* https://www.suse.com/security/cve/CVE-2026-23274.html
* https://www.suse.com/security/cve/CVE-2026-23317.html
* https://www.suse.com/security/cve/CVE-2026-46300.html
* https://www.suse.com/security/cve/CVE-2026-46333.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259798
* https://bugzilla.suse.com/show_bug.cgi?id=1260563
* https://bugzilla.suse.com/show_bug.cgi?id=1260908
* https://bugzilla.suse.com/show_bug.cgi?id=1264096
* https://bugzilla.suse.com/show_bug.cgi?id=1265224
* https://bugzilla.suse.com/show_bug.cgi?id=1265384

SUSE-SU-2026:2158-1: important: Security update for the Linux Kernel (Live Patch 49 for SUSE Linux Enterprise 15 SP4)

# Security update for the Linux Kernel (Live Patch 49 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:2158-1
Release Date: 2026-05-31T11:34:13Z
Rating: important
References:

* bsc#1259798
* bsc#1260908
* bsc#1264096
* bsc#1265224
* bsc#1265384

Cross-References:

* CVE-2025-54518
* CVE-2026-23243
* CVE-2026-23274
* CVE-2026-46300
* CVE-2026-46333

CVSS scores:

* CVE-2025-54518 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-54518 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-54518 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-23243 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46300 ( SUSE ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46300 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46333 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves five vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.197 fixes
various security issues

The following security issues were fixed:

* CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
* CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write
(bsc#1259798).
* CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer
labels (bsc#1260908).
* CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit
(bsc#1265224).
* CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2158=1 SUSE-2026-2161=1 SUSE-2026-2156=1
SUSE-2026-2154=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2158=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2026-2161=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2026-2156=1 SUSE-SLE-Module-Live-Patching-15-SP4-2026-2154=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-8-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_49-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_187-default-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_194-default-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_197-default-debuginfo-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-8-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_48-debugsource-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_197-default-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_47-debugsource-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_194-default-debuginfo-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_46-debugsource-8-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-8-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_49-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_187-default-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_194-default-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_197-default-debuginfo-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-8-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_48-debugsource-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_197-default-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_47-debugsource-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_194-default-debuginfo-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_46-debugsource-8-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-54518.html
* https://www.suse.com/security/cve/CVE-2026-23243.html
* https://www.suse.com/security/cve/CVE-2026-23274.html
* https://www.suse.com/security/cve/CVE-2026-46300.html
* https://www.suse.com/security/cve/CVE-2026-46333.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259798
* https://bugzilla.suse.com/show_bug.cgi?id=1260908
* https://bugzilla.suse.com/show_bug.cgi?id=1264096
* https://bugzilla.suse.com/show_bug.cgi?id=1265224
* https://bugzilla.suse.com/show_bug.cgi?id=1265384

SUSE-SU-2026:2176-1: important: Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7)

# Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise
15 SP7)

Announcement ID: SUSE-SU-2026:2176-1
Release Date: 2026-05-31T19:36:24Z
Rating: important
References:

* bsc#1259798
* bsc#1260563
* bsc#1260908
* bsc#1264096
* bsc#1265224
* bsc#1265384

Cross-References:

* CVE-2025-54518
* CVE-2026-23243
* CVE-2026-23274
* CVE-2026-23317
* CVE-2026-46300
* CVE-2026-46333

CVSS scores:

* CVE-2025-54518 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-54518 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-54518 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-23243 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23317 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46300 ( SUSE ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46300 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46333 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.6 fixes various
security issues

The following security issues were fixed:

* CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
* CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write
(bsc#1259798).
* CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer
labels (bsc#1260908).
* CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr
functions (bsc#1260563).
* CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit
(bsc#1265224).
* CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2175=1 SUSE-2026-2177=1 SUSE-2026-2176=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2176=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2026-2175=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2026-2177=1

* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-2179=1 SUSE-SLE-
Module-Live-Patching-15-SP7-2026-2180=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_15-debugsource-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_73-default-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_16-debugsource-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_84-default-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_19-debugsource-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-9-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_15-debugsource-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_73-default-9-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_16-debugsource-9-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_70-default-12-150600.2.1
* kernel-livepatch-6_4_0-150600_23_84-default-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_19-debugsource-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-9-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP7_Update_2-debugsource-16-150700.2.1
* kernel-livepatch-6_4_0-150700_53_6-default-16-150700.2.1
* kernel-livepatch-6_4_0-150700_53_3-default-debuginfo-17-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_1-debugsource-17-150700.2.1
* kernel-livepatch-6_4_0-150700_53_6-default-debuginfo-16-150700.2.1
* kernel-livepatch-6_4_0-150700_53_3-default-17-150700.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-54518.html
* https://www.suse.com/security/cve/CVE-2026-23243.html
* https://www.suse.com/security/cve/CVE-2026-23274.html
* https://www.suse.com/security/cve/CVE-2026-23317.html
* https://www.suse.com/security/cve/CVE-2026-46300.html
* https://www.suse.com/security/cve/CVE-2026-46333.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259798
* https://bugzilla.suse.com/show_bug.cgi?id=1260563
* https://bugzilla.suse.com/show_bug.cgi?id=1260908
* https://bugzilla.suse.com/show_bug.cgi?id=1264096
* https://bugzilla.suse.com/show_bug.cgi?id=1265224
* https://bugzilla.suse.com/show_bug.cgi?id=1265384

SUSE-SU-2026:2202-1: important: Security update for the Linux Kernel

# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2026:2202-1
Release Date: 2026-06-01T10:02:15Z
Rating: important
References:

* bsc#1221010
* bsc#1243603
* bsc#1258248
* bsc#1258518
* bsc#1258718
* bsc#1258849
* bsc#1258850
* bsc#1258854
* bsc#1258855
* bsc#1258856
* bsc#1258857
* bsc#1259484
* bsc#1259485
* bsc#1259857
* bsc#1260010
* bsc#1260018
* bsc#1260522
* bsc#1260526
* bsc#1260983
* bsc#1261287
* bsc#1261295
* bsc#1261638
* bsc#1261710
* bsc#1261779
* bsc#1261781
* bsc#1261796
* bsc#1261797
* bsc#1262179
* bsc#1262181
* bsc#1262602
* bsc#1262734
* bsc#1262758
* bsc#1263065
* bsc#1263085
* bsc#1263095
* bsc#1263131
* bsc#1263141
* bsc#1263165
* bsc#1263170
* bsc#1263176
* bsc#1263582
* bsc#1263600
* bsc#1263668
* bsc#1263723
* bsc#1263882
* bsc#1263901
* bsc#1263931
* bsc#1263933
* bsc#1264059
* bsc#1264082
* bsc#1264450
* bsc#1264482
* bsc#1264634
* bsc#1264651
* bsc#1264848
* bsc#1265085
* bsc#1265090
* bsc#1265119
* bsc#1265126
* bsc#1265308
* bsc#1265456
* bsc#1265626
* bsc#1265960

Cross-References:

* CVE-2021-47103
* CVE-2023-20585
* CVE-2026-23209
* CVE-2026-23239
* CVE-2026-23240
* CVE-2026-23268
* CVE-2026-23269
* CVE-2026-23271
* CVE-2026-23273
* CVE-2026-23351
* CVE-2026-23393
* CVE-2026-23403
* CVE-2026-23404
* CVE-2026-23405
* CVE-2026-23406
* CVE-2026-23407
* CVE-2026-23408
* CVE-2026-23409
* CVE-2026-23410
* CVE-2026-23411
* CVE-2026-23449
* CVE-2026-23458
* CVE-2026-23462
* CVE-2026-31402
* CVE-2026-31403
* CVE-2026-31408
* CVE-2026-31436
* CVE-2026-31504
* CVE-2026-31507
* CVE-2026-31512
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31588
* CVE-2026-31602
* CVE-2026-31607
* CVE-2026-31649
* CVE-2026-31656
* CVE-2026-31662
* CVE-2026-31669
* CVE-2026-31685
* CVE-2026-31694
* CVE-2026-31700
* CVE-2026-31738
* CVE-2026-31787
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43050
* CVE-2026-43110
* CVE-2026-43126
* CVE-2026-43190
* CVE-2026-43214
* CVE-2026-43329
* CVE-2026-43334
* CVE-2026-43365
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43500
* CVE-2026-43503
* CVE-2026-46333

CVSS scores:

* CVE-2021-47103 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2021-47103 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-47103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-20585 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2023-20585 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-20585 ( NVD ): 5.6
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23239 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23239 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23240 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23240 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23240 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23269 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23269 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-23269 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23271 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23271 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-23271 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23273 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23273 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23273 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23351 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23351 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23403 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23403 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-23403 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23404 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23404 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23404 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23405 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23405 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23405 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23406 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23406 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-23406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23407 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23407 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-23407 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23408 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23408 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-23408 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23408 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23409 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23409 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-23409 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23410 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23410 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23410 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23410 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23411 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23411 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23411 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23411 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23449 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23449 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23449 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23458 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23458 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23458 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23462 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23462 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23462 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31402 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31403 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31403 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31403 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31408 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31408 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31408 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31436 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31436 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31507 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31507 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31507 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31512 ( SUSE ): 7.1
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31512 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-31512 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31588 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31588 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31588 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-31602 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31602 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31602 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31607 ( SUSE ): 7.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31607 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-31607 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31649 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31649 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31649 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31656 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31656 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31656 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31662 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31662 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31662 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31669 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31669 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31669 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31694 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31700 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31700 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31700 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31738 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31738 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31738 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31787 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31787 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31787 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43050 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43050 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43050 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43110 ( SUSE ): 7.7
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43110 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43110 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43126 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43126 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43126 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43214 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43214 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43214 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43329 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43329 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43329 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43334 ( SUSE ): 8.6
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-43334 ( SUSE ): 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-43334 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43365 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43365 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43365 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43500 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43503 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46333 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46333 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves 60 vulnerabilities and has three security fixes can now be
installed.

## Description:

The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security
issues

The following security issues were fixed:

* CVE-2021-47103: inet: fully convert sk->sk_rx_dst to RCU rules
(bsc#1221010).
* CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 (bsc#1243603).
* CVE-2026-23239: espintcp: Fix race condition in espintcp_close()
(bsc#1259485).
* CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx()
(bsc#1259484).
* CVE-2026-23271: perf: Fix __perf_event_overflow() vs
perf_remove_from_context() race (bsc#1260018).
* CVE-2026-23351: netfilter: nft_set_pipapo: split gc into unlink and reclaim
phase (bsc#1260526).
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260522).
* CVE-2026-23449: net/sched: teql: Fix double-free in teql_master_xmit
(bsc#1261779).
* CVE-2026-23458: netfilter: ctnetlink: fix use-after-free in
ctnetlink_dump_exp_ct() (bsc#1261781).
* CVE-2026-23462: Bluetooth: HIDP: Fix possible UAF (bsc#1261710).
* CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
(bsc#1261638).
* CVE-2026-31403: NFSD: Hold net reference for the lifetime of
/proc/fs/nfs/exports fd (bsc#1261796).
* CVE-2026-31408: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due
to missing sock_hold (bsc#1261797).
* CVE-2026-31436: dmaengine: idxd: fix possible wrong descriptor completion in
llist_abort_desc() (bsc#1262602).
* CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race
(bsc#1263085).
* CVE-2026-31507: net/smc: fix double-free of smc_spd_priv when tee()
duplicates splice pipe buffer (bsc#1263095).
* CVE-2026-31512: Bluetooth: L2CAP: Validate PDU length before reading SDU
length in l2cap_ecred_data_rcv() (bsc#1262734).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262758).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263065).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263176).
* CVE-2026-31588: KVM: x86: Use scratch field in MMIO fragment to hold small
write values (bsc#1263165).
* CVE-2026-31602: ALSA: ctxfi: Limit PTP to a single page (bsc#1263723).
* CVE-2026-31607: usbip: validate number_of_packets in usbip_pack_ret_submit()
(bsc#1263600).
* CVE-2026-31649: net: stmmac: fix integer underflow in chain mode
(bsc#1263582).
* CVE-2026-31656: drm/i915/gt: fix refcount underflow in
intel_engine_park_heartbeat (bsc#1263170).
* CVE-2026-31662: tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG
(bsc#1263131).
* CVE-2026-31669: mptcp: fix slab-use-after-free in __inet_lookup_established
(bsc#1263141).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263668).
* CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263901).
* CVE-2026-31700: net/packet: fix TOCTOU race on mmap'd vnet_hdr in
tpacket_snd() (bsc#1263882).
* CVE-2026-31738: vxlan: validate ND option lengths in vxlan_na_create
(bsc#1264059).
* CVE-2026-31787: xen/privcmd: fix double free via VMA splitting
(bsc#1262181).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1263931).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1263933).
* CVE-2026-43050: atm: lec: fix use-after-free in sock_def_readable()
(bsc#1264082).
* CVE-2026-43110: wifi: brcmfmac: validate bsscfg indices in IF events
(bsc#1264482).
* CVE-2026-43126: ALSA: mixer: oss: Add card disconnect checkpoints
(bsc#1264634).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264848).
* CVE-2026-43214: KVM: x86: Add SRCU protection for reading PDPTRs in
__get_sregs2() (bsc#1264651).
* CVE-2026-43329: netfilter: flowtable: strictly check for maximum number of
actions (bsc#1265085).
* CVE-2026-43334: Bluetooth: SMP: force responder MITM requirements before
building the pairing response (bsc#1265090).
* CVE-2026-43365: xfs: fix undersized l_iclog_roundoff values (bsc#1265119).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265126).
* CVE-2026-43494: net/rds: reset op_nents when zerocopy page pin fails
(bsc#1265626).
* CVE-2026-43500: supported.conf: drop rxrpc and af_kfs (bsc#1264450).
* CVE-2026-43503: net: skbuff: propagate shared-frag marker through frag-
transfer helpers (bsc#1265960).
* CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265308).

The following non security issues were fixed:

* check-for-config-changes: Exclude CC_MS_EXTENSIONS.
* check-for-config-changes: Exclude
HAVE_CFI_ICALL_NORMALIZE_INTEGERS{,_RUSTC}.
* crypto: qat - fix ring to service map for QAT GEN4 (bsc#1258248).
* crypto: qat - refactor fw config related functions (bsc#1258248).
* crypto: qat - use masks for AE groups (bsc#1258248).
* dm init: ensure device probing has finished in dm-mod.waitfor= (git-fixes).
* mkspec: Add signature to source list only when it exists.
* net/rds: reset op_nents when zerocopy page pin fails (bsc#1265626).
* net: gro: don't merge zcopy skbs (git-fixes).
* nvmet-rdma: fix possible bad dereference when freeing rsps (bsc#1260983).
* ocfs2: fix possible deadlock between unlink and dio_end_io_write
(bsc#1258718).
* ocfs2: split transactions in dio completion to avoid credit exhaustion
(bsc#1258718).
* xfrm: esp: avoid in-place decrypt on shared skb frags.

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2202=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2202=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2202=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2202=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2202=1

* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-2202=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2202=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2202=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2202=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2202=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2202=1

## Package List:

* openSUSE Leap 15.4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.219.1
* openSUSE Leap 15.4 (noarch)
* kernel-devel-5.14.21-150400.24.219.1
* kernel-source-vanilla-5.14.21-150400.24.219.1
* kernel-macros-5.14.21-150400.24.219.1
* kernel-docs-html-5.14.21-150400.24.219.1
* kernel-source-5.14.21-150400.24.219.1
* openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
* kernel-default-base-rebuild-5.14.21-150400.24.219.1.150400.24.110.2
* kernel-kvmsmall-debuginfo-5.14.21-150400.24.219.1
* kernel-kvmsmall-debugsource-5.14.21-150400.24.219.1
* kernel-default-base-5.14.21-150400.24.219.1.150400.24.110.2
* kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.219.1
* kernel-kvmsmall-devel-5.14.21-150400.24.219.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.219.1
* kernel-obs-qa-5.14.21-150400.24.219.1
* kernel-default-extra-5.14.21-150400.24.219.1
* kernel-obs-build-5.14.21-150400.24.219.1
* kernel-default-debuginfo-5.14.21-150400.24.219.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.219.1
* reiserfs-kmp-default-5.14.21-150400.24.219.1
* kernel-default-optional-debuginfo-5.14.21-150400.24.219.1
* kernel-syms-5.14.21-150400.24.219.1
* kselftests-kmp-default-5.14.21-150400.24.219.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.219.1
* ocfs2-kmp-default-5.14.21-150400.24.219.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.219.1
* gfs2-kmp-default-5.14.21-150400.24.219.1
* kernel-default-extra-debuginfo-5.14.21-150400.24.219.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.219.1
* kselftests-kmp-default-debuginfo-5.14.21-150400.24.219.1
* kernel-default-optional-5.14.21-150400.24.219.1
* kernel-default-devel-5.14.21-150400.24.219.1
* kernel-default-livepatch-5.14.21-150400.24.219.1
* cluster-md-kmp-default-5.14.21-150400.24.219.1
* kernel-obs-build-debugsource-5.14.21-150400.24.219.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.219.1
* dlm-kmp-default-5.14.21-150400.24.219.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.219.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-5.14.21-150400.24.219.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-default-livepatch-devel-5.14.21-150400.24.219.1
* kernel-livepatch-5_14_21-150400_24_219-default-debuginfo-1-150400.9.5.1
* kernel-livepatch-SLE15-SP4_Update_54-debugsource-1-150400.9.5.1
* kernel-livepatch-5_14_21-150400_24_219-default-1-150400.9.5.1
* openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-5.14.21-150400.24.219.1
* openSUSE Leap 15.4 (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.219.1
* openSUSE Leap 15.4 (s390x)
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.219.1
* kernel-zfcpdump-debugsource-5.14.21-150400.24.219.1
* openSUSE Leap 15.4 (nosrc)
* dtb-aarch64-5.14.21-150400.24.219.1
* openSUSE Leap 15.4 (aarch64)
* dtb-broadcom-5.14.21-150400.24.219.1
* dtb-lg-5.14.21-150400.24.219.1
* dtb-altera-5.14.21-150400.24.219.1
* ocfs2-kmp-64kb-5.14.21-150400.24.219.1
* dtb-xilinx-5.14.21-150400.24.219.1
* reiserfs-kmp-64kb-5.14.21-150400.24.219.1
* dtb-hisilicon-5.14.21-150400.24.219.1
* dtb-exynos-5.14.21-150400.24.219.1
* dtb-cavium-5.14.21-150400.24.219.1
* dlm-kmp-64kb-5.14.21-150400.24.219.1
* kernel-64kb-devel-5.14.21-150400.24.219.1
* dtb-amlogic-5.14.21-150400.24.219.1
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.219.1
* kernel-64kb-optional-debuginfo-5.14.21-150400.24.219.1
* dtb-apm-5.14.21-150400.24.219.1
* dtb-sprd-5.14.21-150400.24.219.1
* dtb-qcom-5.14.21-150400.24.219.1
* dlm-kmp-64kb-debuginfo-5.14.21-150400.24.219.1
* dtb-freescale-5.14.21-150400.24.219.1
* ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.219.1
* dtb-marvell-5.14.21-150400.24.219.1
* dtb-nvidia-5.14.21-150400.24.219.1
* dtb-apple-5.14.21-150400.24.219.1
* dtb-allwinner-5.14.21-150400.24.219.1
* kselftests-kmp-64kb-5.14.21-150400.24.219.1
* dtb-amd-5.14.21-150400.24.219.1
* dtb-socionext-5.14.21-150400.24.219.1
* gfs2-kmp-64kb-5.14.21-150400.24.219.1
* kernel-64kb-optional-5.14.21-150400.24.219.1
* dtb-mediatek-5.14.21-150400.24.219.1
* dtb-rockchip-5.14.21-150400.24.219.1
* cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.219.1
* kernel-64kb-debugsource-5.14.21-150400.24.219.1
* kernel-64kb-debuginfo-5.14.21-150400.24.219.1
* kernel-64kb-extra-debuginfo-5.14.21-150400.24.219.1
* dtb-renesas-5.14.21-150400.24.219.1
* kernel-64kb-extra-5.14.21-150400.24.219.1
* dtb-amazon-5.14.21-150400.24.219.1
* kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.219.1
* cluster-md-kmp-64kb-5.14.21-150400.24.219.1
* reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.219.1
* dtb-arm-5.14.21-150400.24.219.1
* gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.219.1
* openSUSE Leap 15.4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.219.1.150400.24.110.2
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.219.1
* kernel-default-debuginfo-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
* kernel-macros-5.14.21-150400.24.219.1
* kernel-source-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.219.1.150400.24.110.2
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.219.1
* kernel-default-debuginfo-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Micro 5.3 (noarch)
* kernel-macros-5.14.21-150400.24.219.1
* kernel-source-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.219.1.150400.24.110.2
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.219.1
* kernel-default-debuginfo-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
* kernel-macros-5.14.21-150400.24.219.1
* kernel-source-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
* kernel-default-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
* kernel-default-base-5.14.21-150400.24.219.1.150400.24.110.2
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.219.1
* kernel-default-debuginfo-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Micro 5.4 (noarch)
* kernel-macros-5.14.21-150400.24.219.1
* kernel-source-5.14.21-150400.24.219.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.219.1
* dlm-kmp-default-debuginfo-5.14.21-150400.24.219.1
* ocfs2-kmp-default-5.14.21-150400.24.219.1
* cluster-md-kmp-default-5.14.21-150400.24.219.1
* ocfs2-kmp-default-debuginfo-5.14.21-150400.24.219.1
* gfs2-kmp-default-5.14.21-150400.24.219.1
* gfs2-kmp-default-debuginfo-5.14.21-150400.24.219.1
* cluster-md-kmp-default-debuginfo-5.14.21-150400.24.219.1
* kernel-default-debuginfo-5.14.21-150400.24.219.1
* dlm-kmp-default-5.14.21-150400.24.219.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
* kernel-default-5.14.21-150400.24.219.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
nosrc)
* kernel-64kb-5.14.21-150400.24.219.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64)
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.219.1
* kernel-64kb-devel-5.14.21-150400.24.219.1
* kernel-64kb-debugsource-5.14.21-150400.24.219.1
* kernel-64kb-debuginfo-5.14.21-150400.24.219.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc
x86_64)
* kernel-default-5.14.21-150400.24.219.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* kernel-default-debugsource-5.14.21-150400.24.219.1
* kernel-default-devel-5.14.21-150400.24.219.1
* kernel-obs-build-debugsource-5.14.21-150400.24.219.1
* kernel-default-base-5.14.21-150400.24.219.1.150400.24.110.2
* kernel-default-devel-debuginfo-5.14.21-150400.24.219.1
* kernel-default-debuginfo-5.14.21-150400.24.219.1
* reiserfs-kmp-default-5.14.21-150400.24.219.1
* kernel-obs-build-5.14.21-150400.24.219.1
* kernel-syms-5.14.21-150400.24.219.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.219.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* kernel-macros-5.14.21-150400.24.219.1
* kernel-devel-5.14.21-150400.24.219.1
* kernel-source-5.14.21-150400.24.219.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.219.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.219.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64)
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.219.1
* kernel-64kb-devel-5.14.21-150400.24.219.1
* kernel-64kb-debugsource-5.14.21-150400.24.219.1
* kernel-64kb-debuginfo-5.14.21-150400.24.219.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc
x86_64)
* kernel-default-5.14.21-150400.24.219.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* kernel-default-debugsource-5.14.21-150400.24.219.1
* kernel-default-devel-5.14.21-150400.24.219.1
* kernel-obs-build-debugsource-5.14.21-150400.24.219.1
* kernel-default-base-5.14.21-150400.24.219.1.150400.24.110.2
* kernel-default-devel-debuginfo-5.14.21-150400.24.219.1
* kernel-default-debuginfo-5.14.21-150400.24.219.1
* reiserfs-kmp-default-5.14.21-150400.24.219.1
* kernel-obs-build-5.14.21-150400.24.219.1
* kernel-syms-5.14.21-150400.24.219.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.219.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* kernel-macros-5.14.21-150400.24.219.1
* kernel-devel-5.14.21-150400.24.219.1
* kernel-source-5.14.21-150400.24.219.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 nosrc)
* kernel-64kb-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64)
* kernel-64kb-devel-debuginfo-5.14.21-150400.24.219.1
* kernel-64kb-devel-5.14.21-150400.24.219.1
* kernel-64kb-debugsource-5.14.21-150400.24.219.1
* kernel-64kb-debuginfo-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64
nosrc)
* kernel-default-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le x86_64)
* kernel-default-base-5.14.21-150400.24.219.1.150400.24.110.2
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* kernel-default-debugsource-5.14.21-150400.24.219.1
* kernel-default-devel-5.14.21-150400.24.219.1
* kernel-obs-build-debugsource-5.14.21-150400.24.219.1
* kernel-default-devel-debuginfo-5.14.21-150400.24.219.1
* kernel-default-debuginfo-5.14.21-150400.24.219.1
* reiserfs-kmp-default-5.14.21-150400.24.219.1
* kernel-obs-build-5.14.21-150400.24.219.1
* kernel-syms-5.14.21-150400.24.219.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* kernel-macros-5.14.21-150400.24.219.1
* kernel-devel-5.14.21-150400.24.219.1
* kernel-source-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch nosrc)
* kernel-docs-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (nosrc s390x)
* kernel-zfcpdump-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (s390x)
* kernel-zfcpdump-debuginfo-5.14.21-150400.24.219.1
* kernel-zfcpdump-debugsource-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le
x86_64)
* kernel-default-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* kernel-default-debugsource-5.14.21-150400.24.219.1
* kernel-default-devel-5.14.21-150400.24.219.1
* kernel-obs-build-debugsource-5.14.21-150400.24.219.1
* kernel-default-base-5.14.21-150400.24.219.1.150400.24.110.2
* kernel-default-devel-debuginfo-5.14.21-150400.24.219.1
* kernel-default-debuginfo-5.14.21-150400.24.219.1
* reiserfs-kmp-default-5.14.21-150400.24.219.1
* kernel-obs-build-5.14.21-150400.24.219.1
* kernel-syms-5.14.21-150400.24.219.1
* reiserfs-kmp-default-debuginfo-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* kernel-macros-5.14.21-150400.24.219.1
* kernel-devel-5.14.21-150400.24.219.1
* kernel-source-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch nosrc)
* kernel-docs-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
* kernel-default-5.14.21-150400.24.219.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-default-livepatch-devel-5.14.21-150400.24.219.1
* kernel-default-debugsource-5.14.21-150400.24.219.1
* kernel-default-livepatch-5.14.21-150400.24.219.1
* kernel-livepatch-5_14_21-150400_24_219-default-debuginfo-1-150400.9.5.1
* kernel-livepatch-SLE15-SP4_Update_54-debugsource-1-150400.9.5.1
* kernel-default-debuginfo-5.14.21-150400.24.219.1
* kernel-livepatch-5_14_21-150400_24_219-default-1-150400.9.5.1

## References:

* https://www.suse.com/security/cve/CVE-2021-47103.html
* https://www.suse.com/security/cve/CVE-2023-20585.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://www.suse.com/security/cve/CVE-2026-23239.html
* https://www.suse.com/security/cve/CVE-2026-23240.html
* https://www.suse.com/security/cve/CVE-2026-23268.html
* https://www.suse.com/security/cve/CVE-2026-23269.html
* https://www.suse.com/security/cve/CVE-2026-23271.html
* https://www.suse.com/security/cve/CVE-2026-23273.html
* https://www.suse.com/security/cve/CVE-2026-23351.html
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-23403.html
* https://www.suse.com/security/cve/CVE-2026-23404.html
* https://www.suse.com/security/cve/CVE-2026-23405.html
* https://www.suse.com/security/cve/CVE-2026-23406.html
* https://www.suse.com/security/cve/CVE-2026-23407.html
* https://www.suse.com/security/cve/CVE-2026-23408.html
* https://www.suse.com/security/cve/CVE-2026-23409.html
* https://www.suse.com/security/cve/CVE-2026-23410.html
* https://www.suse.com/security/cve/CVE-2026-23411.html
* https://www.suse.com/security/cve/CVE-2026-23449.html
* https://www.suse.com/security/cve/CVE-2026-23458.html
* https://www.suse.com/security/cve/CVE-2026-23462.html
* https://www.suse.com/security/cve/CVE-2026-31402.html
* https://www.suse.com/security/cve/CVE-2026-31403.html
* https://www.suse.com/security/cve/CVE-2026-31408.html
* https://www.suse.com/security/cve/CVE-2026-31436.html
* https://www.suse.com/security/cve/CVE-2026-31504.html
* https://www.suse.com/security/cve/CVE-2026-31507.html
* https://www.suse.com/security/cve/CVE-2026-31512.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31588.html
* https://www.suse.com/security/cve/CVE-2026-31602.html
* https://www.suse.com/security/cve/CVE-2026-31607.html
* https://www.suse.com/security/cve/CVE-2026-31649.html
* https://www.suse.com/security/cve/CVE-2026-31656.html
* https://www.suse.com/security/cve/CVE-2026-31662.html
* https://www.suse.com/security/cve/CVE-2026-31669.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31694.html
* https://www.suse.com/security/cve/CVE-2026-31700.html
* https://www.suse.com/security/cve/CVE-2026-31738.html
* https://www.suse.com/security/cve/CVE-2026-31787.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43050.html
* https://www.suse.com/security/cve/CVE-2026-43110.html
* https://www.suse.com/security/cve/CVE-2026-43126.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43214.html
* https://www.suse.com/security/cve/CVE-2026-43329.html
* https://www.suse.com/security/cve/CVE-2026-43334.html
* https://www.suse.com/security/cve/CVE-2026-43365.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43500.html
* https://www.suse.com/security/cve/CVE-2026-43503.html
* https://www.suse.com/security/cve/CVE-2026-46333.html
* https://bugzilla.suse.com/show_bug.cgi?id=1221010
* https://bugzilla.suse.com/show_bug.cgi?id=1243603
* https://bugzilla.suse.com/show_bug.cgi?id=1258248
* https://bugzilla.suse.com/show_bug.cgi?id=1258518
* https://bugzilla.suse.com/show_bug.cgi?id=1258718
* https://bugzilla.suse.com/show_bug.cgi?id=1258849
* https://bugzilla.suse.com/show_bug.cgi?id=1258850
* https://bugzilla.suse.com/show_bug.cgi?id=1258854
* https://bugzilla.suse.com/show_bug.cgi?id=1258855
* https://bugzilla.suse.com/show_bug.cgi?id=1258856
* https://bugzilla.suse.com/show_bug.cgi?id=1258857
* https://bugzilla.suse.com/show_bug.cgi?id=1259484
* https://bugzilla.suse.com/show_bug.cgi?id=1259485
* https://bugzilla.suse.com/show_bug.cgi?id=1259857
* https://bugzilla.suse.com/show_bug.cgi?id=1260010
* https://bugzilla.suse.com/show_bug.cgi?id=1260018
* https://bugzilla.suse.com/show_bug.cgi?id=1260522
* https://bugzilla.suse.com/show_bug.cgi?id=1260526
* https://bugzilla.suse.com/show_bug.cgi?id=1260983
* https://bugzilla.suse.com/show_bug.cgi?id=1261287
* https://bugzilla.suse.com/show_bug.cgi?id=1261295
* https://bugzilla.suse.com/show_bug.cgi?id=1261638
* https://bugzilla.suse.com/show_bug.cgi?id=1261710
* https://bugzilla.suse.com/show_bug.cgi?id=1261779
* https://bugzilla.suse.com/show_bug.cgi?id=1261781
* https://bugzilla.suse.com/show_bug.cgi?id=1261796
* https://bugzilla.suse.com/show_bug.cgi?id=1261797
* https://bugzilla.suse.com/show_bug.cgi?id=1262179
* https://bugzilla.suse.com/show_bug.cgi?id=1262181
* https://bugzilla.suse.com/show_bug.cgi?id=1262602
* https://bugzilla.suse.com/show_bug.cgi?id=1262734
* https://bugzilla.suse.com/show_bug.cgi?id=1262758
* https://bugzilla.suse.com/show_bug.cgi?id=1263065
* https://bugzilla.suse.com/show_bug.cgi?id=1263085
* https://bugzilla.suse.com/show_bug.cgi?id=1263095
* https://bugzilla.suse.com/show_bug.cgi?id=1263131
* https://bugzilla.suse.com/show_bug.cgi?id=1263141
* https://bugzilla.suse.com/show_bug.cgi?id=1263165
* https://bugzilla.suse.com/show_bug.cgi?id=1263170
* https://bugzilla.suse.com/show_bug.cgi?id=1263176
* https://bugzilla.suse.com/show_bug.cgi?id=1263582
* https://bugzilla.suse.com/show_bug.cgi?id=1263600
* https://bugzilla.suse.com/show_bug.cgi?id=1263668
* https://bugzilla.suse.com/show_bug.cgi?id=1263723
* https://bugzilla.suse.com/show_bug.cgi?id=1263882
* https://bugzilla.suse.com/show_bug.cgi?id=1263901
* https://bugzilla.suse.com/show_bug.cgi?id=1263931
* https://bugzilla.suse.com/show_bug.cgi?id=1263933
* https://bugzilla.suse.com/show_bug.cgi?id=1264059
* https://bugzilla.suse.com/show_bug.cgi?id=1264082
* https://bugzilla.suse.com/show_bug.cgi?id=1264450
* https://bugzilla.suse.com/show_bug.cgi?id=1264482
* https://bugzilla.suse.com/show_bug.cgi?id=1264634
* https://bugzilla.suse.com/show_bug.cgi?id=1264651
* https://bugzilla.suse.com/show_bug.cgi?id=1264848
* https://bugzilla.suse.com/show_bug.cgi?id=1265085
* https://bugzilla.suse.com/show_bug.cgi?id=1265090
* https://bugzilla.suse.com/show_bug.cgi?id=1265119
* https://bugzilla.suse.com/show_bug.cgi?id=1265126
* https://bugzilla.suse.com/show_bug.cgi?id=1265308
* https://bugzilla.suse.com/show_bug.cgi?id=1265456
* https://bugzilla.suse.com/show_bug.cgi?id=1265626
* https://bugzilla.suse.com/show_bug.cgi?id=1265960

SUSE-SU-2026:2200-1: important: Security update for the Linux Kernel (Live Patch 22 for SUSE Linux Enterprise 15 SP6)

# Security update for the Linux Kernel (Live Patch 22 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:2200-1
Release Date: 2026-06-01T10:07:50Z
Rating: important
References:

* bsc#1264096
* bsc#1265224
* bsc#1265384

Cross-References:

* CVE-2025-54518
* CVE-2026-46300
* CVE-2026-46333

CVSS scores:

* CVE-2025-54518 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-54518 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-54518 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-46300 ( SUSE ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46300 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46333 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 12-SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.95 fixes
various security issues

The following security issues were fixed:

* CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
* CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit
(bsc#1265224).
* CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 12-SP5
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-2200=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2205=1 SUSE-2026-2198=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-2198=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2026-2205=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2201=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2201=1

## Package List:

* SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
* kgraft-patch-4_12_14-122_302-default-3-2.1
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_37-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_149-default-debuginfo-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_149-default-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_38-debugsource-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_144-default-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_144-default-debuginfo-4-150500.2.1
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_37-debugsource-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_149-default-debuginfo-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_149-default-3-150500.2.1
* kernel-livepatch-SLE15-SP5_Update_38-debugsource-3-150500.2.1
* kernel-livepatch-5_14_21-150500_55_144-default-4-150500.2.1
* kernel-livepatch-5_14_21-150500_55_144-default-debuginfo-4-150500.2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_95-default-debuginfo-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_95-default-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_22-debugsource-4-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_95-default-debuginfo-4-150600.2.1
* kernel-livepatch-6_4_0-150600_23_95-default-4-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_22-debugsource-4-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-54518.html
* https://www.suse.com/security/cve/CVE-2026-46300.html
* https://www.suse.com/security/cve/CVE-2026-46333.html
* https://bugzilla.suse.com/show_bug.cgi?id=1264096
* https://bugzilla.suse.com/show_bug.cgi?id=1265224
* https://bugzilla.suse.com/show_bug.cgi?id=1265384

SUSE-SU-2026:2204-1: important: Security update for busybox

# Security update for busybox

Announcement ID: SUSE-SU-2026:2204-1
Release Date: 2026-06-01T10:04:56Z
Rating: important
References:

* bsc#1263989

Cross-References:

* CVE-2026-29004

CVSS scores:

* CVE-2026-29004 ( SUSE ): 7.2
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-29004 ( SUSE ): 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-29004 ( NVD ): 7.2
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-29004 ( NVD ): 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves one vulnerability can now be installed.

## Description:

This update for busybox fixes the following issue

* CVE-2026-29004: a crafted DHCPv6 response can lead to a heap buffer overflow
in the DHCPv6 client (bsc#1263989).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2204=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2204=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2204=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2204=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2204=1

## Package List:

* openSUSE Leap 15.4 (noarch)
* busybox-net-tools-1.35.0-150400.4.7.1
* busybox-gzip-1.35.0-150400.4.7.1
* busybox-tar-1.35.0-150400.4.7.1
* busybox-adduser-1.35.0-150400.4.7.1
* busybox-diffutils-1.35.0-150400.4.7.1
* busybox-sendmail-1.35.0-150400.4.7.1
* busybox-patch-1.35.0-150400.4.7.1
* busybox-sh-1.35.0-150400.4.7.1
* busybox-iputils-1.35.0-150400.4.7.1
* busybox-misc-1.35.0-150400.4.7.1
* busybox-ncurses-utils-1.35.0-150400.4.7.1
* busybox-less-1.35.0-150400.4.7.1
* busybox-syslogd-1.35.0-150400.4.7.1
* busybox-dos2unix-1.35.0-150400.4.7.1
* busybox-sysvinit-tools-1.35.0-150400.4.7.1
* busybox-telnet-1.35.0-150400.4.7.1
* busybox-vlan-1.35.0-150400.4.7.1
* busybox-man-1.35.0-150400.4.7.1
* busybox-vi-1.35.0-150400.4.7.1
* busybox-gawk-1.35.0-150400.4.7.1
* busybox-util-linux-1.35.0-150400.4.7.1
* busybox-findutils-1.35.0-150400.4.7.1
* busybox-kbd-1.35.0-150400.4.7.1
* busybox-xz-1.35.0-150400.4.7.1
* busybox-grep-1.35.0-150400.4.7.1
* busybox-links-1.35.0-150400.4.7.1
* busybox-hostname-1.35.0-150400.4.7.1
* busybox-psmisc-1.35.0-150400.4.7.1
* busybox-time-1.35.0-150400.4.7.1
* busybox-netcat-1.35.0-150400.4.7.1
* busybox-procps-1.35.0-150400.4.7.1
* busybox-unzip-1.35.0-150400.4.7.1
* busybox-bc-1.35.0-150400.4.7.1
* busybox-policycoreutils-1.35.0-150400.4.7.1
* busybox-bzip2-1.35.0-150400.4.7.1
* busybox-bind-utils-1.35.0-150400.4.7.1
* busybox-coreutils-1.35.0-150400.4.7.1
* busybox-tunctl-1.35.0-150400.4.7.1
* busybox-attr-1.35.0-150400.4.7.1
* busybox-selinux-tools-1.35.0-150400.4.7.1
* busybox-traceroute-1.35.0-150400.4.7.1
* busybox-cpio-1.35.0-150400.4.7.1
* busybox-which-1.35.0-150400.4.7.1
* busybox-sharutils-1.35.0-150400.4.7.1
* busybox-whois-1.35.0-150400.4.7.1
* busybox-kmod-1.35.0-150400.4.7.1
* busybox-wget-1.35.0-150400.4.7.1
* busybox-iproute2-1.35.0-150400.4.7.1
* busybox-ed-1.35.0-150400.4.7.1
* busybox-sed-1.35.0-150400.4.7.1
* busybox-tftp-1.35.0-150400.4.7.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* busybox-testsuite-1.35.0-150400.3.17.1
* busybox-1.35.0-150400.3.17.1
* busybox-static-1.35.0-150400.3.17.1
* openSUSE Leap 15.4 (aarch64 x86_64 i586)
* busybox-warewulf3-1.35.0-150400.3.17.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* busybox-1.35.0-150400.3.17.1
* busybox-static-1.35.0-150400.3.17.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* busybox-1.35.0-150400.3.17.1
* busybox-static-1.35.0-150400.3.17.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* busybox-1.35.0-150400.3.17.1
* busybox-static-1.35.0-150400.3.17.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* busybox-1.35.0-150400.3.17.1
* busybox-static-1.35.0-150400.3.17.1

## References:

* https://www.suse.com/security/cve/CVE-2026-29004.html
* https://bugzilla.suse.com/show_bug.cgi?id=1263989

SUSE-SU-2026:2199-1: important: Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise 15 SP6)

# Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:2199-1
Release Date: 2026-06-01T08:34:21Z
Rating: important
References:

* bsc#1259798
* bsc#1260563
* bsc#1260908
* bsc#1264096
* bsc#1265224
* bsc#1265384

Cross-References:

* CVE-2025-54518
* CVE-2026-23243
* CVE-2026-23274
* CVE-2026-23317
* CVE-2026-46300
* CVE-2026-46333

CVSS scores:

* CVE-2025-54518 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-54518 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-54518 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-23243 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23317 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23317 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46300 ( SUSE ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46300 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46333 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves six vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.78 fixes
various security issues

The following security issues were fixed:

* CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
* CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write
(bsc#1259798).
* CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer
labels (bsc#1260908).
* CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr
functions (bsc#1260563).
* CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit
(bsc#1265224).
* CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2199=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2199=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_78-default-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_17-debugsource-7-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_78-default-7-150600.2.1
* kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-7-150600.2.1
* kernel-livepatch-SLE15-SP6_Update_17-debugsource-7-150600.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-54518.html
* https://www.suse.com/security/cve/CVE-2026-23243.html
* https://www.suse.com/security/cve/CVE-2026-23274.html
* https://www.suse.com/security/cve/CVE-2026-23317.html
* https://www.suse.com/security/cve/CVE-2026-46300.html
* https://www.suse.com/security/cve/CVE-2026-46333.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259798
* https://bugzilla.suse.com/show_bug.cgi?id=1260563
* https://bugzilla.suse.com/show_bug.cgi?id=1260908
* https://bugzilla.suse.com/show_bug.cgi?id=1264096
* https://bugzilla.suse.com/show_bug.cgi?id=1265224
* https://bugzilla.suse.com/show_bug.cgi?id=1265384

openSUSE-SU-2026:20852-1: important: Security update for roundcubemail

openSUSE security update: security update for roundcubemail
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20852-1
Rating: important
References:

* bsc#1266329
* bsc#1266331
* bsc#1266332
* bsc#1266333
* bsc#1266334
* bsc#1266335
* bsc#1266336
* bsc#1266337

Cross-References:

* CVE-2026-48842
* CVE-2026-48843
* CVE-2026-48844
* CVE-2026-48845
* CVE-2026-48846
* CVE-2026-48847
* CVE-2026-48848
* CVE-2026-48849

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 8 vulnerabilities and has 8 bug fixes can now be installed.

Description:

This update for roundcubemail fixes the following issues:

Changes in roundcubemail:

- update to 1.6.16
+ Fix potential too long value in IMAP ID command (#10136)
+ Security: Fix stored XSS/HTML/CSS injection in subject field of the draft restore dialog [CVE-2026-48849] [bsc#1266337]
+ Security: Fix CSS injection bypass in HTML sanitizer via SVG 'animate attributeName="style"' [CVE-2026-48848] [bsc#1266336]
+ Security: Fix pre-auth SQL injection in virtuser_query plugin via preg_replace backslash escape bypass [CVE-2026-48842] [bsc#1266329]
+ Security: Fix SSRF bypass via specific local address URLs [CVE-2026-48843] [bsc#1266331]
+ Security: Fix bypass of remote image blocking via CSS var() [CVE-2026-48846] [bsc#1266334]
+ Security: Fix local/private URL fetch bypass when remote resources were not allowed [CVE-2026-48845] [bsc#1266333]
+ Security: Fix pre-auth arbitrary file delete via redis/memcache session poisoning bypass [CVE-2026-48847] [bsc#1266335]
+ Security: Fix code injection vulnerability - remove support for code evaluation in LDAP autovalues option [CVE-2026-48844] [bsc#1266332]

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-282=1

Package List:

- openSUSE Leap 16.0:

roundcubemail-1.6.16-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-48842.html
* https://www.suse.com/security/cve/CVE-2026-48843.html
* https://www.suse.com/security/cve/CVE-2026-48844.html
* https://www.suse.com/security/cve/CVE-2026-48845.html
* https://www.suse.com/security/cve/CVE-2026-48846.html
* https://www.suse.com/security/cve/CVE-2026-48847.html
* https://www.suse.com/security/cve/CVE-2026-48848.html
* https://www.suse.com/security/cve/CVE-2026-48849.html

openSUSE-SU-2026:20849-1: important: Security update for chromium

openSUSE security update: security update for chromium
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20849-1
Rating: important
References:

* bsc#1266471

Cross-References:

* CVE-2026-10000
* CVE-2026-10001
* CVE-2026-10002
* CVE-2026-10003
* CVE-2026-10004
* CVE-2026-10005
* CVE-2026-10006
* CVE-2026-10007
* CVE-2026-10008
* CVE-2026-10009
* CVE-2026-10010
* CVE-2026-10011
* CVE-2026-10012
* CVE-2026-10013
* CVE-2026-10014
* CVE-2026-10015
* CVE-2026-10016
* CVE-2026-10017
* CVE-2026-10018
* CVE-2026-10019
* CVE-2026-10020
* CVE-2026-10021
* CVE-2026-10022
* CVE-2026-9872
* CVE-2026-9873
* CVE-2026-9874
* CVE-2026-9875
* CVE-2026-9876
* CVE-2026-9877
* CVE-2026-9878
* CVE-2026-9879
* CVE-2026-9880
* CVE-2026-9881
* CVE-2026-9882
* CVE-2026-9883
* CVE-2026-9884
* CVE-2026-9885
* CVE-2026-9886
* CVE-2026-9887
* CVE-2026-9888
* CVE-2026-9889
* CVE-2026-9890
* CVE-2026-9891
* CVE-2026-9892
* CVE-2026-9893
* CVE-2026-9894
* CVE-2026-9895
* CVE-2026-9896
* CVE-2026-9897
* CVE-2026-9898
* CVE-2026-9899
* CVE-2026-9900
* CVE-2026-9901
* CVE-2026-9902
* CVE-2026-9903
* CVE-2026-9904
* CVE-2026-9905
* CVE-2026-9906
* CVE-2026-9907
* CVE-2026-9908
* CVE-2026-9909
* CVE-2026-9910
* CVE-2026-9911
* CVE-2026-9912
* CVE-2026-9913
* CVE-2026-9914
* CVE-2026-9915
* CVE-2026-9916
* CVE-2026-9917
* CVE-2026-9918
* CVE-2026-9919
* CVE-2026-9920
* CVE-2026-9921
* CVE-2026-9922
* CVE-2026-9923
* CVE-2026-9924
* CVE-2026-9925
* CVE-2026-9926
* CVE-2026-9927
* CVE-2026-9928
* CVE-2026-9929
* CVE-2026-9930
* CVE-2026-9931
* CVE-2026-9932
* CVE-2026-9933
* CVE-2026-9934
* CVE-2026-9935
* CVE-2026-9936
* CVE-2026-9937
* CVE-2026-9938
* CVE-2026-9939
* CVE-2026-9940
* CVE-2026-9941
* CVE-2026-9942
* CVE-2026-9943
* CVE-2026-9944
* CVE-2026-9945
* CVE-2026-9946
* CVE-2026-9947
* CVE-2026-9948
* CVE-2026-9949
* CVE-2026-9950
* CVE-2026-9951
* CVE-2026-9952
* CVE-2026-9953
* CVE-2026-9954
* CVE-2026-9955
* CVE-2026-9956
* CVE-2026-9957
* CVE-2026-9958
* CVE-2026-9959
* CVE-2026-9960
* CVE-2026-9961
* CVE-2026-9962
* CVE-2026-9963
* CVE-2026-9964
* CVE-2026-9965
* CVE-2026-9966
* CVE-2026-9967
* CVE-2026-9968
* CVE-2026-9969
* CVE-2026-9970
* CVE-2026-9971
* CVE-2026-9972
* CVE-2026-9973
* CVE-2026-9974
* CVE-2026-9975
* CVE-2026-9976
* CVE-2026-9977
* CVE-2026-9978
* CVE-2026-9979
* CVE-2026-9980
* CVE-2026-9981
* CVE-2026-9982
* CVE-2026-9983
* CVE-2026-9984
* CVE-2026-9985
* CVE-2026-9986
* CVE-2026-9987
* CVE-2026-9988
* CVE-2026-9989
* CVE-2026-9990
* CVE-2026-9991
* CVE-2026-9992
* CVE-2026-9993
* CVE-2026-9994
* CVE-2026-9995
* CVE-2026-9996
* CVE-2026-9997
* CVE-2026-9998
* CVE-2026-9999

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 151 vulnerabilities and has one bug fix can now be installed.

Description:

This update for chromium fixes the following issues:

Changes in chromium:

- Chromium 148.0.7778.215 (boo#1266471):
* CVE-2026-9872: Out of bounds write in GPU
* CVE-2026-9873: Use after free in Network
* CVE-2026-9874: Use after free in Dawn
* CVE-2026-9875: Out of bounds read in WebGL
* CVE-2026-9876: Use after free in WebGL
* CVE-2026-9877: Use after free in ANGLE
* CVE-2026-9878: Use after free in ANGLE
* CVE-2026-9879: Out of bounds write in ANGLE
* CVE-2026-9880: Insufficient validation of untrusted input in WebGL
* CVE-2026-9881: Use after free in Bluetooth
* CVE-2026-9882: Integer overflow in ANGLE
* CVE-2026-9883: Use after free in Base
* CVE-2026-9884: Use after free in Browser
* CVE-2026-9885: Insufficient validation of untrusted input in UI
* CVE-2026-9886: Use after free in Base
* CVE-2026-9887: Use after free in Proxy
* CVE-2026-9888: Use after free in WebView
* CVE-2026-9889: Out of bounds read and write in Dawn
* CVE-2026-9890: Use after free in XR
* CVE-2026-9891: Use after free in Extensions
* CVE-2026-9892: Inappropriate implementation in Skia
* CVE-2026-9893: Use after free in Skia
* CVE-2026-9894: Use after free in GPU
* CVE-2026-9895: Out of bounds read in GPU
* CVE-2026-9896: Out of bounds write in V8
* CVE-2026-9897: Use after free in DOM
* CVE-2026-9898: Insufficient validation of untrusted input in GPU
* CVE-2026-9899: Use after free in ANGLE
* CVE-2026-9900: Out of bounds write in ANGLE
* CVE-2026-9901: Use after free in ANGLE
* CVE-2026-9902: Use after free in Accessibility
* CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation
* CVE-2026-9904: Use after free in ANGLE
* CVE-2026-9905: Use after free in Accessibility
* CVE-2026-9906: Out of bounds write in GPU
* CVE-2026-9907: Out of bounds read in Dawn
* CVE-2026-9908: Out of bounds read in ANGLE
* CVE-2026-9909: Integer overflow in Skia
* CVE-2026-9910: Out of bounds memory access in ANGLE
* CVE-2026-9911: Integer overflow in ANGLE
* CVE-2026-9912: Inappropriate implementation in GPU
* CVE-2026-9913: Inappropriate implementation in ANGLE
* CVE-2026-9914: Insufficient validation of untrusted input in ANGLE
* CVE-2026-9915: Heap buffer overflow in ANGLE
* CVE-2026-9916: Out of bounds write in ANGLE
* CVE-2026-9917: Uninitialized Use in WebGL
* CVE-2026-9918: Inappropriate implementation in Tint
* CVE-2026-9919: Out of bounds read in WebGL
* CVE-2026-9920: Uninitialized Use in GPU
* CVE-2026-9921: Uninitialized Use in WebGL
* CVE-2026-9922: Use after free in GPU
* CVE-2026-9923: Use after free in Skia
* CVE-2026-9924: Heap buffer overflow in ANGLE
* CVE-2026-9925: Use after free in ANGLE
* CVE-2026-9926: Heap buffer overflow in ANGLE
* CVE-2026-9927: Use after free in ANGLE
* CVE-2026-9928: Out of bounds read in ANGLE
* CVE-2026-9929: Inappropriate implementation in WebGL
* CVE-2026-9930: Out of bounds write in Dawn
* CVE-2026-9931: Use after free in GPU
* CVE-2026-9932: Use after free in ANGLE
* CVE-2026-9933: Use after free in Input
* CVE-2026-9934: Use after free in Aura
* CVE-2026-9935: Uninitialized Use in ANGLE
* CVE-2026-9936: Use after free in GFX
* CVE-2026-9937: Use after free in UI
* CVE-2026-9938: Inappropriate implementation in V8
* CVE-2026-9939: Heap buffer overflow in WebCodecs
* CVE-2026-9940: Heap buffer overflow in ANGLE
* CVE-2026-9941: Use after free in ANGLE
* CVE-2026-9942: Uninitialized Use in ANGLE
* CVE-2026-9943: Out of bounds read in WebGL
* CVE-2026-9944: Uninitialized Use in ANGLE
* CVE-2026-9945: Use after free in Media
* CVE-2026-9946: Use after free in ANGLE
* CVE-2026-9947: Use after free in XML
* CVE-2026-9948: Use after free in Views
* CVE-2026-9949: Use after free in Core
* CVE-2026-9950: Insufficient validation of untrusted input in iOS
* CVE-2026-9951: Use after free in UI
* CVE-2026-9952: Use after free in WebAudio
* CVE-2026-9953: Out of bounds read in ANGLE
* CVE-2026-9954: Use after free in TabStrip
* CVE-2026-9955: Inappropriate implementation in iOS
* CVE-2026-9956: Use after free in iOS
* CVE-2026-9957: Use after free in PDF
* CVE-2026-9958: Use after free in PDFium
* CVE-2026-9959: Race in WebRTC
* CVE-2026-9960: Integer overflow in PDFium
* CVE-2026-9961: Use after free in SurfaceCapture
* CVE-2026-9962: Use after free in WebRTC
* CVE-2026-9963: Uninitialized Use in iOS
* CVE-2026-9964: Use after free in Bluetooth
* CVE-2026-9965: Out of bounds write in ANGLE
* CVE-2026-9966: Integer overflow in XML
* CVE-2026-9967: Out of bounds write in GPU
* CVE-2026-9968: Integer overflow in V8
* CVE-2026-9969: Insufficient validation of untrusted input in ANGLE
* CVE-2026-9970: Use after free in WebGL
* CVE-2026-9971: Inappropriate implementation in iOS
* CVE-2026-9972: Uninitialized Use in Gamepad
* CVE-2026-9973: Out of bounds write in V8
* CVE-2026-9974: Out of bounds write in GPU
* CVE-2026-9975: Out of bounds read and write in ANGLE
* CVE-2026-9976: Inappropriate implementation in USB
* CVE-2026-9977: Insufficient validation of untrusted input in WebShare
* CVE-2026-9978: Use after free in Glic
* CVE-2026-9979: Insufficient validation of untrusted input in Input
* CVE-2026-9980: Insufficient validation of untrusted input in Printing
* CVE-2026-9981: Inappropriate implementation in Skia
* CVE-2026-9982: Insufficient validation of untrusted input in ANGLE
* CVE-2026-9983: Type Confusion in Skia
* CVE-2026-9984: Use after free in UI
* CVE-2026-9985: Insufficient validation of untrusted input in Media
* CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide
* CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls
* CVE-2026-9988: Use after free in WebRTC
* CVE-2026-9989: Inappropriate implementation in Media
* CVE-2026-9990: Use after free in WebAppInstalls
* CVE-2026-9991: Inappropriate implementation in Media
* CVE-2026-9992: Use after free in Network
* CVE-2026-9993: Use after free in Views
* CVE-2026-9994: Use after free in Core
* CVE-2026-9995: Use after free in WebXR
* CVE-2026-9996: Out of bounds read in WebRTC
* CVE-2026-9997: Use after free in Input
* CVE-2026-9998: Integer overflow in Skia
* CVE-2026-9999: Inappropriate implementation in ANGLE
* CVE-2026-10000: Use after free in Passwords
* CVE-2026-10001: Use after free in PerformanceManager
* CVE-2026-10002: Use after free in PDFium
* CVE-2026-10003: Use after free in Views
* CVE-2026-10004: Insufficient validation of untrusted input in Passwords
* CVE-2026-10005: Use after free in WebAppInstalls
* CVE-2026-10006: Race in WebAudio
* CVE-2026-10007: Use after free in SVG
* CVE-2026-10008: Uninitialized Use in GPU
* CVE-2026-10009: Integer overflow in Skia
* CVE-2026-10010: Inappropriate implementation in Input
* CVE-2026-10011: Inappropriate implementation in Skia
* CVE-2026-10012: Use after free in Skia
* CVE-2026-10013: Use after free in WebCodecs
* CVE-2026-10014: Use after free in WebMIDI
* CVE-2026-10015: Integer overflow in WTF
* CVE-2026-10016: Use after free in DOM
* CVE-2026-10017: Out of bounds read in Headless
* CVE-2026-10018: Integer overflow in ANGLE
* CVE-2026-10019: Integer overflow in ANGLE
* CVE-2026-10020: Insufficient validation of untrusted input in Skia
* CVE-2026-10021: Insufficient validation of untrusted input in USB
* CVE-2026-10022: Type Confusion in V8

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-279=1

Package List:

- openSUSE Leap 16.0:

chromedriver-148.0.7778.215-bp160.1.1
chromium-148.0.7778.215-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-10000.html
* https://www.suse.com/security/cve/CVE-2026-10001.html
* https://www.suse.com/security/cve/CVE-2026-10002.html
* https://www.suse.com/security/cve/CVE-2026-10003.html
* https://www.suse.com/security/cve/CVE-2026-10004.html
* https://www.suse.com/security/cve/CVE-2026-10005.html
* https://www.suse.com/security/cve/CVE-2026-10006.html
* https://www.suse.com/security/cve/CVE-2026-10007.html
* https://www.suse.com/security/cve/CVE-2026-10008.html
* https://www.suse.com/security/cve/CVE-2026-10009.html
* https://www.suse.com/security/cve/CVE-2026-10010.html
* https://www.suse.com/security/cve/CVE-2026-10011.html
* https://www.suse.com/security/cve/CVE-2026-10012.html
* https://www.suse.com/security/cve/CVE-2026-10013.html
* https://www.suse.com/security/cve/CVE-2026-10014.html
* https://www.suse.com/security/cve/CVE-2026-10015.html
* https://www.suse.com/security/cve/CVE-2026-10016.html
* https://www.suse.com/security/cve/CVE-2026-10017.html
* https://www.suse.com/security/cve/CVE-2026-10018.html
* https://www.suse.com/security/cve/CVE-2026-10019.html
* https://www.suse.com/security/cve/CVE-2026-10020.html
* https://www.suse.com/security/cve/CVE-2026-10021.html
* https://www.suse.com/security/cve/CVE-2026-10022.html
* https://www.suse.com/security/cve/CVE-2026-9872.html
* https://www.suse.com/security/cve/CVE-2026-9873.html
* https://www.suse.com/security/cve/CVE-2026-9874.html
* https://www.suse.com/security/cve/CVE-2026-9875.html
* https://www.suse.com/security/cve/CVE-2026-9876.html
* https://www.suse.com/security/cve/CVE-2026-9877.html
* https://www.suse.com/security/cve/CVE-2026-9878.html
* https://www.suse.com/security/cve/CVE-2026-9879.html
* https://www.suse.com/security/cve/CVE-2026-9880.html
* https://www.suse.com/security/cve/CVE-2026-9881.html
* https://www.suse.com/security/cve/CVE-2026-9882.html
* https://www.suse.com/security/cve/CVE-2026-9883.html
* https://www.suse.com/security/cve/CVE-2026-9884.html
* https://www.suse.com/security/cve/CVE-2026-9885.html
* https://www.suse.com/security/cve/CVE-2026-9886.html
* https://www.suse.com/security/cve/CVE-2026-9887.html
* https://www.suse.com/security/cve/CVE-2026-9888.html
* https://www.suse.com/security/cve/CVE-2026-9889.html
* https://www.suse.com/security/cve/CVE-2026-9890.html
* https://www.suse.com/security/cve/CVE-2026-9891.html
* https://www.suse.com/security/cve/CVE-2026-9892.html
* https://www.suse.com/security/cve/CVE-2026-9893.html
* https://www.suse.com/security/cve/CVE-2026-9894.html
* https://www.suse.com/security/cve/CVE-2026-9895.html
* https://www.suse.com/security/cve/CVE-2026-9896.html
* https://www.suse.com/security/cve/CVE-2026-9897.html
* https://www.suse.com/security/cve/CVE-2026-9898.html
* https://www.suse.com/security/cve/CVE-2026-9899.html
* https://www.suse.com/security/cve/CVE-2026-9900.html
* https://www.suse.com/security/cve/CVE-2026-9901.html
* https://www.suse.com/security/cve/CVE-2026-9902.html
* https://www.suse.com/security/cve/CVE-2026-9903.html
* https://www.suse.com/security/cve/CVE-2026-9904.html
* https://www.suse.com/security/cve/CVE-2026-9905.html
* https://www.suse.com/security/cve/CVE-2026-9906.html
* https://www.suse.com/security/cve/CVE-2026-9907.html
* https://www.suse.com/security/cve/CVE-2026-9908.html
* https://www.suse.com/security/cve/CVE-2026-9909.html
* https://www.suse.com/security/cve/CVE-2026-9910.html
* https://www.suse.com/security/cve/CVE-2026-9911.html
* https://www.suse.com/security/cve/CVE-2026-9912.html
* https://www.suse.com/security/cve/CVE-2026-9913.html
* https://www.suse.com/security/cve/CVE-2026-9914.html
* https://www.suse.com/security/cve/CVE-2026-9915.html
* https://www.suse.com/security/cve/CVE-2026-9916.html
* https://www.suse.com/security/cve/CVE-2026-9917.html
* https://www.suse.com/security/cve/CVE-2026-9918.html
* https://www.suse.com/security/cve/CVE-2026-9919.html
* https://www.suse.com/security/cve/CVE-2026-9920.html
* https://www.suse.com/security/cve/CVE-2026-9921.html
* https://www.suse.com/security/cve/CVE-2026-9922.html
* https://www.suse.com/security/cve/CVE-2026-9923.html
* https://www.suse.com/security/cve/CVE-2026-9924.html
* https://www.suse.com/security/cve/CVE-2026-9925.html
* https://www.suse.com/security/cve/CVE-2026-9926.html
* https://www.suse.com/security/cve/CVE-2026-9927.html
* https://www.suse.com/security/cve/CVE-2026-9928.html
* https://www.suse.com/security/cve/CVE-2026-9929.html
* https://www.suse.com/security/cve/CVE-2026-9930.html
* https://www.suse.com/security/cve/CVE-2026-9931.html
* https://www.suse.com/security/cve/CVE-2026-9932.html
* https://www.suse.com/security/cve/CVE-2026-9933.html
* https://www.suse.com/security/cve/CVE-2026-9934.html
* https://www.suse.com/security/cve/CVE-2026-9935.html
* https://www.suse.com/security/cve/CVE-2026-9936.html
* https://www.suse.com/security/cve/CVE-2026-9937.html
* https://www.suse.com/security/cve/CVE-2026-9938.html
* https://www.suse.com/security/cve/CVE-2026-9939.html
* https://www.suse.com/security/cve/CVE-2026-9940.html
* https://www.suse.com/security/cve/CVE-2026-9941.html
* https://www.suse.com/security/cve/CVE-2026-9942.html
* https://www.suse.com/security/cve/CVE-2026-9943.html
* https://www.suse.com/security/cve/CVE-2026-9944.html
* https://www.suse.com/security/cve/CVE-2026-9945.html
* https://www.suse.com/security/cve/CVE-2026-9946.html
* https://www.suse.com/security/cve/CVE-2026-9947.html
* https://www.suse.com/security/cve/CVE-2026-9948.html
* https://www.suse.com/security/cve/CVE-2026-9949.html
* https://www.suse.com/security/cve/CVE-2026-9950.html
* https://www.suse.com/security/cve/CVE-2026-9951.html
* https://www.suse.com/security/cve/CVE-2026-9952.html
* https://www.suse.com/security/cve/CVE-2026-9953.html
* https://www.suse.com/security/cve/CVE-2026-9954.html
* https://www.suse.com/security/cve/CVE-2026-9955.html
* https://www.suse.com/security/cve/CVE-2026-9956.html
* https://www.suse.com/security/cve/CVE-2026-9957.html
* https://www.suse.com/security/cve/CVE-2026-9958.html
* https://www.suse.com/security/cve/CVE-2026-9959.html
* https://www.suse.com/security/cve/CVE-2026-9960.html
* https://www.suse.com/security/cve/CVE-2026-9961.html
* https://www.suse.com/security/cve/CVE-2026-9962.html
* https://www.suse.com/security/cve/CVE-2026-9963.html
* https://www.suse.com/security/cve/CVE-2026-9964.html
* https://www.suse.com/security/cve/CVE-2026-9965.html
* https://www.suse.com/security/cve/CVE-2026-9966.html
* https://www.suse.com/security/cve/CVE-2026-9967.html
* https://www.suse.com/security/cve/CVE-2026-9968.html
* https://www.suse.com/security/cve/CVE-2026-9969.html
* https://www.suse.com/security/cve/CVE-2026-9970.html
* https://www.suse.com/security/cve/CVE-2026-9971.html
* https://www.suse.com/security/cve/CVE-2026-9972.html
* https://www.suse.com/security/cve/CVE-2026-9973.html
* https://www.suse.com/security/cve/CVE-2026-9974.html
* https://www.suse.com/security/cve/CVE-2026-9975.html
* https://www.suse.com/security/cve/CVE-2026-9976.html
* https://www.suse.com/security/cve/CVE-2026-9977.html
* https://www.suse.com/security/cve/CVE-2026-9978.html
* https://www.suse.com/security/cve/CVE-2026-9979.html
* https://www.suse.com/security/cve/CVE-2026-9980.html
* https://www.suse.com/security/cve/CVE-2026-9981.html
* https://www.suse.com/security/cve/CVE-2026-9982.html
* https://www.suse.com/security/cve/CVE-2026-9983.html
* https://www.suse.com/security/cve/CVE-2026-9984.html
* https://www.suse.com/security/cve/CVE-2026-9985.html
* https://www.suse.com/security/cve/CVE-2026-9986.html
* https://www.suse.com/security/cve/CVE-2026-9987.html
* https://www.suse.com/security/cve/CVE-2026-9988.html
* https://www.suse.com/security/cve/CVE-2026-9989.html
* https://www.suse.com/security/cve/CVE-2026-9990.html
* https://www.suse.com/security/cve/CVE-2026-9991.html
* https://www.suse.com/security/cve/CVE-2026-9992.html
* https://www.suse.com/security/cve/CVE-2026-9993.html
* https://www.suse.com/security/cve/CVE-2026-9994.html
* https://www.suse.com/security/cve/CVE-2026-9995.html
* https://www.suse.com/security/cve/CVE-2026-9996.html
* https://www.suse.com/security/cve/CVE-2026-9997.html
* https://www.suse.com/security/cve/CVE-2026-9998.html
* https://www.suse.com/security/cve/CVE-2026-9999.html

openSUSE-SU-2026:20842-1: important: Security update for openjpeg2

openSUSE security update: security update for openjpeg2
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20842-1
Rating: important
References:

* bsc#1247650

Cross-References:

* CVE-2025-54874

CVSS scores:

* CVE-2025-54874 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-54874 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for openjpeg2 fixes the following issue

- CVE-2025-54874: openjpeg: missing error check can lead to the use of an uninitialized pointer and cause an out-of-
bounds heap memory write (bsc#1247650).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-823=1

Package List:

- openSUSE Leap 16.0:

libopenjp2-7-2.5.3-160000.4.1
libopenjp2-7-x86-64-v3-2.5.3-160000.4.1
openjpeg2-2.5.3-160000.4.1
openjpeg2-devel-2.5.3-160000.4.1
openjpeg2-devel-doc-2.5.3-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2025-54874.html

openSUSE-SU-2026:20846-1: important: Security update for python-python-multipart

openSUSE security update: security update for python-python-multipart
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20846-1
Rating: important
References:

* bsc#1262403
* bsc#1265250

Cross-References:

* CVE-2026-40347
* CVE-2026-42561

CVSS scores:

* CVE-2026-40347 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-40347 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-42561 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for python-python-multipart fixes the following issues

- CVE-2026-40347: crafted `multipart/form-data` can cause a denial of service (bsc#1262403).
- CVE-2026-42561: denial of service vulnerability in multipart part header parsing (bsc#1265250).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-827=1

Package List:

- openSUSE Leap 16.0:

python313-python-multipart-0.0.20-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2026-40347.html
* https://www.suse.com/security/cve/CVE-2026-42561.html

openSUSE-SU-2026:20851-1: important: Security update for putty

openSUSE security update: security update for putty
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20851-1
Rating: important

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves various issues can now be installed.

Description:

This update for putty fixes the following issues:

Changes in putty:

- Update to release 0.84
* Fixed a remotely triggerable double-free in RSA key exchange.
* Fixed a remotely triggerable crash (assertion failure - program
termination) in NIST ECDSA signature verification.
* Fixed marking of Telnet and Rlogin session data with a trust
sigil after you authenticated to a proxy (possibly allowing a
server to spoof a repeat proxy password prompt).
* New ability to run a specified command before starting the
connection, e.g. to perform wake-on-LAN or a port knock.
* Display 'pre-edit text', showing the progress of using multiple
keystrokes to compose a single Unicode character.
* Improved support for to running the GUI tools on Wayland (fixed
startup issues and tuned performance).
* Configuring a SSH certificate authority used to fail unless you
manually made a config directory, now fixed.
* Fixed a spurious "Network error: Socket is not connected" when
authenticating to some HTTP proxies.

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-281=1

Package List:

- openSUSE Leap 16.0:

putty-0.84-bp160.1.1

openSUSE-SU-2026:20847-1: important: Security update for postgresql-jdbc

openSUSE security update: security update for postgresql-jdbc
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20847-1
Rating: important
References:

* bsc#1264174

Cross-References:

* CVE-2026-42198

CVSS scores:

* CVE-2026-42198 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for postgresql-jdbc fixes the following issue

- CVE-2026-42198: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication (bsc#1264174).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-828=1

Package List:

- openSUSE Leap 16.0:

postgresql-jdbc-42.7.7-160000.3.1
postgresql-jdbc-javadoc-42.7.7-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-42198.html

openSUSE-SU-2026:20841-1: important: Security update for apache-commons-lang3, apache-commons-text, apache-commons-configuration2, apache-commons-cli, apache-commons-io, apache-commons-codec

openSUSE security update: security update for apache-commons-lang3, apache-commons-text, apache-commons-configuration2, apache-commons-cli, apache-commons-io, apache-commons-codec
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20841-1
Rating: important
References:

* bsc#1265299

Cross-References:

* CVE-2025-48924
* CVE-2026-45205

CVSS scores:

* CVE-2025-48924 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-48924 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45205 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-45205 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has one bug fix can now be installed.

Description:

This update for apache-commons-lang3, apache-commons-text, apache-commons-configuration2, apache-commons-cli, apache-commons-io, apache-commons-codec fixes the following issues:

Changes in apache-commons-lang3:

Update to 3.20.0

* New features:

+ Add SystemProperties.getPath(String, Supplier)
+ Add JavaVersion.JAVA_25
+ Add JavaVersion.JAVA_26
+ Add SystemUtils.IS_JAVA_25
+ Add SystemUtils.IS_JAVA_26
+ Add MutablePair.ofNonNull(Map.Entry)
+ Add TimedSemaphore.builder(), Builder, and deprecate
constructors
+ LANG-1504: Adding labels and history to split StopWatch

* Fixed Bugs:

+ Optimize ObjectToStringComparator.compare() method
+ [javadoc] Improve StringUtils Javadoc
+ Fix internal inverted logic in private isEnum() method and
correct its usage in getFirstEnum()
+ Use accessors in ToStringStyle so subclasses can effectively
override them
+ 'LocaleUtils.toLocale(String)' for a 2 letter country code
now returns a value instead of throwing an
'IllegalArgumentException'
+ Fix typo in StringUtils.trunctate() IllegalArgumentException
message and test assertion messages
+ Fix test fixture in
ReflectionDiffBuilderTest.testTransientFieldDifference()
+ LANG-1789: NullPointerException when generating
NoSuchMethodException in MethodUtils
+ LANG-1786: Map deprecated TimeZone short IDs and avoid JRE
WARNINGs to the console
+ LANG-1792: TypeUtils.toString() skips angle brackets for Class
type
+ Mention JDK 25 LTS as a tested version in the release notes
* Changes:
+ Bump org.apache.commons:commons-parent from 88 to 92

- Update to 3.19.0

* New features:

+ Add ArrayUtils.SOFT_MAX_ARRAY_LENGTH
+ Add SystemUtils.IS_OS_NETWARE
+ Add MethodUtils.getAccessibleMethod(Class, Method)
+ Add documentation to site for CVE-2025-48924
ClassUtils.getClass(...) can throw a StackOverflowError on
very long inputs
+ Add StringUtils.indexOfAny(CharSequence, int, char...)
+ Add ConcurrentException.ConcurrentException(String)
+ Add DateUtils.toLocalDateTime(Date[, TimeZone])
+ Add DateUtils.toOffsetDateTime(Date[, TimeZone])
+ Add DateUtils.toZonedDateTime(Date[, TimeZone])
+ Add ByteConsumer
+ Add ByteSupplier
+ Add FailableByteConsumer
+ Add FailableByteSupplier
+ LANG-1784: Add Functions methods for null-safe mapping and
chaining
+ LANG-1784: Add Failable methods for null-safe mapping and
chaining
+ Add DoubleRange.fit(double)
+ Add IntegerRange.fit(int)
+ Add LongRange.fit(long)
+ Add DurationUtils.get(String, TemporalUnit, long)
+ Add DurationUtils.getMillis(String, long)
+ Add DurationUtils.getSeconds(String, long)
+ Add SystemProperties.getBoolean(Class, String, boolean)
+ Add SystemProperties.getInt(Class, String, int)
+ Add SystemProperties.getLong(Class, String, long)

* Fixed Bugs:

+ LANG-1778: MethodUtils.getMatchingMethod() doesn't respect the
hierarchy of methods
+ MethodUtils.getMethodObject(Class, String, Class...) now
returns null instead of throwing a NullPointerException, as it
does for other exception types
+ Reduce spurious failures in ArrayUtilsTest methods that test
ArrayUtils.shuffle() methods
+ MethodUtils cannot find or invoke a public method on a public
class implemented in its package-private superclass
+ AtomicSafeInitializer.get() can spin internally if the
FailableSupplier given to AbstractConcurrentInitializer
.AbstractBuilder.setInitializer(FailableSupplier) throws a
RuntimeException
+ LANG-1783: WordUtils.containsAllWords?() may throw
PatternSyntaxException
+ LANG-1782: MethodUtils cannot find or invoke vararg methods
without providing vararg types or values
+ MethodUtils cannot find or invoke vararg methods of interface
types
+ MethodUtils cannot find or invoke vararg methods when widening
primitive types following the JLS 5.1.2. Widening Primitive
Conversion
+ LANG-1597: Invocation fails because matching varargs method
found but then discarded
+ Don't check accessibility twice in MemberUtils
.setAccessibleWorkaround(T)
+ LANG-1774: Improve handling of ClassUtils
.getShortCanonicalName() for invalid input
+ LANG-1720: Improve Javadocs for Conversion
+ Fix CalendarUtils.toLocalDate() Javadoc return type
description
+ Fix the method name in Javadoc examples for CharUtils.isHex()
+ Deprecate NumberUtils.compare(byte, byte) in favor of
Byte.compare(byte, byte)
+ Deprecate NumberUtils.compare(int, int) in favor of
Integer.compare(int, int)
+ Deprecate NumberUtils.compare(long, long) in favor of
Long.compare(long, long)
+ Deprecate NumberUtils.compare(short, short) in favor of
Short.compare(short, short)
+ Deprecate obsolete system property constant
SystemProperties.AWT_TOOLKIT
+ Deprecate obsolete system property constant
SystemProperties.JAVA_AWT_FONTS
+ Deprecate obsolete system property constant
SystemProperties.JAVA_AWT_GRAPHICSENV
+ Deprecate obsolete system property constant
SystemProperties.JAVA_AWT_HEADLESS
+ Deprecate obsolete system property constant
SystemProperties.JAVA_AWT_PRINTERJOB
+ Deprecate obsolete system property constant
SystemProperties.JAVA_COMPILER
+ Deprecate obsolete system property constant
SystemProperties.JAVA_ENDORSED_DIRS
+ Deprecate obsolete system property constant
SystemProperties.JAVA_EXT_DIRS
+ Deprecate method for obsolete system property constant
SystemProperties.getAwtToolkit()
+ Deprecate method for obsolete system property constant
SystemProperties.getJavaAwtFonts()
+ Deprecate method for obsolete system property constant
SystemProperties.getJavaAwtGraphicsenv()
+ Deprecate method for obsolete system property constant
SystemProperties.getJavaAwtHeadless()
+ Deprecate method for obsolete system property constant
SystemProperties.getJavaAwtPrinterjob()
+ Deprecate method for obsolete system property constant
SystemProperties.getJavaCompiler()
+ Deprecate method for obsolete system property constant
SystemProperties.getJavaEndorsedDirs()
+ Deprecate method for obsolete system property constant
SystemProperties.getJavaExtDirs()
+ Deprecate method for obsolete system property constant
SystemUtils.isJavaAwtHeadless()
+ Deprecate constants for obsolete system property
SystemUtils.JAVA_AWT_FONTS
+ Deprecate constants for obsolete system property
SystemUtils.JAVA_AWT_GRAPHICSENV
+ Deprecate constants for obsolete system property
SystemUtils.JAVA_AWT_HEADLESS
+ Deprecate constants for obsolete system property
SystemUtils.JAVA_AWT_PRINTERJOB
+ Deprecate constants for obsolete system property
SystemUtils.JAVA_COMPILER
+ Deprecate constants for obsolete system property
SystemUtils.JAVA_ENDORSED_DIRS
+ Deprecate constants for obsolete system property
SystemUtils.JAVA_EXT_DIRS
+ [javadoc] General improvements
+ [javadoc] Fix thrown exception documentation for
MethodUtils.getMethodObject(Class, String, Class...)
+ [javadoc] Strings::equalsAny: CI doc string should show it's
insensitive
+ [javadoc] General Javadoc improvements
+ LANG-1780: [javadoc] Fix Strings Javadoc
+ [javadoc] Fix typo in Javadoc of Strings instances
+ [javadoc] Fix Javadocs in ClassUtils
+ [javadoc] Fix @deprecated link for StringUtils#startsWithAny
+ Replace old feather logotype with new oak logotype
* Changes:
+ [test] Bump org.apache.commons:commons-text from 1.13.1 to
1.14.0
+ Bump org.apache.commons:commons-parent from 85 to 88

- Update to 3.18.0

- Fix component version in default.properties to 3.12

* Add and use LocaleUtils.toLocale(Locale) to avoid NPEs.
* Add FailableShortSupplier, handy for JDBC APIs.
* Add JavaVersion.JAVA_17.
* Add StringUtils.substringBefore(String, int).
* Add Range.INTEGER.
* Add DurationUtils.
* Correct implementation of RandomUtils.nextLong(long, long).
* Update maven-surefire-plugin 2.22.2 -> 3.0.0-M5.
* Bump junit-bom from 5.7.0 to 5.7.1.
* Ignored exception 'ignored', should not be called so.
* Change array style from 'int a[]' to 'int[] a'.

Changes in apache-commons-text:

- Upgrade to version 1.15.0

* New features

+ Add experimental CycloneDX VEX file
+ TEXT-235: Add Damerau-Levenshtein distance
+ Add unit tests to increase coverage
+ Add new test for CharSequenceTranslator#with()
+ Add tests and assertions to org.apache.commons.text.similarity
to get to 100% code coverage

* Fixed Bugs

+ Fix exception message typo in XmlStringLookup
.XmlStringLookup(Map, Path...)
+ TEXT-236: Inserting at the end of a TextStringBuilder throws
a StringIndexOutOfBoundsException
+ Fix TextStringBuilderTest.testAppendToCharBuffer() to use
proper argument type
+ Fix Apache RAT plugin console warnings
+ Fix site XML to use version 2.0.0 XML schema
+ Removed unreachable threshold verification code in
src/main/java/org/apache/commons/text/similarity
+ Enable secure processing for the XML parser in XmlStringLookup
in case the underlying JAXP implementation doesn't

- Upgrade to version 1.14.0

* New features

+ Interface StringLookup now extends UnaryOperator
+ Interface TextRandomProvider extends IntUnaryOperator
+ Add RandomStringGenerator.Builder
.usingRandom(IntUnaryOperator)
+ Add PMD check to default Maven goal
+ Add org.apache.commons.text.RandomStringGenerator.Builder
.setAccumulate(boolean)

* Fixed Bugs

+ Fix PMD UnnecessaryFullyQualifiedName in StringLookupFactory
+ Fix PMD UnnecessaryFullyQualifiedName in
DefaultStringLookupsHolder
+ Fix PMD UnnecessaryFullyQualifiedName in
PropertiesStringLookup
+ Fix PMD UnnecessaryFullyQualifiedName in
JavaPlatformStringLookup
+ Fix PMD UnnecessaryFullyQualifiedName in StringSubstitutor
+ Fix PMD UnnecessaryFullyQualifiedName in StrSubstitutor
+ Fix PMD UnnecessaryFullyQualifiedName in AlphabetConverter
+ Fix PMD AvoidBranchingStatementAsLastInLoop in
TextStringBuilder
+ Fix PMD AvoidBranchingStatementAsLastInLoop in StrBuilder
+ org.apache.commons.text.translate.LookupTranslator
.LookupTranslator(Map CharSequence>) now throws
NullPointerException instead of
java.security.InvalidParameterException

- Upgrade to version 1.13.1

* Fixed Bugs

+ Remove -nouses directive from maven-bundle-plugin. OSGi
package imports now state 'uses' definitions for package
imports, this doesn't affect JPMS
(from org.apache.commons:commons-parent:80)
+ Deprecate EntityArrays.EntityArrays()
+ StringLookupFactory.DefaultStringLookupsHolder
.createDefaultStringLookups() maps DefaultStringLookup
.LOCAL_HOST twice instead of once for LOCAL_HOST and
LOOPBACK_ADDRESS

- Upgrade to version 1.13.0

* New features

+ Add StringLookupFactory.loopbackAddressStringLookup()
+ Add StringLookupFactory.KEY_LOOPBACK_ADDRESS
+ Add DefaultStringLookup.LOOPBACK_ADDRESS
+ Add richer inputs in package org.apache.commons.text
.similarity with SimilarityInput
+ Add HammingDistance.apply(SimilarityInput, SimilarityInput)
+ Add JaccardDistance.apply(SimilarityInput, SimilarityInput)
+ Add JaccardSimilarity.apply(SimilarityInput, SimilarityInput)
+ Add JaroWinklerDistance.apply(SimilarityInput,
SimilarityInput)
+ Add JaroWinklerSimilarity.apply(SimilarityInput,
SimilarityInput)
+ Add LevenshteinDetailedDistance.apply(SimilarityInput,
SimilarityInput)
+ Add LevenshteinDistance.apply(SimilarityInput,
SimilarityInput)

* Fixed Bugs

+ Fix build on Java 22
+ Fix build on Java 23-ea
+ Make package-private constructor private:
StrLookup.MapStrLookup.MapStrLookup(Map)
+ Make package-private constructor private: StrLookup
.SystemPropertiesStrLookup.SystemPropertiesStrLookup()
+ Make package-private class private and final: MapStrLookup
+ Make package-private class private: StrMatcher.CharMatcher
+ Make package-private class private: StrMatcher.CharSetMatcher
+ Make package-private class private: StrMatcher.NoMatcher
+ Make package-private class private: StrMatcher.StringMatcher
+ Make package-private class private: StrMatcher.TrimMatcher
+ Make package-private class private and final:
IntersectionSimilarity.BagCount
+ Make package-private class private and final:
IntersectionSimilarity.TinyCount
+ Deprecate LevenshteinDistance.LevenshteinDistance() in favor
of LevenshteinDistance.getDefaultInstance()
+ Deprecate LevenshteinDetailedDistance
.LevenshteinDetailedDistance() in favor of
LevenshteinDetailedDistance.getDefaultInstance()
+ TEXT-234: Improve StrBuilder documentation for new line text
+ TEXT-234: Improve TextStringBuilder documentation for new line
text
+ TEXT-233: Required OSGi Import-Package version numbers in
MANIFEST.MF

- Upgrade to version 1.12.0

* New features

+ Add StringLookupFactory.fileStringLookup(Path...) and
deprecated fileStringLookup()
+ Add StringLookupFactory.propertiesStringLookup(Path...) and
deprecated propertiesStringLookup()
+ Add StringLookupFactory.xmlStringLookup(Map, Path...) and
deprecated xmlStringLookup() and xmlStringLookup(Map)
+ Add StringLookupFactory.builder() for fencing Path resolution
of the file, properties and XML lookups
+ Add DoubleFormat.Builder.get() as Builder now implements
Supplier

* Fixed Bugs

+ TEXT-232: WordUtils.containsAllWords?() may throw
PatternSyntaxException
+ TEXT-175: Fix regression for determining whitespace in
WordUtils
+ Deprecate Builder in favor of Supplier

- Upgrade to version 1.11.0

* New features

+ TEXT-224: Set SecureProcessing feature in XmlStringLookup by
default
+ TEXT-224: Add StringLookupFactory.xmlStringLookup(Map...)
+ Add @FunctionalInterface to FormatFactory
+ Add RandomStringGenerator.builder()
+ TEXT-229: Add XmlEncoderStringLookup/XmlDecoderStringLookup
+ Add StringSubstitutor.toString()

* Fixed Bugs

+ TEXT-219: Fix StringTokenizer.getTokenList to return an
independent modifiable list
+ Fix Javadoc for StringEscapeUtils.escapeHtml4
+ TextStringBuidler#hashCode() allocates a String on each call
+ TEXT-221: Fix Bundle-SymbolicName to use the package name
org.apache.commons.text
+ Add and use a package-private singleton for RegexTokenizer
+ Add and use a package-private singleton for CosineSimilarity
+ Add and use a package-private singleton for
LongestCommonSubsequence
+ Add and use a package-private singleton for
JaroWinklerSimilarity
+ Add and use a package-private singleton for JaccardSimilarity
+ [StepSecurity] ci: Harden GitHub Actions
+ Improve AlphabetConverter Javadoc
+ Fix exception message in IntersectionResult to make
set-theoretic sense
+ Add null-check in RandomStringGenerator#Builder#selectFrom()
to avoid NullPointerException
+ Add null-check in RandomStringGenerator#Builder#withinRange()
to avoid NullPointerException
+ TEXT-228: Fix TextStringBuilder to over-allocate when ensuring
capacity
+ Constructor for ResourceBundleStringLookup should be private
instead of package-private
+ Constructor for UrlDecoderStringLookup should be private
instead of package-private
+ Constructor for UrlEncoderStringLookup should be private
instead of package-private
+ TEXT-230: Javadoc of org.apache.commons.text.lookup
.DefaultStringLookup.XML is incorrect
+ Update DoubleFormat to state it is based on Double.toString

+ Removed non-existing parameter from Javadocs and spelled out
+ StringEscapeUtils.unescapeCsv doesn't remove quotes at begin
+ Refactor TextStringBuilder.readFrom(Readable), extracting
+ Add org.apache.commons.text.TextStringBuilder.drainChars(int,
+ Add org.apache.commons.text.TextStringBuilder.wrap(char[],

Changes in apache-commons-configuration2:

- Upgrade to version 2.15.0

* Changes

+ Disable include schemes http[s] by default, see
AbstractFileLocationStrategy
+ Detect and avoid processing cycles in YAML input
(YAMLConfiguration) (bsc#1265299, CVE-2026-45205)
+ Extend scheme validation to inner schemes of jar: URLs

- Upgrade to version 2.14.0

* New features

+ Add XMLConfiguration.read(Element)
+ Add ConfigurationException.ConfigurationException(String,
Object...)
+ Add ConfigurationException.ConfigurationException(Throwable,
String, Object...)
+ Add ConversionException.ConversionException(String, Object...)
+ Add ConversionException.ConversionException(Throwable, String,
Object...)
+ Add ConfigurationRuntimeException
.ConfigurationRuntimeException(Throwable, String, Object...)

* Fixed Bugs

+ Fix Apache RAT plugin console warnings
+ Migrate from deprecated APIs

- Upgrade to version 2.13.0

* New features

+ Add org.apache.commons.configuration2.ImmutableConfiguration
.entrySet()
+ Add org.apache.commons.configuration2.ImmutableConfiguration
.forEach(BiConsumer)
+ Add VEX entry for CVE-2025-48924

* Fixed Bugs

+ Shared primitive variable "throwExceptionOnMissing" in one
thread may not yield the value of the most recent write from
another thread [org.apache.commons.configuration2
.AbstractConfiguration] At AbstractConfiguration.java:
[line 1493] AT_STALE_THREAD_WRITE_OF_PRIMITIVE
+ Shared primitive variable "forceSingleLine" in one thread may
not yield the value of the most recent write from another
thread [org.apache.commons.configuration2
.PropertiesConfigurationLayout]
At PropertiesConfigurationLayout.java:[line 821]
AT_STALE_THREAD_WRITE_OF_PRIMITIVE
+ CONFIGURATION-849: Fix undoubling of strings
+ CONFIGURATION-852: Mark the package jakarta.servlet.* import
as optional in OSGi
+ Fix build [WARNING] Parameter 'forkMode' is unknown for plugin
'maven-surefire-plugin:3.5.3:test (default-test)'

- Upgrade to version 2.12.0

* New features:

+ Add PrefixedKeysIterator.toString() to package-private
PrefixedKeysIterator
+ CONFIGURATION-836: New web configurations using the
jakarta.servlet namespace are now available
+ CONFIGURATION-836: Add org.apache.commons.configuration2.web
.JakartaServletConfiguration
+ CONFIGURATION-836: Add org.apache.commons.configuration2.web
.JakartaServletContextConfiguration
+ CONFIGURATION-836: Add org.apache.commons.configuration2.web
.JakartaServletFilterConfiguration
+ CONFIGURATION-836: Add org.apache.commons.configuration2.web
.JakartaServletRequestConfiguration
+ Add org.apache.commons.configuration2
.AbstractHierarchicalConfiguration.getKeysInternal(String,
String)

* Fixed Bugs:

+ PropertyConverter.to(Class, Object, DefaultConversionHandler)
doesn't convert custom java.lang.Number subclasses
+ DefaultConversionHandler.convertValue(Object, Class,
ConfigurationInterpolator) doesn't convert custom java.lang
.Number subclasses
+ DefaultConversionHandler.to(Object, Class,
ConfigurationInterpolator) doesn't convert custom java.lang
.Number subclasses
+ CONFIGURATION-848: SubsetConfiguration does not account for
delimiters as it did in 2.9.0
+ CONFIGURATION-848: CompositeConfiguration does not account for
delimiters as it did in 2.9.0
+ Describe the security model
+ De-emphasize the 1.x version line on the website
+ CONFIGURATION-851: HomeDirectoryLocationStrategy no longer
resolves the user HOME directory correctly

- Upgrade to version 2.11.0

* New features

+ CONFIGURATION-844: Add support for empty sections
+ Add ImmutableConfiguration.containsValue(Object)

* Fixed Bugs

+ Fail-fast with a NullPointerException if DataConfiguration
.DataConfiguration(Configuration) is called with null
+ Fail-fast with a NullPointerException if
XMLPropertiesConfiguration.XMLPropertiesConfiguration(Element)
is called with null
+ Fail-fast with a NullPointerException if a SubsetConfiguration
constructor is called with a null Configuration
+ CONFIGURATION-843: Methods should not be empty
+ Guard MapConfiguration against null maps
+ Fail-fast with a NullPointerException if
AppletConfiguration(Applet) is called with null
+ Fail-fast with a NullPointerException if
ServletConfiguration(Servlet) is called with null
+ Fail-fast with a NullPointerException if
ServletConfiguration(ServletConfig) is called with null
+ Fail-fast with a NullPointerException if
ServletContextConfiguration(Servlet) is called with null
+ Fail-fast with a NullPointerException if
ServletContextConfiguration(ServletContext) is called with null
+ Fail-fast with a NullPointerException if
ServletFilterConfiguration(FilterConfig) is called with null
+ Fail-fast with a NullPointerException if
ServletRequestConfiguration(ServletRequest) is called with
null
+ Deprecate DatabaseConfiguration.getDatasource() in favor of
getDataSource()
+ Fix PMD DynamicCombinedConfiguration in
AbstractImmutableNodeHandler
+ Fix PMD DynamicCombinedConfiguration in
AbstractListDelimiterHandler
+ Fix PMD DynamicCombinedConfiguration in
DefaultPrefixLookupsHolder
+ Fix PMD DynamicCombinedConfiguration in
DynamicCombinedConfiguration
+ Fix PMD DynamicCombinedConfiguration in
PropertiesConfiguration
+ CONFIGURATION-846: Restore previous behavior allowing Spring
to inject multiple values
+ CONFIGURATION-847: Property with an empty string value was not
processed

Changes in apache-commons-cli:

- Update to 1.11.0

* New Features

+ Add CommandLine.getOptionCount() to measure option repetition

* Fixed Bugs

+ CLI-351: Multiple trailing BREAK_CHAR_SET characters cause
infinite loop in HelpFormatter
+ CLI-351: Fix issue with groups not being reported in help
output

Changes in apache-commons-io:

- Upgrade to 2.22.0

* New features

+ Add and use IOUtils.closeQuietlySuppress(Closeable, Throwable)
+ Add ProxyWriter.setReference(Writer)
+ Add ProxyWriter.unwrap()
+ Add ProxyReader.setReference(Reader)
+Add ProxyReader.unrwap()
+ IO-883: ByteArraySeekableByteChannel should optionally
configure a read-only channel
+ IO-883: Add ByteArraySeekableByteChannel.Builder and builder()
+ IO-883: Add AbstractStreamBuilder.getByteArray()
+ CloseShieldInputStream now supports a custom close shield as
a function
+ Add FlushShieldOutputStream to workaround issues in generic
code that ends up calling third parties like like
org.tukaani.xz.LZMAOutputStream.flush()
+ Add filter channels

* Fixed Bugs

+ Fix Apache RAT plugin console warnings
+ ByteArraySeekableByteChannel.position(long) and truncate(long)
shouldn't throw an IllegalArgumentException for a new positive
position that's too large
+ Fix malformed Javadoc comments
+ ReadAheadInputStream.close() doesn't always close its filtered
input stream
+ ReadAheadInputStream now restores the current thread's
interrupt flag when catching InterruptedException
+ FileAlterationMonitor.stop(long) now restores the current
thread's interrupt flag when catching InterruptedException
+ FileCleaningTracker now restores the current thread's
interrupt flag when catching InterruptedException
+ ThreadMonitor.run() now restores the current thread's
interrupt flag when catching InterruptedException
+ ThrottledInputStream.throttle() now restores the current
thread's interrupt flag when catching InterruptedException
+ ThrottledInputStream.throttle() doesn't preserve the original
InterruptedException as the cause of its
InterruptedIOException
+ All thread names are now prefixed with "commons-io-"
+ IO-639: ReversedLinesFileReader does not read first line if
its empty
+ IO-886: Fixed incorrect regular expression in
PathUtils.RelativeSortedPaths.extractKey(String, String)
+ Fix typos in Javadoc of FileUtils and related test classes
+ IO-887: WriterOutputStream from a builder fails on malformed
or unmappable input bytes
+ BoundedReader now extends ProxyReader
+ AbstractStreamBuilder.setOpenOptions(OpenOption...) now makes
a defensive copy of its input array
+ IO-885: Path visits follow links
+ BOMInputStream fail-fast and tracks its ByteOrderMark as a final
+ Refactor UnixLineEndingInputStream and
WindowsLineEndingInputStream for duplication
+ IO-857: [Javadoc] PathUtils.cleanDirectory() methods vs FileUtils
+ Fix JaCoCo report generation (code coverage)
+ AbstractStreamBuilder.setBufferSizeDefault(int) now resets to
default for input less than or equal to zero

* Changes

+ Bump org.apache.commons:commons-parent from 91 to 98
+ Bump commons-codec:commons-codec from 1.19.0 to 1.21.0
+ Bump commons.bytebuddy.version from 1.17.8 to 1.18.8
+ Bump commons-lang3 from 3.19.0 to 3.20.0

Changes in apache-commons-codec:

- Update to 1.22.0

* New features

+ CODEC-326: Add Base58 support
+ Add BaseNCodecInputStream.AbstracBuilder.setByteArray(byte[])
+ CODEC-335: Add GitIdentifiers to compute Git blob and tree
object identifiers

* Fixed Bugs

+ CODEC-249: Fix Incorrect transform of CH digraph according
Metaphone basic rules #423
+ CODEC-317: ColognePhonetic can create duplicate consecutive
codes in some cases
+ Add boundary tests for BinaryCodec.fromAscii partial-bit
inputs #425
+ CODEC-336: Base64.Builder.setUrlSafe(boolean) Javadoc
incorrectly states null is accepted for primitive boolean
parameter

* Changes

+ Bump org.apache.commons:commons-parent from 96 to 98

- Update to 1.21.0

* New features

+ CODEC-333: Add distinct Base64 decoding for standard and
URL-safe formats

* Fixed Bugs

+ Fix oak leaf icon references in overview.html when running
'mvn clean javadoc:javadoc'
+ Fix Apache RAT plugin console warnings
+ Fix malformed Javadoc comments
* Changes
+ Bump org.apache.commons:commons-parent from 91 to 96 #415,
#418
+ Bump commons-io:commons-io from 2.20.0 to 2.21.0
+ Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0

- Update to 1.20.0

* New features

+ Add org.apache.commons.codec.digest.Crc16
+ Add builders to org.apache.commons.codec.digest streams and
deprecate some old constructors
+ Add builder to Base16 streams and deprecate some old
constructors
+ Add support for SHAKE128-256 and SHAKE256-512 to 'DigestUtils'
and 'MessageDigestAlgorithms' on Java 25 and up
+ Add BaseNCodec.AbstractBuilder.setDecodeTable(byte[]) and
refactor subclasses

* Changes

+ Deprecate all but one Base32 constructor in favor of the
builder added in version 1.17.0
+ Deprecate all but one Base64 constructor in favor of the
builder added in version 1.17.0
+ BaseNCodecInputStream subclasses are now type-safe to match
its matching BaseNCodec
+ BaseNCodecOutputStream subclasses are now type-safe to match
its matching BaseNCodec
+ Bump org.apache.commons:commons-parent from 85 to 91
+ [test] Bump org.apache.commons:commons-lang3 from 3.18.0 to
3.19.0

- Update to 1.19.0

* New features

+ Add HmacUtils.hmac(Path)
+ Add HmacUtils.hmacHex(Path)
+ Add PMD check to the default Maven goal
+ Add SpotBugs check to the default Maven goal

* Fixed Bugs

+ Remove -nouses directive from maven-bundle-plugin. OSGi
package imports now state 'uses' definitions for package
imports, this doesn't affect JPMS
(from org.apache.commons:commons-parent:80)
+ Refactor DigestUtils.updateDigest(MessageDigest, File) to use
NIO
+ CODEC-328: Clarify Javadoc for
org.apache.commons.codec.digest.UnixCrypt.crypt(byte[],String)
+ Precompile regular expressions in DaitchMokotoffSoundex.Rule
+ Precompile regular expressions in
DaitchMokotoffSoundex.parseRules(Scanner, String, Map, Map)
+ Precompile regular expressions in
Lang.loadFromResource(String, Languages)
+ Precompile regular expressions in
PhoneticEngine.encode(String, LanguageSet)
+ Precompile regular expressions in
org.apache.commons.codec.language.bm.Rule.parse*(*)
+ Remove redundant checks for whitespace in
DaitchMokotoffSoundex.soundex(String, boolean)
+ Javadoc typo in Base16.java #380
+ Deprecate unused constant org.apache.commons.codec.language.bm
.Rule.ALL
+ CODEC-331: org.apache.commons.codec.language.bm.Rule
.parsePhonemeExpr(String) adds duplicate empty phoneme when
input ends with |
+ CODEC-331: org.apache.commons.codec.language
.DaitchMokotoffSoundex.cleanup(String) does not remove special
characters like punctuation
+ Fix PMD multiple UnnecessaryFullyQualifiedName in
org.apache.commons.codec.binary.StringUtils
+ Fix PMD UnusedFormalParameter in private constructor in
org.apache.commons.codec.binary.Base16
+ Fix PMD multiple UnnecessaryFullyQualifiedName in
org.apache.commons.codec.digest.Blake3
+ Fix PMD UnnecessaryFullyQualifiedName in
org.apache.commons.codec.digest.Md5Crypt
+ Fix PMD EmptyControlStatement in
org.apache.commons.codec.language.Metaphone
+ Fix SpotBugs [ERROR] Medium: org.apache.commons.codec.binary
.BaseNCodec$AbstractBuilder.setEncodeTable(byte[]) may expose
internal representation by storing an externally mutable
object into BaseNCodec$AbstractBuilder.encodeTable [org.apache
.commons.codec.binary.BaseNCodec$AbstractBuilder] At
BaseNCodec.java:[line 131] EI_EXPOSE_REP2
+ The method org.apache.commons.codec.binary.BaseNCodec
.AbstractBuilder.setLineSeparator(byte...) now makes a
defensive copy
+ Avoid unnecessary String conversion in
org.apache.commons.codec.language.bm.PhoneticEngine
.applyFinalRules(PhonemeBuilder, Map)
+ Fix SpotBugs [ERROR] High: Potentially dangerous use of
non-short-circuit logic in org.apache.commons.codec.language
.DaitchMokotoffSoundex.cleanup(String)
[org.apache.commons.codec.language.DaitchMokotoffSoundex] At
DaitchMokotoffSoundex.java:[line 350]
NS_DANGEROUS_NON_SHORT_CIRCUIT

* Changes

+ Bump org.apache.commons:commons-parent from 79 to 85 #375
+ [test] Bump commons-io:commons-io from 2.18.0 to 2.20.0
+ [test] Bump org.apache.commons:commons-lang3 from 3.17.0 to
3.18.0 #386

- Update to 1.16.0:

* Bump jacoco-maven-plugin from 0.8.7 to 0.8.8.

+ Support java.nio.ByteBuffer in

* Fixed bugs:

- Don't condition the maven defines on release version, but on

+ Add Daitch-Mokotoff Soundex
+ Make possible to provide padding byte to BaseNCodec in constructor
urlSafe parameter
is mandatory to call close()
+ Add support for HMAC Message Authentication Code (MAC) digests
+ Beider Morse Phonetic Matching producing incorrect tokens
using empty strings
Issue: CODEC-184.
+ Fix Javadoc 1.8.0 errors
+ Fix Java 8 build Javadoc errors
Issue: CODEC-189.
+ Deprecate Charsets Charset constants in favor of Java 7's
java.nio.charset.StandardCharsets
Issue: CODEC-178.
+ Update from commons-parent 34 to 35
Issue: CODEC-190.

- update to 1.8
* Add DigestUtils.updateDigest(MessageDigest, InputStream)
* Add Match Rating Approach (MRA) phonetic algorithm encoder
* ColognePhonetic encoder unnecessarily creates many char arrays on every loop run
- add junit4 to fix a build fail
- update to 1.6, sync with Fedora

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-822=1

Package List:

- openSUSE Leap 16.0:

apache-commons-cli-1.11.0-160000.1.1
apache-commons-cli-javadoc-1.11.0-160000.1.1
apache-commons-codec-1.22.0-160000.1.1
apache-commons-codec-javadoc-1.22.0-160000.1.1
apache-commons-configuration2-2.15.0-160000.1.1
apache-commons-configuration2-javadoc-2.15.0-160000.1.1
apache-commons-io-2.22.0-160000.1.1
apache-commons-io-javadoc-2.22.0-160000.1.1
apache-commons-lang3-3.20.0-160000.1.1
apache-commons-lang3-javadoc-3.20.0-160000.1.1
apache-commons-text-1.15.0-160000.1.1
apache-commons-text-javadoc-1.15.0-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-48924.html
* https://www.suse.com/security/cve/CVE-2026-45205.html

openSUSE-SU-2026:20845-1: important: Security update for libsoup

openSUSE security update: security update for libsoup
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20845-1
Rating: important
References:

* bsc#1259767

Cross-References:

* CVE-2026-4271

CVSS scores:

* CVE-2026-4271 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-4271 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for libsoup fixes the following issue

- CVE-2026-4271: use-after-free in the HTTP/2 server when user signal handlers disconnect connections during callback
execution (bsc#1259767).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-826=1

Package List:

- openSUSE Leap 16.0:

libsoup-3_0-0-3.6.6-160000.2.1
libsoup-devel-3.6.6-160000.2.1
libsoup-lang-3.6.6-160000.2.1
typelib-1_0-Soup-3_0-3.6.6-160000.2.1

References:

* https://www.suse.com/security/cve/CVE-2026-4271.html

openSUSE-SU-2026:10896-1: moderate: libzypp-17.38.10-1.1 on GA media

# libzypp-17.38.10-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10896-1
Rating: moderate

Cross-References:

* CVE-2026-25707

CVSS scores:

* CVE-2026-25707 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libzypp-17.38.10-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libzypp 17.38.10-1.1
* libzypp-devel 17.38.10-1.1
* libzypp-devel-doc 17.38.10-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25707.html

openSUSE-SU-2026:10895-1: moderate: libsolv-demo-0.7.38-1.1 on GA media

# libsolv-demo-0.7.38-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10895-1
Rating: moderate

Cross-References:

* CVE-2026-48863
* CVE-2026-9149
* CVE-2026-9150

CVSS scores:

* CVE-2026-48863 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-48863 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-9149 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-9150 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the libsolv-demo-0.7.38-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libsolv-demo 0.7.38-1.1
* libsolv-devel 0.7.38-1.1
* libsolv-devel-static 0.7.38-1.1
* libsolv-tools 0.7.38-1.1
* libsolv-tools-base 0.7.38-1.1
* libsolv1 0.7.38-1.1
* perl-solv 0.7.38-1.1
* python311-solv 0.7.38-1.1
* python313-solv 0.7.38-1.1
* python314-solv 0.7.38-1.1
* ruby-solv 0.7.38-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-48863.html
* https://www.suse.com/security/cve/CVE-2026-9149.html
* https://www.suse.com/security/cve/CVE-2026-9150.html

openSUSE-SU-2026:10890-1: moderate: ffmpeg-8-8.1.1-3.1 on GA media

# ffmpeg-8-8.1.1-3.1 on GA media

Announcement ID: openSUSE-SU-2026:10890-1
Rating: moderate

Cross-References:

* CVE-2025-10256
* CVE-2025-1594
* CVE-2025-9951
* CVE-2026-30997

CVSS scores:

* CVE-2025-10256 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-10256 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-1594 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2025-1594 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-9951 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2025-9951 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-30997 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-30997 ( SUSE ): 7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ffmpeg-8-8.1.1-3.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ffmpeg-8 8.1.1-3.1
* ffmpeg-8-libavcodec-devel 8.1.1-3.1
* ffmpeg-8-libavdevice-devel 8.1.1-3.1
* ffmpeg-8-libavfilter-devel 8.1.1-3.1
* ffmpeg-8-libavformat-devel 8.1.1-3.1
* ffmpeg-8-libavutil-devel 8.1.1-3.1
* ffmpeg-8-libswresample-devel 8.1.1-3.1
* ffmpeg-8-libswscale-devel 8.1.1-3.1
* libavcodec62 8.1.1-3.1
* libavcodec62-32bit 8.1.1-3.1
* libavdevice62 8.1.1-3.1
* libavdevice62-32bit 8.1.1-3.1
* libavfilter11 8.1.1-3.1
* libavfilter11-32bit 8.1.1-3.1
* libavformat62 8.1.1-3.1
* libavformat62-32bit 8.1.1-3.1
* libavutil60 8.1.1-3.1
* libavutil60-32bit 8.1.1-3.1
* libswresample6 8.1.1-3.1
* libswresample6-32bit 8.1.1-3.1
* libswscale9 8.1.1-3.1
* libswscale9-32bit 8.1.1-3.1

## References:

* https://www.suse.com/security/cve/CVE-2025-10256.html
* https://www.suse.com/security/cve/CVE-2025-1594.html
* https://www.suse.com/security/cve/CVE-2025-9951.html
* https://www.suse.com/security/cve/CVE-2026-30997.html

openSUSE-SU-2026:10892-1: moderate: ignition-2.26.0-4.1 on GA media

# ignition-2.26.0-4.1 on GA media

Announcement ID: openSUSE-SU-2026:10892-1
Rating: moderate

Cross-References:

* CVE-2026-33814

CVSS scores:

* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ignition-2.26.0-4.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ignition 2.26.0-4.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33814.html

openSUSE-SU-2026:10893-1: moderate: java-26-openjdk-26.0.1.0-1.1 on GA media

# java-26-openjdk-26.0.1.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10893-1
Rating: moderate

Cross-References:

* CVE-2026-22007
* CVE-2026-22008
* CVE-2026-22013
* CVE-2026-22016
* CVE-2026-22018
* CVE-2026-22021
* CVE-2026-23865
* CVE-2026-34268
* CVE-2026-34282

CVSS scores:

* CVE-2026-22007 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-22007 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-22008 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-22008 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-22013 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-22013 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-22016 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-22016 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-22018 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-22018 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-22021 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-22021 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-23865 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-23865 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-34268 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-34268 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34282 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34282 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 9 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the java-26-openjdk-26.0.1.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* java-26-openjdk 26.0.1.0-1.1
* java-26-openjdk-demo 26.0.1.0-1.1
* java-26-openjdk-devel 26.0.1.0-1.1
* java-26-openjdk-headless 26.0.1.0-1.1
* java-26-openjdk-javadoc 26.0.1.0-1.1
* java-26-openjdk-jmods 26.0.1.0-1.1
* java-26-openjdk-src 26.0.1.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-22007.html
* https://www.suse.com/security/cve/CVE-2026-22008.html
* https://www.suse.com/security/cve/CVE-2026-22013.html
* https://www.suse.com/security/cve/CVE-2026-22016.html
* https://www.suse.com/security/cve/CVE-2026-22018.html
* https://www.suse.com/security/cve/CVE-2026-22021.html
* https://www.suse.com/security/cve/CVE-2026-23865.html
* https://www.suse.com/security/cve/CVE-2026-34268.html
* https://www.suse.com/security/cve/CVE-2026-34282.html

openSUSE-SU-2026:10891-1: moderate: gsasl-2.2.3-1.1 on GA media

# gsasl-2.2.3-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10891-1
Rating: moderate

Cross-References:

* CVE-2026-48829

CVSS scores:

* CVE-2026-48829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-48829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the gsasl-2.2.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* gsasl 2.2.3-1.1
* gsasl-devel 2.2.3-1.1
* gsasl-lang 2.2.3-1.1
* libgsasl18 2.2.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-48829.html

SUSE-SU-2026:2195-1: important: Security update for the Linux Kernel

# Security update for the Linux Kernel

Announcement ID: SUSE-SU-2026:2195-1
Release Date: 2026-06-01T07:40:43Z
Rating: important
References:

* bsc#1234634
* bsc#1243603
* bsc#1248754
* bsc#1253754
* bsc#1258518
* bsc#1258718
* bsc#1258849
* bsc#1258850
* bsc#1258854
* bsc#1258855
* bsc#1258856
* bsc#1258857
* bsc#1258961
* bsc#1259484
* bsc#1259485
* bsc#1259857
* bsc#1260010
* bsc#1260018
* bsc#1260522
* bsc#1260526
* bsc#1261287
* bsc#1261295
* bsc#1261584
* bsc#1261638
* bsc#1261648
* bsc#1261707
* bsc#1261710
* bsc#1261779
* bsc#1261781
* bsc#1261796
* bsc#1261797
* bsc#1262020
* bsc#1262179
* bsc#1262181
* bsc#1262602
* bsc#1262665
* bsc#1262734
* bsc#1262758
* bsc#1263001
* bsc#1263065
* bsc#1263085
* bsc#1263093
* bsc#1263095
* bsc#1263131
* bsc#1263141
* bsc#1263165
* bsc#1263170
* bsc#1263176
* bsc#1263582
* bsc#1263600
* bsc#1263668
* bsc#1263723
* bsc#1263797
* bsc#1263815
* bsc#1263882
* bsc#1263901
* bsc#1263931
* bsc#1263933
* bsc#1264013
* bsc#1264059
* bsc#1264082
* bsc#1264087
* bsc#1264097
* bsc#1264482
* bsc#1264634
* bsc#1264651
* bsc#1264801
* bsc#1264848
* bsc#1265085
* bsc#1265090
* bsc#1265116
* bsc#1265119
* bsc#1265126
* bsc#1265421
* bsc#1265449
* bsc#1265456
* bsc#1265626
* bsc#1265846
* jsc#PED-7249

Cross-References:

* CVE-2023-2058
* CVE-2025-54518
* CVE-2026-23209
* CVE-2026-23239
* CVE-2026-23240
* CVE-2026-23268
* CVE-2026-23269
* CVE-2026-23271
* CVE-2026-23273
* CVE-2026-23351
* CVE-2026-23393
* CVE-2026-23403
* CVE-2026-23404
* CVE-2026-23405
* CVE-2026-23406
* CVE-2026-23407
* CVE-2026-23408
* CVE-2026-23409
* CVE-2026-23410
* CVE-2026-23411
* CVE-2026-23449
* CVE-2026-23450
* CVE-2026-23458
* CVE-2026-23461
* CVE-2026-23462
* CVE-2026-31402
* CVE-2026-31403
* CVE-2026-31408
* CVE-2026-31436
* CVE-2026-31470
* CVE-2026-31504
* CVE-2026-31505
* CVE-2026-31507
* CVE-2026-31512
* CVE-2026-31528
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31588
* CVE-2026-31602
* CVE-2026-31607
* CVE-2026-31622
* CVE-2026-31649
* CVE-2026-31656
* CVE-2026-31662
* CVE-2026-31669
* CVE-2026-31685
* CVE-2026-31694
* CVE-2026-31700
* CVE-2026-31738
* CVE-2026-31787
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43038
* CVE-2026-43044
* CVE-2026-43050
* CVE-2026-43110
* CVE-2026-43120
* CVE-2026-43126
* CVE-2026-43190
* CVE-2026-43214
* CVE-2026-43329
* CVE-2026-43330
* CVE-2026-43334
* CVE-2026-43365
* CVE-2026-43366
* CVE-2026-43437
* CVE-2026-43494

CVSS scores:

* CVE-2023-2058 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2023-2058 ( NVD ): 2.4 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-54518 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-54518 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-54518 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-23209 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23239 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23239 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23240 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23240 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23240 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23269 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23269 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-23269 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23271 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23271 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-23271 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23273 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23273 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23273 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23351 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23351 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23403 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23403 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-23403 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23404 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23404 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23404 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23405 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23405 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23405 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23406 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23406 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-23406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23407 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23407 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-23407 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23408 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23408 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-23408 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23408 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23409 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23409 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-23409 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23410 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23410 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23410 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23410 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23411 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23411 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23411 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23411 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23449 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23449 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23449 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23450 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23450 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23450 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23458 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23458 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23458 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23461 ( SUSE ): 7.7
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23461 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23461 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23462 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23462 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23462 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31402 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31403 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31403 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31403 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31408 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31408 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31408 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31436 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31436 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31470 ( SUSE ): 6.0
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31470 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31470 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31504 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31505 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31507 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31507 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31507 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31512 ( SUSE ): 7.1
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31512 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-31512 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31528 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31528 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31528 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31588 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31588 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31588 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-31602 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31602 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31602 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31607 ( SUSE ): 7.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31607 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-31607 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31622 ( SUSE ): 8.7
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31622 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31622 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31649 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31649 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31649 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31656 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31656 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31656 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31662 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31662 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31662 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31669 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31669 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31669 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31694 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31700 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31700 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31700 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31738 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31738 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31738 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31787 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31787 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31787 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43038 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43038 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43044 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43044 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43044 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43050 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43050 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43050 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43110 ( SUSE ): 7.7
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43110 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43110 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43120 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43120 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-43120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43126 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43126 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43126 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43214 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43214 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43214 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43329 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43329 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43329 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43330 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43330 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43330 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43334 ( SUSE ): 8.6
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-43334 ( SUSE ): 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-43334 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43365 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43365 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43365 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43366 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43366 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43366 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise High Availability Extension 15 SP6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves 68 vulnerabilities, contains one feature and has 10
security fixes can now be installed.

## Description:

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security
issues

The following security issues were fixed:

* CVE-2023-2058: x86/CPU: Fix FPDSS on Zen1 (bsc#1243603).
* CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources
in Zen2's op cache (bsc#1264013).
* CVE-2026-23239: espintcp: Fix race condition in espintcp_close()
(bsc#1259485).
* CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx()
(bsc#1259484).
* CVE-2026-23271: perf: Fix __perf_event_overflow() vs
perf_remove_from_context() race (bsc#1260018).
* CVE-2026-23351: netfilter: nft_set_pipapo: split gc into unlink and reclaim
phase (bsc#1260526).
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260522).
* CVE-2026-23449: net/sched: teql: Fix double-free in teql_master_xmit
(bsc#1261779).
* CVE-2026-23450: net/smc: fix NULL dereference and UAF in
smc_tcp_syn_recv_sock() (bsc#1261584).
* CVE-2026-23458: netfilter: ctnetlink: fix use-after-free in
ctnetlink_dump_exp_ct() (bsc#1261781).
* CVE-2026-23461: Bluetooth: L2CAP: Fix use-after-free in
l2cap_unregister_user (bsc#1261707).
* CVE-2026-23462: Bluetooth: HIDP: Fix possible UAF (bsc#1261710).
* CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
(bsc#1261638).
* CVE-2026-31403: NFSD: Hold net reference for the lifetime of
/proc/fs/nfs/exports fd (bsc#1261796).
* CVE-2026-31408: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due
to missing sock_hold (bsc#1261797).
* CVE-2026-31436: dmaengine: idxd: fix possible wrong descriptor completion in
llist_abort_desc() (bsc#1262602).
* CVE-2026-31470: virt: tdx-guest: Fix handling of host controlled 'quote'
buffer length (bsc#1262665).
* CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race
(bsc#1263085).
* CVE-2026-31505: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
(bsc#1263093).
* CVE-2026-31507: net/smc: fix double-free of smc_spd_priv when tee()
duplicates splice pipe buffer (bsc#1263095).
* CVE-2026-31512: Bluetooth: L2CAP: Validate PDU length before reading SDU
length in l2cap_ecred_data_rcv() (bsc#1262734).
* CVE-2026-31528: perf: Make sure to use pmu_ctx->pmu for groups
(bsc#1263001).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262758).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263065).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263176).
* CVE-2026-31588: KVM: x86: Use scratch field in MMIO fragment to hold small
write values (bsc#1263165).
* CVE-2026-31602: ALSA: ctxfi: Limit PTP to a single page (bsc#1263723).
* CVE-2026-31607: usbip: validate number_of_packets in usbip_pack_ret_submit()
(bsc#1263600).
* CVE-2026-31622: NFC: digital: Bounds check NFC-A cascade depth in SDD
response handler (bsc#1263797).
* CVE-2026-31649: net: stmmac: fix integer underflow in chain mode
(bsc#1263582).
* CVE-2026-31656: drm/i915/gt: fix refcount underflow in
intel_engine_park_heartbeat (bsc#1263170).
* CVE-2026-31662: tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG
(bsc#1263131).
* CVE-2026-31669: mptcp: fix slab-use-after-free in __inet_lookup_established
(bsc#1263141).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263668).
* CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263901).
* CVE-2026-31700: net/packet: fix TOCTOU race on mmap'd vnet_hdr in
tpacket_snd() (bsc#1263882).
* CVE-2026-31738: vxlan: validate ND option lengths in vxlan_na_create
(bsc#1264059).
* CVE-2026-31787: xen/privcmd: fix double free via VMA splitting
(bsc#1262181).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1263931).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1263933).
* CVE-2026-43038: ipv6: icmp: clear skb2->cb in ip6_err_gen_icmpv6_unreach()
(bsc#1264097).
* CVE-2026-43044: crypto: caam - fix DMA corruption on long hmac keys
(bsc#1264087).
* CVE-2026-43050: atm: lec: fix use-after-free in sock_def_readable()
(bsc#1264082).
* CVE-2026-43110: wifi: brcmfmac: validate bsscfg indices in IF events
(bsc#1264482).
* CVE-2026-43120: RDMA/irdma: Fix double free related to rereg_user_mr.
* CVE-2026-43126: ALSA: mixer: oss: Add card disconnect checkpoints
(bsc#1264634).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264848).
* CVE-2026-43214: KVM: x86: Add SRCU protection for reading PDPTRs in
__get_sregs2() (bsc#1264651).
* CVE-2026-43329: netfilter: flowtable: strictly check for maximum number of
actions (bsc#1265085).
* CVE-2026-43330: crypto: caam - fix overflow on long hmac keys (bsc#1264801).
* CVE-2026-43334: Bluetooth: SMP: force responder MITM requirements before
building the pairing response (bsc#1265090).
* CVE-2026-43365: xfs: fix undersized l_iclog_roundoff values (bsc#1265119).
* CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy
on recycle (bsc#1265116).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265126).
* CVE-2026-43494: net/rds: reset op_nents when zerocopy page pin fails
(bsc#1265626).

The following non security issues were fixed:

* btrfs: reject root items with drop_progress and zero drop_level (git-fixes).
* btrfs: replace BUG() with error handling in __btrfs_balance() (git-fixes).
* check-for-config-changes: Exclude CC_MS_EXTENSIONS.
* check-for-config-changes: Exclude
HAVE_CFI_ICALL_NORMALIZE_INTEGERS{,_RUSTC}.
* dm init: ensure device probing has finished in dm-mod.waitfor= (git-fixes).
* hv_sock: fix ARM64 support (git-fixes).
* ice: set max queues in alloc_etherdev_mqs() (git-fixes).
* kdump, documentation: describe craskernel CMA reservation (jsc#PED-7249).
* mkspec: Add signature to source list only when it exists.
* net/rds: reset op_nents when zerocopy page pin fails (bsc#1265626).
* net/sched: fix pedit partial COW leading to page cache corruption
(bsc#1265421).
* net: mana: Add MAC address to vPort logs and clarify error messages (git-
fixes).
* net: mana: check xdp_rxq registration before unreg in mana_destroy_rxq()
(git-fixes).
* net: mana: Don't overwrite port probe error with add_adev result (git-
fixes).
* net: mana: Fix crash from unvalidated SHM offset read from BAR0 during FLR
(bsc#1265846).
* net: mana: Fix EQ leak in mana_remove on NULL port (git-fixes).
* net: mana: Fix RX skb truesize accounting (bsc#1248754).
* net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering
teardown (git-fixes).
* net: mana: Guard mana_remove against double invocation (git-fixes).
* net: mana: hardening: Validate adapter_mtu from MANA_QUERY_DEV_CONFIG (git-
fixes).
* net: mana: hardening: Validate doorbell ID from GDMA_REGISTER_DEVICE
response (git-fixes).
* net: mana: Init gf_stats_work before potential error paths in probe (git-
fixes).
* net: mana: Init link_change_work before potential error paths in probe (git-
fixes).
* net: mana: remove double CQ cleanup in mana_create_rxq error path (git-
fixes).
* net: mana: Set default number of queues to 16 (bsc#1261648).
* net: mana: Skip WQ object destruction for uninitialized RXQ (git-fixes).
* net: mana: Use at least SZ_4K in doorbell ID range check (git-fixes).
* net: mana: Use pci_name() for debugfs directory naming (git-fixes).
* ocfs2: fix possible deadlock between unlink and dio_end_io_write
(bsc#1258718).
* ocfs2: split transactions in dio completion to avoid credit exhaustion
(bsc#1258718).
* PCI: hv: Set default NUMA node to 0 for devices without affinity info (git-
fixes).
* RDMA/mana: Fix error unwind in mana_ib_create_qp_rss() (git-fixes).
* RDMA/mana: Fix mana_destroy_wq_obj() cleanup in mana_ib_create_qp_rss()
(git-fixes).
* RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss()
(git-fixes).
* RDMA/mana: Validate rx_hash_key_len (git-fixes).
* RDMA/mana_ib: cleanup the usage of mana_gd_send_request() (git-fixes).
* RDMA/mana_ib: Disable RX steering on RSS QP destroy (git-fixes).
* RDMA/mana_ib: Support memory windows (git-fixes).
* sched/balancing: Switch the 'DEFINE_SPINLOCK(balancing)' spinlock into an
'atomic_t sched_balance_running' flag (bsc#1253754).
* sched/fair: Change likelyhood of nohz.nr_cpus (bsc#1234634 bsc#1258961).
* sched/fair: Have SD_SERIALIZE affect newidle balancing (bsc#1253754).
* sched/fair: Move checking for nohz cpus after time check (bsc#1234634
bsc#1258961).
* sched/fair: Remove nohz.nr_cpus and use weight of cpumask instead
(bsc#1234634 bsc#1258961).
* sched/fair: Skip sched_balance_running cmpxchg when balance is not due
(bsc#1253754).
* scsi: storvsc: Handle PERSISTENT_RESERVE_IN truncation for Hyper-V vFC (git-
fixes).
* scsi: target: iscsi: validate CHAP_R length before base64 decode
(bsc#1265449).
* tty: tty_io: update timestamps on all device nodes (bsc#1262020).
* virt: tdx-guest: Return error for GetQuote failures (git-fixes).
* workqueue: Break up enum definitions and give names to the types
(bsc#1260522).
* workqueue: Clean up enum work_bits and related constants (bsc#1260522).
* workqueue: Factor out work_grab_pending() from __cancel_work_sync()
(bsc#1260522).
* workqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask()
(bsc#1260522).
* workqueue: Implement disable/enable for (delayed) work items (bsc#1260522).
* workqueue: Introduce work_cancel_flags (bsc#1260522).
* workqueue: Make @flags handling consistent across set_work_data() and
friends (bsc#1260522).
* workqueue: Preserve OFFQ bits in cancel[_sync] paths (bsc#1260522).
* workqueue: Rename __cancel_work_timer() to __cancel_timer_sync()
(bsc#1260522).
* workqueue: Reorganize flush and cancel[_sync] functions (bsc#1260522).
* Xarray: do not return sibling entries from xas_find_marked() (bsc#1263815).

## Special Instructions and Notes:

* Please reboot the system after installing this update.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2195=1

* SUSE Linux Enterprise High Availability Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-2195=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2195=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2195=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2195=1

## Package List:

* openSUSE Leap 15.6 (noarch nosrc)
* kernel-docs-6.4.0-150600.23.112.1
* openSUSE Leap 15.6 (noarch)
* kernel-source-6.4.0-150600.23.112.1
* kernel-source-vanilla-6.4.0-150600.23.112.1
* kernel-macros-6.4.0-150600.23.112.1
* kernel-devel-6.4.0-150600.23.112.1
* kernel-docs-html-6.4.0-150600.23.112.1
* openSUSE Leap 15.6 (nosrc ppc64le x86_64)
* kernel-debug-6.4.0-150600.23.112.1
* openSUSE Leap 15.6 (ppc64le x86_64)
* kernel-debug-devel-debuginfo-6.4.0-150600.23.112.1
* kernel-debug-devel-6.4.0-150600.23.112.1
* kernel-debug-debugsource-6.4.0-150600.23.112.1
* kernel-debug-debuginfo-6.4.0-150600.23.112.1
* openSUSE Leap 15.6 (x86_64)
* kernel-kvmsmall-vdso-6.4.0-150600.23.112.1
* kernel-kvmsmall-vdso-debuginfo-6.4.0-150600.23.112.1
* kernel-debug-vdso-6.4.0-150600.23.112.1
* kernel-default-vdso-6.4.0-150600.23.112.1
* kernel-default-vdso-debuginfo-6.4.0-150600.23.112.1
* kernel-debug-vdso-debuginfo-6.4.0-150600.23.112.1
* openSUSE Leap 15.6 (aarch64 ppc64le x86_64)
* kernel-default-base-rebuild-6.4.0-150600.23.112.1.150600.12.52.1
* kernel-kvmsmall-devel-6.4.0-150600.23.112.1
* kernel-kvmsmall-debuginfo-6.4.0-150600.23.112.1
* kernel-default-base-6.4.0-150600.23.112.1.150600.12.52.1
* kernel-kvmsmall-devel-debuginfo-6.4.0-150600.23.112.1
* kernel-kvmsmall-debugsource-6.4.0-150600.23.112.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-default-livepatch-devel-6.4.0-150600.23.112.1
* kernel-livepatch-6_4_0-150600_23_112-default-1-150600.13.3.1
* kernel-livepatch-SLE15-SP6_Update_26-debugsource-1-150600.13.3.1
* kernel-livepatch-6_4_0-150600_23_112-default-debuginfo-1-150600.13.3.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* kernel-obs-build-debugsource-6.4.0-150600.23.112.1
* kernel-default-debuginfo-6.4.0-150600.23.112.1
* gfs2-kmp-default-debuginfo-6.4.0-150600.23.112.1
* kernel-obs-qa-6.4.0-150600.23.112.1
* cluster-md-kmp-default-6.4.0-150600.23.112.1
* kernel-default-devel-6.4.0-150600.23.112.1
* dlm-kmp-default-debuginfo-6.4.0-150600.23.112.1
* kernel-obs-build-6.4.0-150600.23.112.1
* kernel-default-devel-debuginfo-6.4.0-150600.23.112.1
* kernel-default-optional-debuginfo-6.4.0-150600.23.112.1
* reiserfs-kmp-default-debuginfo-6.4.0-150600.23.112.1
* dlm-kmp-default-6.4.0-150600.23.112.1
* kselftests-kmp-default-6.4.0-150600.23.112.1
* kselftests-kmp-default-debuginfo-6.4.0-150600.23.112.1
* ocfs2-kmp-default-debuginfo-6.4.0-150600.23.112.1
* kernel-default-debugsource-6.4.0-150600.23.112.1
* gfs2-kmp-default-6.4.0-150600.23.112.1
* kernel-default-extra-debuginfo-6.4.0-150600.23.112.1
* ocfs2-kmp-default-6.4.0-150600.23.112.1
* reiserfs-kmp-default-6.4.0-150600.23.112.1
* kernel-default-extra-6.4.0-150600.23.112.1
* kernel-syms-6.4.0-150600.23.112.1
* kernel-default-optional-6.4.0-150600.23.112.1
* kernel-default-livepatch-6.4.0-150600.23.112.1
* cluster-md-kmp-default-debuginfo-6.4.0-150600.23.112.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-6.4.0-150600.23.112.1
* openSUSE Leap 15.6 (nosrc s390x)
* kernel-zfcpdump-6.4.0-150600.23.112.1
* openSUSE Leap 15.6 (s390x)
* kernel-zfcpdump-debugsource-6.4.0-150600.23.112.1
* kernel-zfcpdump-debuginfo-6.4.0-150600.23.112.1
* openSUSE Leap 15.6 (aarch64 nosrc ppc64le x86_64)
* kernel-kvmsmall-6.4.0-150600.23.112.1
* openSUSE Leap 15.6 (nosrc)
* dtb-aarch64-6.4.0-150600.23.112.1
* openSUSE Leap 15.6 (aarch64)
* dtb-apm-6.4.0-150600.23.112.1
* cluster-md-kmp-64kb-debuginfo-6.4.0-150600.23.112.1
* dtb-cavium-6.4.0-150600.23.112.1
* kselftests-kmp-64kb-6.4.0-150600.23.112.1
* dtb-hisilicon-6.4.0-150600.23.112.1
* dtb-marvell-6.4.0-150600.23.112.1
* dtb-mediatek-6.4.0-150600.23.112.1
* dlm-kmp-64kb-debuginfo-6.4.0-150600.23.112.1
* kernel-64kb-extra-debuginfo-6.4.0-150600.23.112.1
* cluster-md-kmp-64kb-6.4.0-150600.23.112.1
* dtb-allwinner-6.4.0-150600.23.112.1
* ocfs2-kmp-64kb-6.4.0-150600.23.112.1
* gfs2-kmp-64kb-debuginfo-6.4.0-150600.23.112.1
* dtb-altera-6.4.0-150600.23.112.1
* kernel-64kb-optional-debuginfo-6.4.0-150600.23.112.1
* dtb-xilinx-6.4.0-150600.23.112.1
* kernel-64kb-debugsource-6.4.0-150600.23.112.1
* dtb-nvidia-6.4.0-150600.23.112.1
* gfs2-kmp-64kb-6.4.0-150600.23.112.1
* dtb-freescale-6.4.0-150600.23.112.1
* dtb-sprd-6.4.0-150600.23.112.1
* dtb-lg-6.4.0-150600.23.112.1
* dtb-rockchip-6.4.0-150600.23.112.1
* kernel-64kb-devel-6.4.0-150600.23.112.1
* dtb-socionext-6.4.0-150600.23.112.1
* dtb-apple-6.4.0-150600.23.112.1
* kernel-64kb-optional-6.4.0-150600.23.112.1
* dlm-kmp-64kb-6.4.0-150600.23.112.1
* reiserfs-kmp-64kb-debuginfo-6.4.0-150600.23.112.1
* dtb-amlogic-6.4.0-150600.23.112.1
* reiserfs-kmp-64kb-6.4.0-150600.23.112.1
* ocfs2-kmp-64kb-debuginfo-6.4.0-150600.23.112.1
* dtb-amazon-6.4.0-150600.23.112.1
* dtb-arm-6.4.0-150600.23.112.1
* kselftests-kmp-64kb-debuginfo-6.4.0-150600.23.112.1
* dtb-exynos-6.4.0-150600.23.112.1
* dtb-amd-6.4.0-150600.23.112.1
* kernel-64kb-devel-debuginfo-6.4.0-150600.23.112.1
* kernel-64kb-debuginfo-6.4.0-150600.23.112.1
* dtb-qcom-6.4.0-150600.23.112.1
* dtb-broadcom-6.4.0-150600.23.112.1
* kernel-64kb-extra-6.4.0-150600.23.112.1
* dtb-renesas-6.4.0-150600.23.112.1
* openSUSE Leap 15.6 (aarch64 nosrc)
* kernel-64kb-6.4.0-150600.23.112.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (nosrc)
* kernel-default-6.4.0-150600.23.112.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le
s390x x86_64)
* kernel-default-debuginfo-6.4.0-150600.23.112.1
* kernel-default-debugsource-6.4.0-150600.23.112.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* kernel-default-debuginfo-6.4.0-150600.23.112.1
* kernel-obs-build-debugsource-6.4.0-150600.23.112.1
* ocfs2-kmp-default-debuginfo-6.4.0-150600.23.112.1
* gfs2-kmp-default-debuginfo-6.4.0-150600.23.112.1
* reiserfs-kmp-default-debuginfo-6.4.0-150600.23.112.1
* dlm-kmp-default-6.4.0-150600.23.112.1
* kernel-default-debugsource-6.4.0-150600.23.112.1
* kernel-syms-6.4.0-150600.23.112.1
* gfs2-kmp-default-6.4.0-150600.23.112.1
* cluster-md-kmp-default-6.4.0-150600.23.112.1
* cluster-md-kmp-default-debuginfo-6.4.0-150600.23.112.1
* kernel-default-devel-6.4.0-150600.23.112.1
* reiserfs-kmp-default-6.4.0-150600.23.112.1
* ocfs2-kmp-default-6.4.0-150600.23.112.1
* dlm-kmp-default-debuginfo-6.4.0-150600.23.112.1
* kernel-obs-build-6.4.0-150600.23.112.1
* kernel-default-devel-debuginfo-6.4.0-150600.23.112.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 nosrc)
* kernel-64kb-6.4.0-150600.23.112.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64)
* kernel-64kb-debuginfo-6.4.0-150600.23.112.1
* kernel-64kb-devel-6.4.0-150600.23.112.1
* kernel-64kb-devel-debuginfo-6.4.0-150600.23.112.1
* kernel-64kb-debugsource-6.4.0-150600.23.112.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64
nosrc)
* kernel-default-6.4.0-150600.23.112.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le x86_64)
* kernel-default-base-6.4.0-150600.23.112.1.150600.12.52.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* kernel-source-6.4.0-150600.23.112.1
* kernel-devel-6.4.0-150600.23.112.1
* kernel-macros-6.4.0-150600.23.112.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch nosrc)
* kernel-docs-6.4.0-150600.23.112.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (nosrc s390x)
* kernel-zfcpdump-6.4.0-150600.23.112.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (s390x)
* kernel-zfcpdump-debugsource-6.4.0-150600.23.112.1
* kernel-zfcpdump-debuginfo-6.4.0-150600.23.112.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* kernel-default-debuginfo-6.4.0-150600.23.112.1
* kernel-obs-build-debugsource-6.4.0-150600.23.112.1
* ocfs2-kmp-default-debuginfo-6.4.0-150600.23.112.1
* gfs2-kmp-default-debuginfo-6.4.0-150600.23.112.1
* reiserfs-kmp-default-debuginfo-6.4.0-150600.23.112.1
* dlm-kmp-default-6.4.0-150600.23.112.1
* kernel-default-debugsource-6.4.0-150600.23.112.1
* kernel-syms-6.4.0-150600.23.112.1
* gfs2-kmp-default-6.4.0-150600.23.112.1
* cluster-md-kmp-default-6.4.0-150600.23.112.1
* cluster-md-kmp-default-debuginfo-6.4.0-150600.23.112.1
* kernel-default-devel-6.4.0-150600.23.112.1
* kernel-default-base-6.4.0-150600.23.112.1.150600.12.52.1
* reiserfs-kmp-default-6.4.0-150600.23.112.1
* ocfs2-kmp-default-6.4.0-150600.23.112.1
* dlm-kmp-default-debuginfo-6.4.0-150600.23.112.1
* kernel-obs-build-6.4.0-150600.23.112.1
* kernel-default-devel-debuginfo-6.4.0-150600.23.112.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (nosrc ppc64le
x86_64)
* kernel-default-6.4.0-150600.23.112.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* kernel-source-6.4.0-150600.23.112.1
* kernel-devel-6.4.0-150600.23.112.1
* kernel-macros-6.4.0-150600.23.112.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch nosrc)
* kernel-docs-6.4.0-150600.23.112.1
* SUSE Linux Enterprise Live Patching 15-SP6 (nosrc)
* kernel-default-6.4.0-150600.23.112.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-default-debuginfo-6.4.0-150600.23.112.1
* kernel-default-debugsource-6.4.0-150600.23.112.1
* kernel-livepatch-6_4_0-150600_23_112-default-1-150600.13.3.1
* kernel-livepatch-SLE15-SP6_Update_26-debugsource-1-150600.13.3.1
* kernel-default-livepatch-6.4.0-150600.23.112.1
* kernel-livepatch-6_4_0-150600_23_112-default-debuginfo-1-150600.13.3.1
* kernel-default-livepatch-devel-6.4.0-150600.23.112.1

## References:

* https://www.suse.com/security/cve/CVE-2023-2058.html
* https://www.suse.com/security/cve/CVE-2025-54518.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://www.suse.com/security/cve/CVE-2026-23239.html
* https://www.suse.com/security/cve/CVE-2026-23240.html
* https://www.suse.com/security/cve/CVE-2026-23268.html
* https://www.suse.com/security/cve/CVE-2026-23269.html
* https://www.suse.com/security/cve/CVE-2026-23271.html
* https://www.suse.com/security/cve/CVE-2026-23273.html
* https://www.suse.com/security/cve/CVE-2026-23351.html
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-23403.html
* https://www.suse.com/security/cve/CVE-2026-23404.html
* https://www.suse.com/security/cve/CVE-2026-23405.html
* https://www.suse.com/security/cve/CVE-2026-23406.html
* https://www.suse.com/security/cve/CVE-2026-23407.html
* https://www.suse.com/security/cve/CVE-2026-23408.html
* https://www.suse.com/security/cve/CVE-2026-23409.html
* https://www.suse.com/security/cve/CVE-2026-23410.html
* https://www.suse.com/security/cve/CVE-2026-23411.html
* https://www.suse.com/security/cve/CVE-2026-23449.html
* https://www.suse.com/security/cve/CVE-2026-23450.html
* https://www.suse.com/security/cve/CVE-2026-23458.html
* https://www.suse.com/security/cve/CVE-2026-23461.html
* https://www.suse.com/security/cve/CVE-2026-23462.html
* https://www.suse.com/security/cve/CVE-2026-31402.html
* https://www.suse.com/security/cve/CVE-2026-31403.html
* https://www.suse.com/security/cve/CVE-2026-31408.html
* https://www.suse.com/security/cve/CVE-2026-31436.html
* https://www.suse.com/security/cve/CVE-2026-31470.html
* https://www.suse.com/security/cve/CVE-2026-31504.html
* https://www.suse.com/security/cve/CVE-2026-31505.html
* https://www.suse.com/security/cve/CVE-2026-31507.html
* https://www.suse.com/security/cve/CVE-2026-31512.html
* https://www.suse.com/security/cve/CVE-2026-31528.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31588.html
* https://www.suse.com/security/cve/CVE-2026-31602.html
* https://www.suse.com/security/cve/CVE-2026-31607.html
* https://www.suse.com/security/cve/CVE-2026-31622.html
* https://www.suse.com/security/cve/CVE-2026-31649.html
* https://www.suse.com/security/cve/CVE-2026-31656.html
* https://www.suse.com/security/cve/CVE-2026-31662.html
* https://www.suse.com/security/cve/CVE-2026-31669.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31694.html
* https://www.suse.com/security/cve/CVE-2026-31700.html
* https://www.suse.com/security/cve/CVE-2026-31738.html
* https://www.suse.com/security/cve/CVE-2026-31787.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43038.html
* https://www.suse.com/security/cve/CVE-2026-43044.html
* https://www.suse.com/security/cve/CVE-2026-43050.html
* https://www.suse.com/security/cve/CVE-2026-43110.html
* https://www.suse.com/security/cve/CVE-2026-43120.html
* https://www.suse.com/security/cve/CVE-2026-43126.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43214.html
* https://www.suse.com/security/cve/CVE-2026-43329.html
* https://www.suse.com/security/cve/CVE-2026-43330.html
* https://www.suse.com/security/cve/CVE-2026-43334.html
* https://www.suse.com/security/cve/CVE-2026-43365.html
* https://www.suse.com/security/cve/CVE-2026-43366.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234634
* https://bugzilla.suse.com/show_bug.cgi?id=1243603
* https://bugzilla.suse.com/show_bug.cgi?id=1248754
* https://bugzilla.suse.com/show_bug.cgi?id=1253754
* https://bugzilla.suse.com/show_bug.cgi?id=1258518
* https://bugzilla.suse.com/show_bug.cgi?id=1258718
* https://bugzilla.suse.com/show_bug.cgi?id=1258849
* https://bugzilla.suse.com/show_bug.cgi?id=1258850
* https://bugzilla.suse.com/show_bug.cgi?id=1258854
* https://bugzilla.suse.com/show_bug.cgi?id=1258855
* https://bugzilla.suse.com/show_bug.cgi?id=1258856
* https://bugzilla.suse.com/show_bug.cgi?id=1258857
* https://bugzilla.suse.com/show_bug.cgi?id=1258961
* https://bugzilla.suse.com/show_bug.cgi?id=1259484
* https://bugzilla.suse.com/show_bug.cgi?id=1259485
* https://bugzilla.suse.com/show_bug.cgi?id=1259857
* https://bugzilla.suse.com/show_bug.cgi?id=1260010
* https://bugzilla.suse.com/show_bug.cgi?id=1260018
* https://bugzilla.suse.com/show_bug.cgi?id=1260522
* https://bugzilla.suse.com/show_bug.cgi?id=1260526
* https://bugzilla.suse.com/show_bug.cgi?id=1261287
* https://bugzilla.suse.com/show_bug.cgi?id=1261295
* https://bugzilla.suse.com/show_bug.cgi?id=1261584
* https://bugzilla.suse.com/show_bug.cgi?id=1261638
* https://bugzilla.suse.com/show_bug.cgi?id=1261648
* https://bugzilla.suse.com/show_bug.cgi?id=1261707
* https://bugzilla.suse.com/show_bug.cgi?id=1261710
* https://bugzilla.suse.com/show_bug.cgi?id=1261779
* https://bugzilla.suse.com/show_bug.cgi?id=1261781
* https://bugzilla.suse.com/show_bug.cgi?id=1261796
* https://bugzilla.suse.com/show_bug.cgi?id=1261797
* https://bugzilla.suse.com/show_bug.cgi?id=1262020
* https://bugzilla.suse.com/show_bug.cgi?id=1262179
* https://bugzilla.suse.com/show_bug.cgi?id=1262181
* https://bugzilla.suse.com/show_bug.cgi?id=1262602
* https://bugzilla.suse.com/show_bug.cgi?id=1262665
* https://bugzilla.suse.com/show_bug.cgi?id=1262734
* https://bugzilla.suse.com/show_bug.cgi?id=1262758
* https://bugzilla.suse.com/show_bug.cgi?id=1263001
* https://bugzilla.suse.com/show_bug.cgi?id=1263065
* https://bugzilla.suse.com/show_bug.cgi?id=1263085
* https://bugzilla.suse.com/show_bug.cgi?id=1263093
* https://bugzilla.suse.com/show_bug.cgi?id=1263095
* https://bugzilla.suse.com/show_bug.cgi?id=1263131
* https://bugzilla.suse.com/show_bug.cgi?id=1263141
* https://bugzilla.suse.com/show_bug.cgi?id=1263165
* https://bugzilla.suse.com/show_bug.cgi?id=1263170
* https://bugzilla.suse.com/show_bug.cgi?id=1263176
* https://bugzilla.suse.com/show_bug.cgi?id=1263582
* https://bugzilla.suse.com/show_bug.cgi?id=1263600
* https://bugzilla.suse.com/show_bug.cgi?id=1263668
* https://bugzilla.suse.com/show_bug.cgi?id=1263723
* https://bugzilla.suse.com/show_bug.cgi?id=1263797
* https://bugzilla.suse.com/show_bug.cgi?id=1263815
* https://bugzilla.suse.com/show_bug.cgi?id=1263882
* https://bugzilla.suse.com/show_bug.cgi?id=1263901
* https://bugzilla.suse.com/show_bug.cgi?id=1263931
* https://bugzilla.suse.com/show_bug.cgi?id=1263933
* https://bugzilla.suse.com/show_bug.cgi?id=1264013
* https://bugzilla.suse.com/show_bug.cgi?id=1264059
* https://bugzilla.suse.com/show_bug.cgi?id=1264082
* https://bugzilla.suse.com/show_bug.cgi?id=1264087
* https://bugzilla.suse.com/show_bug.cgi?id=1264097
* https://bugzilla.suse.com/show_bug.cgi?id=1264482
* https://bugzilla.suse.com/show_bug.cgi?id=1264634
* https://bugzilla.suse.com/show_bug.cgi?id=1264651
* https://bugzilla.suse.com/show_bug.cgi?id=1264801
* https://bugzilla.suse.com/show_bug.cgi?id=1264848
* https://bugzilla.suse.com/show_bug.cgi?id=1265085
* https://bugzilla.suse.com/show_bug.cgi?id=1265090
* https://bugzilla.suse.com/show_bug.cgi?id=1265116
* https://bugzilla.suse.com/show_bug.cgi?id=1265119
* https://bugzilla.suse.com/show_bug.cgi?id=1265126
* https://bugzilla.suse.com/show_bug.cgi?id=1265421
* https://bugzilla.suse.com/show_bug.cgi?id=1265449
* https://bugzilla.suse.com/show_bug.cgi?id=1265456
* https://bugzilla.suse.com/show_bug.cgi?id=1265626
* https://bugzilla.suse.com/show_bug.cgi?id=1265846
* https://jira.suse.com/browse/PED-7249

SUSE-SU-2026:2197-1: important: Security update for strongswan

# Security update for strongswan

Announcement ID: SUSE-SU-2026:2197-1
Release Date: 2026-06-01T07:45:03Z
Rating: important
References:

* bsc#1261705
* bsc#1261706
* bsc#1261708
* bsc#1261712
* bsc#1261717
* bsc#1261720

Cross-References:

* CVE-2026-35328
* CVE-2026-35329
* CVE-2026-35330
* CVE-2026-35332
* CVE-2026-35333
* CVE-2026-35334

CVSS scores:

* CVE-2026-35328 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-35328 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-35329 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-35329 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-35330 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-35330 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-35332 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-35332 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-35333 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-35333 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-35334 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-35334 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves six vulnerabilities can now be installed.

## Description:

This update for strongswan fixes the following issues:

* CVE-2026-35328: infinite loop when handling supported versions TLS extension
(bsc#1261712).
* CVE-2026-35329: null pointer dereference when processing padding in PKCS#7
(bsc#1261717).
* CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes
(bsc#1261705).
* CVE-2026-35332: null pointer dereference when handling ECDH public value in
TLS (bsc#1261708).
* CVE-2026-35333: integer underflow when handling RADIUS attributes
(bsc#1261706).
* CVE-2026-35334: null pointer dereference in RSA decryption (bsc#1261720).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2197=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2197=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2197=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* strongswan-debuginfo-5.9.12-150600.3.16.1
* strongswan-mysql-debuginfo-5.9.12-150600.3.16.1
* strongswan-ipsec-5.9.12-150600.3.16.1
* strongswan-5.9.12-150600.3.16.1
* strongswan-sqlite-debuginfo-5.9.12-150600.3.16.1
* strongswan-hmac-5.9.12-150600.3.16.1
* strongswan-libs0-5.9.12-150600.3.16.1
* strongswan-libs0-debuginfo-5.9.12-150600.3.16.1
* strongswan-ipsec-debuginfo-5.9.12-150600.3.16.1
* strongswan-sqlite-5.9.12-150600.3.16.1
* strongswan-nm-5.9.12-150600.3.16.1
* strongswan-nm-debuginfo-5.9.12-150600.3.16.1
* strongswan-debugsource-5.9.12-150600.3.16.1
* strongswan-mysql-5.9.12-150600.3.16.1
* openSUSE Leap 15.6 (noarch)
* strongswan-doc-5.9.12-150600.3.16.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* strongswan-debuginfo-5.9.12-150600.3.16.1
* strongswan-ipsec-5.9.12-150600.3.16.1
* strongswan-5.9.12-150600.3.16.1
* strongswan-hmac-5.9.12-150600.3.16.1
* strongswan-libs0-5.9.12-150600.3.16.1
* strongswan-libs0-debuginfo-5.9.12-150600.3.16.1
* strongswan-ipsec-debuginfo-5.9.12-150600.3.16.1
* strongswan-debugsource-5.9.12-150600.3.16.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* strongswan-doc-5.9.12-150600.3.16.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* strongswan-debuginfo-5.9.12-150600.3.16.1
* strongswan-ipsec-5.9.12-150600.3.16.1
* strongswan-5.9.12-150600.3.16.1
* strongswan-hmac-5.9.12-150600.3.16.1
* strongswan-libs0-5.9.12-150600.3.16.1
* strongswan-libs0-debuginfo-5.9.12-150600.3.16.1
* strongswan-ipsec-debuginfo-5.9.12-150600.3.16.1
* strongswan-debugsource-5.9.12-150600.3.16.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* strongswan-doc-5.9.12-150600.3.16.1

## References:

* https://www.suse.com/security/cve/CVE-2026-35328.html
* https://www.suse.com/security/cve/CVE-2026-35329.html
* https://www.suse.com/security/cve/CVE-2026-35330.html
* https://www.suse.com/security/cve/CVE-2026-35332.html
* https://www.suse.com/security/cve/CVE-2026-35333.html
* https://www.suse.com/security/cve/CVE-2026-35334.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261705
* https://bugzilla.suse.com/show_bug.cgi?id=1261706
* https://bugzilla.suse.com/show_bug.cgi?id=1261708
* https://bugzilla.suse.com/show_bug.cgi?id=1261712
* https://bugzilla.suse.com/show_bug.cgi?id=1261717
* https://bugzilla.suse.com/show_bug.cgi?id=1261720

SUSE-SU-2026:2191-1: important: Security update for the Linux Kernel (Live Patch 51 for SUSE Linux Enterprise 15 SP4)

# Security update for the Linux Kernel (Live Patch 51 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:2191-1
Release Date: 2026-06-01T06:36:48Z
Rating: important
References:

* bsc#1264096
* bsc#1265224
* bsc#1265384

Cross-References:

* CVE-2025-54518
* CVE-2026-46300
* CVE-2026-46333

CVSS scores:

* CVE-2025-54518 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-54518 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-54518 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-46300 ( SUSE ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46300 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46333 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.205 fixes
various security issues

The following security issues were fixed:

* CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
* CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit
(bsc#1265224).
* CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2191=1 SUSE-2026-2190=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2191=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2026-2190=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_200-default-debuginfo-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_51-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_200-default-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_50-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_205-default-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_205-default-debuginfo-3-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_200-default-debuginfo-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_51-debugsource-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_200-default-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_50-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_205-default-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_205-default-debuginfo-3-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-54518.html
* https://www.suse.com/security/cve/CVE-2026-46300.html
* https://www.suse.com/security/cve/CVE-2026-46333.html
* https://bugzilla.suse.com/show_bug.cgi?id=1264096
* https://bugzilla.suse.com/show_bug.cgi?id=1265224
* https://bugzilla.suse.com/show_bug.cgi?id=1265384

SUSE-SU-2026:2207-1: important: Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise 15 SP7)

# Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise
15 SP7)

Announcement ID: SUSE-SU-2026:2207-1
Release Date: 2026-06-01T15:33:50Z
Rating: important
References:

* bsc#1264096
* bsc#1265224
* bsc#1265384

Cross-References:

* CVE-2025-54518
* CVE-2026-46300
* CVE-2026-46333

CVSS scores:

* CVE-2025-54518 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-54518 ( SUSE ): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-54518 ( NVD ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-46300 ( SUSE ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46300 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46300 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46333 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46333 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise Live Patching 12-SP5
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves three vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.45 fixes
various security issues

The following security issues were fixed:

* CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
* CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit
(bsc#1265224).
* CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 12-SP5
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2026-2207=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2208=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2208=1

* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-2210=1 SUSE-SLE-
Module-Live-Patching-15-SP7-2026-2209=1

## Package List:

* SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64)
* kgraft-patch-4_12_14-122_299-default-4-2.1
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_24-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_103-default-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_103-default-debuginfo-2-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_24-debugsource-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_103-default-2-150600.2.1
* kernel-livepatch-6_4_0-150600_23_103-default-debuginfo-2-150600.2.1
* SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150700_53_45-default-2-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_12-debugsource-3-150700.2.1
* kernel-livepatch-6_4_0-150700_53_40-default-3-150700.2.1
* kernel-livepatch-6_4_0-150700_53_40-default-debuginfo-3-150700.2.1
* kernel-livepatch-6_4_0-150700_53_45-default-debuginfo-2-150700.2.1
* kernel-livepatch-SLE15-SP7_Update_13-debugsource-2-150700.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-54518.html
* https://www.suse.com/security/cve/CVE-2026-46300.html
* https://www.suse.com/security/cve/CVE-2026-46333.html
* https://bugzilla.suse.com/show_bug.cgi?id=1264096
* https://bugzilla.suse.com/show_bug.cgi?id=1265224
* https://bugzilla.suse.com/show_bug.cgi?id=1265384

openSUSE-SU-2026:0181-1: critical: Security update for re

openSUSE Security Update: Security update for re
_______________________________

Announcement ID: openSUSE-SU-2026:0181-1
Rating: critical
References:
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that contains security fixes can now be installed.

Description:

This update for re fixes the following issues:

* Fixed integer overflow in websock_decode() masked frame length check
leads to heap buffer overflow.
* Fix DTLS single_conn mode lacks peer address validation, allowing
connection hijacking and DoS #3705.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-181=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

libre16-3.4.0-bp157.2.3.1
re-devel-3.4.0-bp157.2.3.1

References: