Critical Patches for Linux Kernel, Samba, GnuTLS, PostgreSQL, and Vim for SUSE Linux

SUSE 5662 Published by

SUSE rolled out a massive wave of security advisories to patch dozens of critical flaws across their Linux distributions. The kernel update dominates this release by fixing more than two hundred distinct issues that span memory corruption bugs, network stack race conditions, and hardware virtualization gaps. Enterprise applications including Samba, GnuTLS, PostgreSQL, and Vim also received urgent corrections for remote code execution risks alongside several authentication bypass vulnerabilities. System administrators need to deploy these patches right away using standard zypper commands or the YaST interface before attackers can exploit the unmitigated weaknesses in live environments.

SUSE-SU-2026:2105-1: moderate: Security update for xdg-desktop-portal
SUSE-SU-2026:2108-1: critical: Security update for samba
SUSE-SU-2026:2107-1: important: Security update for podman
SUSE-SU-2026:2115-1: important: Security update for gnutls
SUSE-SU-2026:2116-1: moderate: Security update for csync2
SUSE-SU-2026:2119-1: important: Security update for python-urllib3
SUSE-SU-2026:2121-1: moderate: Security update for frr
SUSE-SU-2026:2117-1: important: Security update for postgresql14
openSUSE-SU-2026:0179-1: important: Security update for chromium
openSUSE-SU-2026:20827-1: important: Security update for python-mistune
openSUSE-SU-2026:20826-1: important: Security update for the Linux Kernel
openSUSE-SU-2026:20839-1: important: Security update for python-pytest-html
openSUSE-SU-2026:20833-1: important: Security update for trivy
openSUSE-SU-2026:20831-1: important: Security update for python-Pillow
openSUSE-SU-2026:20834-1: important: Security update for apptainer
openSUSE-SU-2026:20828-1: important: Security update for vim
openSUSE-SU-2026:20838-1: important: Security update for hauler
openSUSE-SU-2026:20821-1: moderate: Security update for localsearch
openSUSE-SU-2026:10874-1: moderate: bind-9.20.23-1.1 on GA media
openSUSE-SU-2026:10878-1: moderate: gdk-pixbuf-loader-libheif-1.22.2-1.1 on GA media
openSUSE-SU-2026:10879-1: moderate: libredwg-devel-0.13.4.8200-1.1 on GA media
openSUSE-SU-2026:10876-1: moderate: helm-4.2.0-3.1 on GA media
openSUSE-SU-2026:10875-1: moderate: hauler-1.4.3-4.1 on GA media
openSUSE-SU-2026:10873-1: moderate: azure-storage-azcopy-10.32.4-1.1 on GA media
openSUSE-SU-2026:10872-1: moderate: amazon-ssm-agent-3.3.4515.0-1.1 on GA media
openSUSE-SU-2026:10877-1: moderate: helm3-3.21.0-2.1 on GA media
openSUSE-SU-2026:10871-1: moderate: amazon-ecs-init-1.103.2-1.1 on GA media




SUSE-SU-2026:2105-1: moderate: Security update for xdg-desktop-portal


# Security update for xdg-desktop-portal

Announcement ID: SUSE-SU-2026:2105-1
Release Date: 2026-05-28T16:04:00Z
Rating: moderate
References:

* bsc#1262045

Cross-References:

* CVE-2026-40354

CVSS scores:

* CVE-2026-40354 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2026-40354 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-40354 ( NVD ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Affected Products:

* openSUSE Leap 15.4

An update that solves one vulnerability can now be installed.

## Description:

This update for xdg-desktop-portal fixes the following issue:

* CVE-2026-40354: File deletion via symlink attack (bsc#1262045).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2105=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* xdg-desktop-portal-1.10.1-150400.3.11.1
* xdg-desktop-portal-debugsource-1.10.1-150400.3.11.1
* xdg-desktop-portal-debuginfo-1.10.1-150400.3.11.1
* xdg-desktop-portal-devel-1.10.1-150400.3.11.1
* openSUSE Leap 15.4 (noarch)
* xdg-desktop-portal-lang-1.10.1-150400.3.11.1

## References:

* https://www.suse.com/security/cve/CVE-2026-40354.html
* https://bugzilla.suse.com/show_bug.cgi?id=1262045



SUSE-SU-2026:2108-1: critical: Security update for samba


# Security update for samba

Announcement ID: SUSE-SU-2026:2108-1
Release Date: 2026-05-29T07:20:16Z
Rating: critical
References:

* bsc#1252963
* bsc#1261158
* bsc#1261160
* bsc#1261161
* bsc#1261163

Cross-References:

* CVE-2026-2340
* CVE-2026-3238
* CVE-2026-4408
* CVE-2026-4480

CVSS scores:

* CVE-2026-2340 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-2340 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-2340 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-3238 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4408 ( SUSE ): 9.4
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-4408 ( SUSE ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-4408 ( NVD ): 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-4480 ( SUSE ): 10.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-4480 ( SUSE ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-4480 ( NVD ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves four vulnerabilities and has one security fix can now be
installed.

## Description:

This update for samba fixes the following issues

* CVE-2026-2340: vfs_worm does not block directory modification (bsc#1261158).
* CVE-2026-3238: unauthenticated udp packet crashes AD DC nbt server
(bsc#1261160).
* CVE-2026-4408: Remote Code Execution in SAMR (bsc#1261163).
* CVE-2026-4480: Unauthenticated Remote Code Execution (bsc#1261161).

Non security issues:

* Fix pthreadpool_tevent race conditions accessing both
pthreadpool_tevent.jobs list and pthreadpool_tevent.glue_list (bsc#1252963)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2108=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2108=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2108=1

* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-2108=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2108=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2108=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2108=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2108=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2108=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2108=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* samba-dsdb-modules-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-test-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* ctdb-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* ctdb-pcp-pmda-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* ctdb-pcp-pmda-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debugsource-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-devel-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ldb-ldap-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy0-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ldb-ldap-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-python3-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-test-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-python3-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy-devel-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy-python3-devel-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy0-python3-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* ctdb-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-tool-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-dsdb-modules-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-gpupdate-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* openSUSE Leap 15.4 (x86_64)
* samba-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy0-python3-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-python3-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy0-python3-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-devel-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-python3-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* openSUSE Leap 15.4 (aarch64 x86_64)
* samba-ceph-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ceph-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* openSUSE Leap 15.4 (noarch)
* samba-doc-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* samba-devel-64bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy0-python3-64bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-python3-64bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-python3-64bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-64bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-64bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-64bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-64bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-64bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-64bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy0-python3-64bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-64bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-64bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-64bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-64bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* samba-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debugsource-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* samba-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debugsource-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* ctdb-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* ctdb-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debugsource-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* samba-dsdb-modules-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debugsource-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-devel-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ldb-ldap-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy0-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ldb-ldap-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-python3-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-python3-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ceph-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy-python3-devel-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy-devel-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy0-python3-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ceph-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-tool-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-dsdb-modules-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-gpupdate-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* samba-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-devel-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* samba-dsdb-modules-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debugsource-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-devel-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ldb-ldap-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy0-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ldb-ldap-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-python3-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-python3-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ceph-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy-python3-devel-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy-devel-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy0-python3-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ceph-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-tool-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-dsdb-modules-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-gpupdate-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* samba-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-devel-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* samba-dsdb-modules-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debugsource-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-devel-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ldb-ldap-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy0-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ldb-ldap-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-python3-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-python3-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy-python3-devel-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy-devel-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy0-python3-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-tool-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-dsdb-modules-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-gpupdate-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 x86_64)
* samba-ceph-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ceph-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
* samba-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-devel-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* samba-dsdb-modules-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debugsource-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-devel-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ldb-ldap-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy0-python3-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ldb-ldap-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-python3-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-python3-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy-python3-devel-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy-devel-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* libsamba-policy0-python3-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-tool-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-dsdb-modules-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-gpupdate-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* samba-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ceph-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ceph-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-32bit-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-devel-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-winbind-libs-32bit-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* samba-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debugsource-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* samba-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-client-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debugsource-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-debuginfo-4.15.13+git.780.d2f53cbcded-150400.3.49.1
* samba-libs-4.15.13+git.780.d2f53cbcded-150400.3.49.1

## References:

* https://www.suse.com/security/cve/CVE-2026-2340.html
* https://www.suse.com/security/cve/CVE-2026-3238.html
* https://www.suse.com/security/cve/CVE-2026-4408.html
* https://www.suse.com/security/cve/CVE-2026-4480.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252963
* https://bugzilla.suse.com/show_bug.cgi?id=1261158
* https://bugzilla.suse.com/show_bug.cgi?id=1261160
* https://bugzilla.suse.com/show_bug.cgi?id=1261161
* https://bugzilla.suse.com/show_bug.cgi?id=1261163



SUSE-SU-2026:2107-1: important: Security update for podman


# Security update for podman

Announcement ID: SUSE-SU-2026:2107-1
Release Date: 2026-05-29T02:54:20Z
Rating: important
References:

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that can now be installed.

## Description:

This update for podman rebuilds it against the current go security release.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2107=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2107=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2107=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2107=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2107=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2107=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2107=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2107=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2107=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* podman-debuginfo-4.9.5-150400.4.69.1
* podman-4.9.5-150400.4.69.1
* podman-remote-4.9.5-150400.4.69.1
* podmansh-4.9.5-150400.4.69.1
* podman-remote-debuginfo-4.9.5-150400.4.69.1
* openSUSE Leap 15.4 (noarch)
* podman-docker-4.9.5-150400.4.69.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.69.1
* podman-remote-4.9.5-150400.4.69.1
* podman-4.9.5-150400.4.69.1
* podman-remote-debuginfo-4.9.5-150400.4.69.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* podman-docker-4.9.5-150400.4.69.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* podman-debuginfo-4.9.5-150400.4.69.1
* podman-remote-4.9.5-150400.4.69.1
* podman-4.9.5-150400.4.69.1
* podman-remote-debuginfo-4.9.5-150400.4.69.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.69.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.69.1
* podman-remote-4.9.5-150400.4.69.1
* podman-4.9.5-150400.4.69.1
* podman-remote-debuginfo-4.9.5-150400.4.69.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.69.1
* podman-remote-4.9.5-150400.4.69.1
* podman-4.9.5-150400.4.69.1
* podman-remote-debuginfo-4.9.5-150400.4.69.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.69.1
* podman-remote-4.9.5-150400.4.69.1
* podman-4.9.5-150400.4.69.1
* podman-remote-debuginfo-4.9.5-150400.4.69.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* podman-debuginfo-4.9.5-150400.4.69.1
* podman-remote-4.9.5-150400.4.69.1
* podman-4.9.5-150400.4.69.1
* podman-remote-debuginfo-4.9.5-150400.4.69.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* podman-debuginfo-4.9.5-150400.4.69.1
* podman-remote-4.9.5-150400.4.69.1
* podman-4.9.5-150400.4.69.1
* podman-remote-debuginfo-4.9.5-150400.4.69.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.69.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* podman-debuginfo-4.9.5-150400.4.69.1
* podman-remote-4.9.5-150400.4.69.1
* podman-4.9.5-150400.4.69.1
* podman-remote-debuginfo-4.9.5-150400.4.69.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* podman-docker-4.9.5-150400.4.69.1



SUSE-SU-2026:2115-1: important: Security update for gnutls


# Security update for gnutls

Announcement ID: SUSE-SU-2026:2115-1
Release Date: 2026-05-29T15:27:37Z
Rating: important
References:

* bsc#1263704
* bsc#1263705
* bsc#1263707
* bsc#1263708
* bsc#1263709
* bsc#1263710
* bsc#1263711
* bsc#1263712
* bsc#1263713
* bsc#1263714
* bsc#1263715
* bsc#1263716

Cross-References:

* CVE-2026-33845
* CVE-2026-33846
* CVE-2026-3833
* CVE-2026-42009
* CVE-2026-42010
* CVE-2026-42011
* CVE-2026-42012
* CVE-2026-42013
* CVE-2026-42014
* CVE-2026-42015
* CVE-2026-5260
* CVE-2026-5419

CVSS scores:

* CVE-2026-33845 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33845 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-33845 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33845 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-33846 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-33846 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33846 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-3833 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-3833 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-3833 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-3833 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42009 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42009 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42009 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42010 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42010 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
* CVE-2026-42010 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
* CVE-2026-42010 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-42011 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42011 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-42011 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42012 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
* CVE-2026-42013 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-42013 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-42013 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-42014 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-42014 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-42015 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42015 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
* CVE-2026-42015 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-5260 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-5260 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-5260 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-5419 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-5419 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves 12 vulnerabilities can now be installed.

## Description:

This update for gnutls fixes the following issues

* CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive
(bsc#1263707).
* CVE-2026-5260: lib/pkcs11_privkey: guard against overreading on short
ciphertexts (bsc#1263715).
* CVE-2026-5419: gnutls_cipher_decrypt3: make PKCS#7 unpadding branch free
(bsc#1263716).
* CVE-2026-33845: buffers: switch from end_offset over to frag_length
(bsc#1263704).
* CVE-2026-33846: buffers: add more checks to DTLS reassembly (bsc#1263705).
* CVE-2026-42009: lib/buffers: ensure packets have differing sequence numbers
(bsc#1263708).
* CVE-2026-42010: lib/auth/rsa_psk: fix binary PSK identity lookup
(bsc#1263709).
* CVE-2026-42011: x509/name_constraints: fix intersecting empty constraints
(bsc#1263710).
* CVE-2026-42012: x509/hostname-verify: make URI/SRV SAN preclude CN fallback
(bsc#1263711).
* CVE-2026-42013: x509: prevent fallback on oversized SAN (bsc#1263712).
* CVE-2026-42014: pkcs11_write: fix UAF and leak in
gnutls_pkcs11_token_set_pin (bsc#1263713).
* CVE-2026-42015: x509/pkcs12_bag: fix off-by-one in bag element bounds chec
(bsc#1263714).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2115=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2115=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2115=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2115=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libgnutlsxx30-debuginfo-3.8.3-150600.4.20.1
* gnutls-debugsource-3.8.3-150600.4.20.1
* libgnutls30-debuginfo-3.8.3-150600.4.20.1
* libgnutls-devel-3.8.3-150600.4.20.1
* gnutls-debuginfo-3.8.3-150600.4.20.1
* gnutls-3.8.3-150600.4.20.1
* libgnutlsxx-devel-3.8.3-150600.4.20.1
* libgnutlsxx30-3.8.3-150600.4.20.1
* libgnutls30-3.8.3-150600.4.20.1
* openSUSE Leap 15.6 (x86_64)
* libgnutls30-32bit-debuginfo-3.8.3-150600.4.20.1
* libgnutls30-32bit-3.8.3-150600.4.20.1
* libgnutls-devel-32bit-3.8.3-150600.4.20.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libgnutls30-64bit-3.8.3-150600.4.20.1
* libgnutls-devel-64bit-3.8.3-150600.4.20.1
* libgnutls30-64bit-debuginfo-3.8.3-150600.4.20.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libgnutlsxx30-debuginfo-3.8.3-150600.4.20.1
* libgnutls30-debuginfo-3.8.3-150600.4.20.1
* gnutls-debugsource-3.8.3-150600.4.20.1
* libgnutls-devel-3.8.3-150600.4.20.1
* gnutls-debuginfo-3.8.3-150600.4.20.1
* libgnutlsxx-devel-3.8.3-150600.4.20.1
* gnutls-3.8.3-150600.4.20.1
* libgnutlsxx30-3.8.3-150600.4.20.1
* libgnutls30-3.8.3-150600.4.20.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
* libgnutls30-32bit-debuginfo-3.8.3-150600.4.20.1
* libgnutls30-32bit-3.8.3-150600.4.20.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libgnutlsxx30-debuginfo-3.8.3-150600.4.20.1
* gnutls-debugsource-3.8.3-150600.4.20.1
* libgnutls30-debuginfo-3.8.3-150600.4.20.1
* libgnutls-devel-3.8.3-150600.4.20.1
* gnutls-debuginfo-3.8.3-150600.4.20.1
* gnutls-3.8.3-150600.4.20.1
* libgnutlsxx-devel-3.8.3-150600.4.20.1
* libgnutlsxx30-3.8.3-150600.4.20.1
* libgnutls30-3.8.3-150600.4.20.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* libgnutls30-32bit-debuginfo-3.8.3-150600.4.20.1
* libgnutls30-32bit-3.8.3-150600.4.20.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libgnutlsxx30-debuginfo-3.8.3-150600.4.20.1
* gnutls-debugsource-3.8.3-150600.4.20.1
* libgnutls30-debuginfo-3.8.3-150600.4.20.1
* libgnutls-devel-3.8.3-150600.4.20.1
* gnutls-debuginfo-3.8.3-150600.4.20.1
* gnutls-3.8.3-150600.4.20.1
* libgnutlsxx-devel-3.8.3-150600.4.20.1
* libgnutlsxx30-3.8.3-150600.4.20.1
* libgnutls30-3.8.3-150600.4.20.1
* Basesystem Module 15-SP7 (x86_64)
* libgnutls30-32bit-debuginfo-3.8.3-150600.4.20.1
* libgnutls30-32bit-3.8.3-150600.4.20.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33845.html
* https://www.suse.com/security/cve/CVE-2026-33846.html
* https://www.suse.com/security/cve/CVE-2026-3833.html
* https://www.suse.com/security/cve/CVE-2026-42009.html
* https://www.suse.com/security/cve/CVE-2026-42010.html
* https://www.suse.com/security/cve/CVE-2026-42011.html
* https://www.suse.com/security/cve/CVE-2026-42012.html
* https://www.suse.com/security/cve/CVE-2026-42013.html
* https://www.suse.com/security/cve/CVE-2026-42014.html
* https://www.suse.com/security/cve/CVE-2026-42015.html
* https://www.suse.com/security/cve/CVE-2026-5260.html
* https://www.suse.com/security/cve/CVE-2026-5419.html
* https://bugzilla.suse.com/show_bug.cgi?id=1263704
* https://bugzilla.suse.com/show_bug.cgi?id=1263705
* https://bugzilla.suse.com/show_bug.cgi?id=1263707
* https://bugzilla.suse.com/show_bug.cgi?id=1263708
* https://bugzilla.suse.com/show_bug.cgi?id=1263709
* https://bugzilla.suse.com/show_bug.cgi?id=1263710
* https://bugzilla.suse.com/show_bug.cgi?id=1263711
* https://bugzilla.suse.com/show_bug.cgi?id=1263712
* https://bugzilla.suse.com/show_bug.cgi?id=1263713
* https://bugzilla.suse.com/show_bug.cgi?id=1263714
* https://bugzilla.suse.com/show_bug.cgi?id=1263715
* https://bugzilla.suse.com/show_bug.cgi?id=1263716



SUSE-SU-2026:2116-1: moderate: Security update for csync2


# Security update for csync2

Announcement ID: SUSE-SU-2026:2116-1
Release Date: 2026-05-29T15:29:09Z
Rating: moderate
References:

* bsc#1262472

Cross-References:

* CVE-2026-41051

CVSS scores:

* CVE-2026-41051 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41051 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-41051 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41051 ( NVD ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise High Availability Extension 15 SP4
* SUSE Linux Enterprise High Availability Extension 15 SP5
* SUSE Linux Enterprise High Availability Extension 15 SP6
* SUSE Linux Enterprise High Availability Extension 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves one vulnerability can now be installed.

## Description:

This update for csync2 fixes the following issue

* CVE-2026-41051: uses insecure temporary directories when compiled with C99
or later (bsc#1262472).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-2116=1

* SUSE Linux Enterprise High Availability Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2026-2116=1

* SUSE Linux Enterprise High Availability Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-2116=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-2116=1

* SUSE Linux Enterprise High Availability Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2026-2116=1

## Package List:

* SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le
s390x x86_64)
* csync2-debuginfo-2.0+git.1600444747.83b3644-150300.3.6.1
* csync2-2.0+git.1600444747.83b3644-150300.3.6.1
* csync2-debugsource-2.0+git.1600444747.83b3644-150300.3.6.1
* SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le
s390x x86_64)
* csync2-debuginfo-2.0+git.1600444747.83b3644-150300.3.6.1
* csync2-2.0+git.1600444747.83b3644-150300.3.6.1
* csync2-debugsource-2.0+git.1600444747.83b3644-150300.3.6.1
* SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le
s390x x86_64)
* csync2-debuginfo-2.0+git.1600444747.83b3644-150300.3.6.1
* csync2-2.0+git.1600444747.83b3644-150300.3.6.1
* csync2-debugsource-2.0+git.1600444747.83b3644-150300.3.6.1
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* csync2-debuginfo-2.0+git.1600444747.83b3644-150300.3.6.1
* csync2-2.0+git.1600444747.83b3644-150300.3.6.1
* csync2-debugsource-2.0+git.1600444747.83b3644-150300.3.6.1
* SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64 ppc64le
s390x x86_64)
* csync2-debuginfo-2.0+git.1600444747.83b3644-150300.3.6.1
* csync2-2.0+git.1600444747.83b3644-150300.3.6.1
* csync2-debugsource-2.0+git.1600444747.83b3644-150300.3.6.1

## References:

* https://www.suse.com/security/cve/CVE-2026-41051.html
* https://bugzilla.suse.com/show_bug.cgi?id=1262472



SUSE-SU-2026:2119-1: important: Security update for python-urllib3


# Security update for python-urllib3

Announcement ID: SUSE-SU-2026:2119-1
Release Date: 2026-05-29T15:34:25Z
Rating: important
References:

* bsc#1265267

Cross-References:

* CVE-2026-44431

CVSS scores:

* CVE-2026-44431 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-44431 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-44431 ( NVD ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-44431 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.3
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for python-urllib3 fixes the following issue

* CVE-2026-44431: sensitive information disclosure due to sensitive headers
being forwarded across origins in proxied low-level redirects (bsc#1265267).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-2119=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2119=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2119=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2119=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2119=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-2119=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2119=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2119=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2119=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2119=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2119=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2119=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2119=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2119=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2119=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2119=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2119=1

## Package List:

* openSUSE Leap 15.3 (noarch)
* python3-urllib3-1.25.10-150300.4.27.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
* python3-urllib3-1.25.10-150300.4.27.1
* SUSE Linux Enterprise Micro 5.4 (noarch)
* python3-urllib3-1.25.10-150300.4.27.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* python3-urllib3-1.25.10-150300.4.27.1
* Basesystem Module 15-SP7 (noarch)
* python3-urllib3-1.25.10-150300.4.27.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* python3-urllib3-1.25.10-150300.4.27.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* python3-urllib3-1.25.10-150300.4.27.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* python3-urllib3-1.25.10-150300.4.27.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* python3-urllib3-1.25.10-150300.4.27.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* python3-urllib3-1.25.10-150300.4.27.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* python3-urllib3-1.25.10-150300.4.27.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* python3-urllib3-1.25.10-150300.4.27.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
* python3-urllib3-1.25.10-150300.4.27.1
* SUSE Linux Enterprise Micro 5.3 (noarch)
* python3-urllib3-1.25.10-150300.4.27.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* python3-urllib3-1.25.10-150300.4.27.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* python3-urllib3-1.25.10-150300.4.27.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* python3-urllib3-1.25.10-150300.4.27.1

## References:

* https://www.suse.com/security/cve/CVE-2026-44431.html
* https://bugzilla.suse.com/show_bug.cgi?id=1265267



SUSE-SU-2026:2121-1: moderate: Security update for frr


# Security update for frr

Announcement ID: SUSE-SU-2026:2121-1
Release Date: 2026-05-29T15:36:42Z
Rating: moderate
References:

* bsc#1252761
* bsc#1252810
* bsc#1252811
* bsc#1252812
* bsc#1252813
* bsc#1252829
* bsc#1252833
* bsc#1252835
* bsc#1252838
* bsc#1261013

Cross-References:

* CVE-2025-61099
* CVE-2025-61100
* CVE-2025-61101
* CVE-2025-61102
* CVE-2025-61103
* CVE-2025-61104
* CVE-2025-61105
* CVE-2025-61106
* CVE-2025-61107
* CVE-2026-5107

CVSS scores:

* CVE-2025-61099 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61099 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61099 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61100 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61100 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61100 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61101 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61101 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61101 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61102 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61102 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61102 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61103 ( SUSE ): 6.0
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61103 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61103 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61104 ( SUSE ): 6.0
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61104 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61104 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61105 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61105 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61105 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61106 ( SUSE ): 6.0
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61106 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61106 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61107 ( SUSE ): 6.0
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61107 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61107 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-5107 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-5107 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-5107 ( NVD ): 2.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-5107 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-5107 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

Affected Products:

* openSUSE Leap 15.3

An update that solves 10 vulnerabilities can now be installed.

## Description:

This update for frr fixes the following issues:

* CVE-2025-61099: NULL Pointer Dereference in FRRouting (bsc#1252838).
* CVE-2025-61100: NULL Pointer Dereference in FRRouting (bsc#1252829).
* CVE-2025-61101: NULL Pointer Dereference in FRRouting (bsc#1252833).
* CVE-2025-61102: NULL Pointer Dereference in FRRouting (bsc#1252835).
* CVE-2025-61103: NULL pointer dereference in show_vty_ext_link_lan_adj_sid()
in ospf_ext.c (bsc#1252810).
* CVE-2025-61104: NULL pointer dereference in show_vty_unknown_tlv() in
ospf_ext.c (bsc#1252811).
* CVE-2025-61105: NULL pointer dereference in show_vty_link_info() in
ospf_ext.c (bsc#1252761).
* CVE-2025-61106: NULL pointer dereference in show_vty_ext_pref_pref_sid() in
ospf_ext.c (bsc#1252812).
* CVE-2025-61107: NULL pointer dereference in show_vty_ext_pref_pref_sid() in
ospf_ext.c (bsc#1252813).
* CVE-2026-5107: Improper access controls via bgpd EVPN and ENCAP/VNC packet
parsing (bsc#1261013).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-2121=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* libfrrfpm_pb0-debuginfo-7.4-150300.4.40.1
* frr-debuginfo-7.4-150300.4.40.1
* libfrrsnmp0-debuginfo-7.4-150300.4.40.1
* libfrrgrpc_pb0-debuginfo-7.4-150300.4.40.1
* libfrr_pb0-debuginfo-7.4-150300.4.40.1
* libfrrzmq0-debuginfo-7.4-150300.4.40.1
* frr-7.4-150300.4.40.1
* libfrrgrpc_pb0-7.4-150300.4.40.1
* libfrrcares0-7.4-150300.4.40.1
* libfrrsnmp0-7.4-150300.4.40.1
* libfrrospfapiclient0-7.4-150300.4.40.1
* frr-debugsource-7.4-150300.4.40.1
* libmlag_pb0-7.4-150300.4.40.1
* libfrrfpm_pb0-7.4-150300.4.40.1
* libfrr0-7.4-150300.4.40.1
* libfrr_pb0-7.4-150300.4.40.1
* libfrr0-debuginfo-7.4-150300.4.40.1
* libfrrcares0-debuginfo-7.4-150300.4.40.1
* libfrrospfapiclient0-debuginfo-7.4-150300.4.40.1
* frr-devel-7.4-150300.4.40.1
* libmlag_pb0-debuginfo-7.4-150300.4.40.1
* libfrrzmq0-7.4-150300.4.40.1

## References:

* https://www.suse.com/security/cve/CVE-2025-61099.html
* https://www.suse.com/security/cve/CVE-2025-61100.html
* https://www.suse.com/security/cve/CVE-2025-61101.html
* https://www.suse.com/security/cve/CVE-2025-61102.html
* https://www.suse.com/security/cve/CVE-2025-61103.html
* https://www.suse.com/security/cve/CVE-2025-61104.html
* https://www.suse.com/security/cve/CVE-2025-61105.html
* https://www.suse.com/security/cve/CVE-2025-61106.html
* https://www.suse.com/security/cve/CVE-2025-61107.html
* https://www.suse.com/security/cve/CVE-2026-5107.html
* https://bugzilla.suse.com/show_bug.cgi?id=1252761
* https://bugzilla.suse.com/show_bug.cgi?id=1252810
* https://bugzilla.suse.com/show_bug.cgi?id=1252811
* https://bugzilla.suse.com/show_bug.cgi?id=1252812
* https://bugzilla.suse.com/show_bug.cgi?id=1252813
* https://bugzilla.suse.com/show_bug.cgi?id=1252829
* https://bugzilla.suse.com/show_bug.cgi?id=1252833
* https://bugzilla.suse.com/show_bug.cgi?id=1252835
* https://bugzilla.suse.com/show_bug.cgi?id=1252838
* https://bugzilla.suse.com/show_bug.cgi?id=1261013



SUSE-SU-2026:2117-1: important: Security update for postgresql14


# Security update for postgresql14

Announcement ID: SUSE-SU-2026:2117-1
Release Date: 2026-05-29T15:30:06Z
Rating: important
References:

* bsc#1263804
* bsc#1265172
* bsc#1265173
* bsc#1265174
* bsc#1265175
* bsc#1265177
* bsc#1265178
* bsc#1265179
* bsc#1265181
* jsc#PED-14823

Cross-References:

* CVE-2026-6472
* CVE-2026-6473
* CVE-2026-6474
* CVE-2026-6475
* CVE-2026-6477
* CVE-2026-6478
* CVE-2026-6479
* CVE-2026-6637

CVSS scores:

* CVE-2026-6472 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-6472 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-6473 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6473 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6474 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-6474 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-6475 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-6475 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-6477 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-6477 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-6478 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-6478 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-6479 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-6479 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-6637 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6637 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* Legacy Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves eight vulnerabilities, contains one feature and has one
security fix can now be installed.

## Description:

This update for postgresql14 fixes the following issues

Update to version 14.23.

Security issues:

* CVE-2026-6472: ensure the user has CREATE privilege on the schema specified
(bsc#1265172).
* CVE-2026-6473: integer overflows in memory-allocation calculations
(bsc#1265173).
* CVE-2026-6474: Guard against malicious time zone names (bsc#1265174).
* CVE-2026-6475: Prevent path traversal in pg_basebackup and pg_rewind
(bsc#1265175).
* CVE-2026-6477: Mark PQfn() as unsafe, and avoid using it within libpq
(bsc#1265177).
* CVE-2026-6478: Use timing-safe string comparisons in authentication code
(bsc#1265178).
* CVE-2026-6479: Prevent unbounded recursion while processing startup packets
(bsc#1265179).
* CVE-2026-6637: Prevent SQL injection and buffer overruns in contrib/spi
(bsc#1265181).

Non security issue: \- Get rid of update-alternatives for openSUSE/SLE 16.0 and
newer to support immutable systems and transactional updates (jsc#PED-14823). \-
/usr/bin/pg_config is missing after migrating away from update-alternatives
(bsc#1263804).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2117=1

* Legacy Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2026-2117=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2117=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2117=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2117=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* postgresql14-llvmjit-devel-14.23-150600.16.31.1
* postgresql14-debuginfo-14.23-150600.16.31.1
* postgresql14-pltcl-14.23-150600.16.31.1
* postgresql14-contrib-debuginfo-14.23-150600.16.31.1
* postgresql14-contrib-14.23-150600.16.31.1
* postgresql14-server-devel-14.23-150600.16.31.1
* postgresql14-llvmjit-debuginfo-14.23-150600.16.31.1
* postgresql14-debugsource-14.23-150600.16.31.1
* postgresql14-plperl-debuginfo-14.23-150600.16.31.1
* postgresql14-14.23-150600.16.31.1
* postgresql14-test-14.23-150600.16.31.1
* postgresql14-server-debuginfo-14.23-150600.16.31.1
* postgresql14-plpython-14.23-150600.16.31.1
* postgresql14-pltcl-debuginfo-14.23-150600.16.31.1
* postgresql14-plperl-14.23-150600.16.31.1
* postgresql14-server-14.23-150600.16.31.1
* postgresql14-devel-debuginfo-14.23-150600.16.31.1
* postgresql14-devel-14.23-150600.16.31.1
* postgresql14-plpython-debuginfo-14.23-150600.16.31.1
* postgresql14-server-devel-debuginfo-14.23-150600.16.31.1
* postgresql14-llvmjit-14.23-150600.16.31.1
* openSUSE Leap 15.6 (noarch)
* postgresql14-docs-14.23-150600.16.31.1
* Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* postgresql14-14.23-150600.16.31.1
* postgresql14-debuginfo-14.23-150600.16.31.1
* postgresql14-server-14.23-150600.16.31.1
* postgresql14-server-debuginfo-14.23-150600.16.31.1
* postgresql14-server-devel-14.23-150600.16.31.1
* postgresql14-devel-debuginfo-14.23-150600.16.31.1
* postgresql14-plpython-14.23-150600.16.31.1
* postgresql14-pltcl-debuginfo-14.23-150600.16.31.1
* postgresql14-plperl-14.23-150600.16.31.1
* postgresql14-server-devel-debuginfo-14.23-150600.16.31.1
* postgresql14-debugsource-14.23-150600.16.31.1
* postgresql14-devel-14.23-150600.16.31.1
* postgresql14-pltcl-14.23-150600.16.31.1
* postgresql14-contrib-debuginfo-14.23-150600.16.31.1
* postgresql14-plpython-debuginfo-14.23-150600.16.31.1
* postgresql14-plperl-debuginfo-14.23-150600.16.31.1
* postgresql14-contrib-14.23-150600.16.31.1
* Legacy Module 15-SP7 (noarch)
* postgresql14-docs-14.23-150600.16.31.1
* Legacy Module 15-SP7 (ppc64le s390x x86_64)
* postgresql14-test-14.23-150600.16.31.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* postgresql14-test-14.23-150600.16.31.1
* postgresql14-debuginfo-14.23-150600.16.31.1
* postgresql14-llvmjit-debuginfo-14.23-150600.16.31.1
* postgresql14-debugsource-14.23-150600.16.31.1
* postgresql14-llvmjit-14.23-150600.16.31.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* postgresql14-14.23-150600.16.31.1
* postgresql14-debuginfo-14.23-150600.16.31.1
* postgresql14-server-14.23-150600.16.31.1
* postgresql14-server-debuginfo-14.23-150600.16.31.1
* postgresql14-server-devel-14.23-150600.16.31.1
* postgresql14-devel-debuginfo-14.23-150600.16.31.1
* postgresql14-plpython-14.23-150600.16.31.1
* postgresql14-pltcl-debuginfo-14.23-150600.16.31.1
* postgresql14-plperl-14.23-150600.16.31.1
* postgresql14-server-devel-debuginfo-14.23-150600.16.31.1
* postgresql14-plperl-debuginfo-14.23-150600.16.31.1
* postgresql14-debugsource-14.23-150600.16.31.1
* postgresql14-devel-14.23-150600.16.31.1
* postgresql14-pltcl-14.23-150600.16.31.1
* postgresql14-plpython-debuginfo-14.23-150600.16.31.1
* postgresql14-contrib-debuginfo-14.23-150600.16.31.1
* postgresql14-contrib-14.23-150600.16.31.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* postgresql14-docs-14.23-150600.16.31.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* postgresql14-14.23-150600.16.31.1
* postgresql14-debuginfo-14.23-150600.16.31.1
* postgresql14-server-14.23-150600.16.31.1
* postgresql14-server-debuginfo-14.23-150600.16.31.1
* postgresql14-server-devel-14.23-150600.16.31.1
* postgresql14-devel-debuginfo-14.23-150600.16.31.1
* postgresql14-plpython-14.23-150600.16.31.1
* postgresql14-pltcl-debuginfo-14.23-150600.16.31.1
* postgresql14-plperl-14.23-150600.16.31.1
* postgresql14-server-devel-debuginfo-14.23-150600.16.31.1
* postgresql14-plperl-debuginfo-14.23-150600.16.31.1
* postgresql14-debugsource-14.23-150600.16.31.1
* postgresql14-devel-14.23-150600.16.31.1
* postgresql14-pltcl-14.23-150600.16.31.1
* postgresql14-plpython-debuginfo-14.23-150600.16.31.1
* postgresql14-contrib-debuginfo-14.23-150600.16.31.1
* postgresql14-contrib-14.23-150600.16.31.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* postgresql14-docs-14.23-150600.16.31.1

## References:

* https://www.suse.com/security/cve/CVE-2026-6472.html
* https://www.suse.com/security/cve/CVE-2026-6473.html
* https://www.suse.com/security/cve/CVE-2026-6474.html
* https://www.suse.com/security/cve/CVE-2026-6475.html
* https://www.suse.com/security/cve/CVE-2026-6477.html
* https://www.suse.com/security/cve/CVE-2026-6478.html
* https://www.suse.com/security/cve/CVE-2026-6479.html
* https://www.suse.com/security/cve/CVE-2026-6637.html
* https://bugzilla.suse.com/show_bug.cgi?id=1263804
* https://bugzilla.suse.com/show_bug.cgi?id=1265172
* https://bugzilla.suse.com/show_bug.cgi?id=1265173
* https://bugzilla.suse.com/show_bug.cgi?id=1265174
* https://bugzilla.suse.com/show_bug.cgi?id=1265175
* https://bugzilla.suse.com/show_bug.cgi?id=1265177
* https://bugzilla.suse.com/show_bug.cgi?id=1265178
* https://bugzilla.suse.com/show_bug.cgi?id=1265179
* https://bugzilla.suse.com/show_bug.cgi?id=1265181
* https://jira.suse.com/browse/PED-14823



openSUSE-SU-2026:0179-1: important: Security update for chromium


openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2026:0179-1
Rating: important
References: #1266471
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that contains security fixes can now be installed.

Description:

This update for chromium fixes the following issues:

- Chromium 148.0.7778.215 (boo#1266471)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-179=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le x86_64):

chromedriver-148.0.7778.215-bp157.2.163.1
chromium-148.0.7778.215-bp157.2.163.1

References:

https://bugzilla.suse.com/1266471



openSUSE-SU-2026:20827-1: important: Security update for python-mistune


openSUSE security update: security update for python-mistune
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20827-1
Rating: important
References:

* bsc#1264347
* bsc#1264750
* bsc#1264751
* bsc#1264752
* bsc#1264754
* bsc#1265052
* bsc#1265053

Cross-References:

* CVE-2026-33079
* CVE-2026-33441
* CVE-2026-44708
* CVE-2026-44896
* CVE-2026-44897
* CVE-2026-44898
* CVE-2026-44899

CVSS scores:

* CVE-2026-33079 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33079 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-33441 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33441 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44708 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-44708 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-44896 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-44896 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-44897 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-44897 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-44898 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-44898 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-44899 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-44899 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 7 vulnerabilities and has 7 bug fixes can now be installed.

Description:

This update for python-mistune fixes the following issues

- CVE-2026-33079: ReDoS in `LINK_TITLE_RE` can lead to denial of service via a crafted Markdown (bsc#1264347).
- CVE-2026-33441: processing of malformed reference links can lead to excessive resource consumption and denial of
service (bsc#1264752).
- CVE-2026-44708: improper HTML escaping in the math plugin can lead to XSS (bsc#1264751).
- CVE-2026-44896: improper escaping in `render_figure` can lead to attribute injection and XSS (bsc#1264754).
- CVE-2026-44897: improper sanitization of user-controlled input in `HTMLRenderer.heading` can lead to XSS
(bsc#1264750).
- CVE-2026-44898: improper sanitization of user-supplied HTML input in `render_toc_ul` can lead to XSS (bsc#1265052).
- CVE-2026-44899: improper input verification in Image directive plugin and improper escaping in `render_block_image`
can lead to CSS injection (bsc#1265053).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-816=1

Package List:

- openSUSE Leap 16.0:

python313-mistune-3.1.3-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-33079.html
* https://www.suse.com/security/cve/CVE-2026-33441.html
* https://www.suse.com/security/cve/CVE-2026-44708.html
* https://www.suse.com/security/cve/CVE-2026-44896.html
* https://www.suse.com/security/cve/CVE-2026-44897.html
* https://www.suse.com/security/cve/CVE-2026-44898.html
* https://www.suse.com/security/cve/CVE-2026-44899.html



openSUSE-SU-2026:20826-1: important: Security update for the Linux Kernel


openSUSE security update: security update for the linux kernel
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20826-1
Rating: important
References:

* bsc#1215199
* bsc#1234634
* bsc#1241259
* bsc#1243603
* bsc#1248754
* bsc#1249104
* bsc#1250951
* bsc#1253471
* bsc#1254518
* bsc#1255160
* bsc#1255360
* bsc#1255459
* bsc#1255752
* bsc#1256288
* bsc#1256865
* bsc#1256867
* bsc#1258518
* bsc#1258718
* bsc#1258826
* bsc#1258849
* bsc#1258850
* bsc#1258854
* bsc#1258855
* bsc#1258856
* bsc#1258857
* bsc#1258933
* bsc#1258961
* bsc#1259186
* bsc#1259199
* bsc#1259222
* bsc#1259420
* bsc#1259461
* bsc#1259535
* bsc#1259672
* bsc#1259799
* bsc#1259806
* bsc#1259857
* bsc#1259865
* bsc#1259868
* bsc#1259869
* bsc#1259871
* bsc#1259873
* bsc#1259878
* bsc#1259889
* bsc#1259994
* bsc#1260010
* bsc#1260012
* bsc#1260018
* bsc#1260428
* bsc#1260468
* bsc#1260483
* bsc#1260484
* bsc#1260485
* bsc#1260489
* bsc#1260504
* bsc#1260505
* bsc#1260507
* bsc#1260514
* bsc#1260523
* bsc#1260526
* bsc#1260528
* bsc#1260529
* bsc#1260530
* bsc#1260531
* bsc#1260532
* bsc#1260533
* bsc#1260536
* bsc#1260537
* bsc#1260538
* bsc#1260541
* bsc#1260546
* bsc#1260549
* bsc#1260551
* bsc#1260552
* bsc#1260555
* bsc#1260561
* bsc#1260562
* bsc#1260566
* bsc#1260571
* bsc#1260572
* bsc#1260573
* bsc#1260576
* bsc#1260580
* bsc#1260581
* bsc#1260593
* bsc#1260613
* bsc#1260728
* bsc#1260729
* bsc#1260731
* bsc#1260798
* bsc#1260800
* bsc#1260801
* bsc#1260807
* bsc#1260811
* bsc#1260996
* bsc#1261020
* bsc#1261149
* bsc#1261287
* bsc#1261288
* bsc#1261295
* bsc#1261348
* bsc#1261410
* bsc#1261503
* bsc#1261504
* bsc#1261505
* bsc#1261550
* bsc#1261555
* bsc#1261581
* bsc#1261582
* bsc#1261584
* bsc#1261585
* bsc#1261592
* bsc#1261601
* bsc#1261602
* bsc#1261617
* bsc#1261618
* bsc#1261629
* bsc#1261632
* bsc#1261635
* bsc#1261636
* bsc#1261637
* bsc#1261638
* bsc#1261641
* bsc#1261644
* bsc#1261645
* bsc#1261648
* bsc#1261679
* bsc#1261685
* bsc#1261686
* bsc#1261687
* bsc#1261692
* bsc#1261694
* bsc#1261700
* bsc#1261702
* bsc#1261703
* bsc#1261707
* bsc#1261710
* bsc#1261713
* bsc#1261714
* bsc#1261719
* bsc#1261738
* bsc#1261750
* bsc#1261751
* bsc#1261752
* bsc#1261768
* bsc#1261778
* bsc#1261779
* bsc#1261780
* bsc#1261781
* bsc#1261786
* bsc#1261788
* bsc#1261789
* bsc#1261796
* bsc#1261797
* bsc#1261896
* bsc#1262019
* bsc#1262053
* bsc#1262054
* bsc#1262055
* bsc#1262061
* bsc#1262063
* bsc#1262074
* bsc#1262078
* bsc#1262086
* bsc#1262087
* bsc#1262099
* bsc#1262100
* bsc#1262101
* bsc#1262179
* bsc#1262181
* bsc#1262245
* bsc#1262250
* bsc#1262480
* bsc#1262601
* bsc#1262616
* bsc#1262617
* bsc#1262627
* bsc#1262662
* bsc#1262665
* bsc#1262671
* bsc#1262673
* bsc#1262709
* bsc#1262725
* bsc#1262731
* bsc#1262750
* bsc#1262752
* bsc#1262758
* bsc#1263001
* bsc#1263012
* bsc#1263018
* bsc#1263044
* bsc#1263048
* bsc#1263052
* bsc#1263064
* bsc#1263074
* bsc#1263077
* bsc#1263085
* bsc#1263093
* bsc#1263095
* bsc#1263104
* bsc#1263107
* bsc#1263131
* bsc#1263135
* bsc#1263138
* bsc#1263140
* bsc#1263141
* bsc#1263165
* bsc#1263176
* bsc#1263255
* bsc#1263556
* bsc#1263562
* bsc#1263582
* bsc#1263592
* bsc#1263593
* bsc#1263595
* bsc#1263596
* bsc#1263604
* bsc#1263668
* bsc#1263815
* bsc#1263882
* bsc#1263901
* bsc#1263931
* bsc#1263933
* bsc#1263942
* bsc#1263995
* bsc#1264014
* bsc#1264059
* bsc#1264082
* bsc#1264097
* bsc#1264183
* bsc#1264233
* bsc#1264427
* bsc#1264469
* bsc#1264586
* bsc#1264674
* bsc#1264837
* bsc#1264848
* bsc#1265085
* bsc#1265116
* bsc#1265119
* bsc#1265144
* bsc#1265308
* bsc#1265421
* bsc#1265449
* bsc#1265456
* bsc#1265626
* bsc#1265846
* bsc#1265960

Cross-References:

* CVE-2023-2058
* CVE-2024-14027
* CVE-2025-40181
* CVE-2025-40219
* CVE-2025-68265
* CVE-2025-68310
* CVE-2025-71238
* CVE-2025-71268
* CVE-2025-71269
* CVE-2025-71302
* CVE-2026-23168
* CVE-2026-23209
* CVE-2026-23236
* CVE-2026-23237
* CVE-2026-23245
* CVE-2026-23246
* CVE-2026-23253
* CVE-2026-23260
* CVE-2026-23261
* CVE-2026-23264
* CVE-2026-23266
* CVE-2026-23268
* CVE-2026-23269
* CVE-2026-23271
* CVE-2026-23273
* CVE-2026-23276
* CVE-2026-23279
* CVE-2026-23290
* CVE-2026-23291
* CVE-2026-23298
* CVE-2026-23300
* CVE-2026-23307
* CVE-2026-23312
* CVE-2026-23313
* CVE-2026-23315
* CVE-2026-23316
* CVE-2026-23317
* CVE-2026-23318
* CVE-2026-23321
* CVE-2026-23324
* CVE-2026-23325
* CVE-2026-23334
* CVE-2026-23336
* CVE-2026-23339
* CVE-2026-23340
* CVE-2026-23346
* CVE-2026-23347
* CVE-2026-23351
* CVE-2026-23354
* CVE-2026-23357
* CVE-2026-23360
* CVE-2026-23362
* CVE-2026-23363
* CVE-2026-23365
* CVE-2026-23367
* CVE-2026-23368
* CVE-2026-23369
* CVE-2026-23370
* CVE-2026-23372
* CVE-2026-23373
* CVE-2026-23374
* CVE-2026-23375
* CVE-2026-23378
* CVE-2026-23382
* CVE-2026-23387
* CVE-2026-23391
* CVE-2026-23392
* CVE-2026-23395
* CVE-2026-23396
* CVE-2026-23397
* CVE-2026-23399
* CVE-2026-23401
* CVE-2026-23403
* CVE-2026-23404
* CVE-2026-23405
* CVE-2026-23406
* CVE-2026-23407
* CVE-2026-23408
* CVE-2026-23409
* CVE-2026-23410
* CVE-2026-23411
* CVE-2026-23417
* CVE-2026-23418
* CVE-2026-23420
* CVE-2026-23426
* CVE-2026-23434
* CVE-2026-23436
* CVE-2026-23437
* CVE-2026-23440
* CVE-2026-23441
* CVE-2026-23442
* CVE-2026-23443
* CVE-2026-23445
* CVE-2026-23446
* CVE-2026-23447
* CVE-2026-23448
* CVE-2026-23449
* CVE-2026-23450
* CVE-2026-23452
* CVE-2026-23454
* CVE-2026-23455
* CVE-2026-23456
* CVE-2026-23457
* CVE-2026-23458
* CVE-2026-23460
* CVE-2026-23461
* CVE-2026-23462
* CVE-2026-23463
* CVE-2026-23464
* CVE-2026-23465
* CVE-2026-23466
* CVE-2026-23468
* CVE-2026-23470
* CVE-2026-23472
* CVE-2026-23473
* CVE-2026-23474
* CVE-2026-23475
* CVE-2026-31389
* CVE-2026-31392
* CVE-2026-31393
* CVE-2026-31394
* CVE-2026-31395
* CVE-2026-31400
* CVE-2026-31402
* CVE-2026-31403
* CVE-2026-31405
* CVE-2026-31406
* CVE-2026-31407
* CVE-2026-31408
* CVE-2026-31411
* CVE-2026-31412
* CVE-2026-31415
* CVE-2026-31416
* CVE-2026-31417
* CVE-2026-31420
* CVE-2026-31421
* CVE-2026-31422
* CVE-2026-31423
* CVE-2026-31424
* CVE-2026-31425
* CVE-2026-31426
* CVE-2026-31427
* CVE-2026-31428
* CVE-2026-31435
* CVE-2026-31449
* CVE-2026-31453
* CVE-2026-31456
* CVE-2026-31470
* CVE-2026-31494
* CVE-2026-31496
* CVE-2026-31503
* CVE-2026-31504
* CVE-2026-31505
* CVE-2026-31507
* CVE-2026-31515
* CVE-2026-31519
* CVE-2026-31525
* CVE-2026-31526
* CVE-2026-31528
* CVE-2026-31533
* CVE-2026-31547
* CVE-2026-31550
* CVE-2026-31554
* CVE-2026-31565
* CVE-2026-31579
* CVE-2026-31586
* CVE-2026-31588
* CVE-2026-31644
* CVE-2026-31649
* CVE-2026-31658
* CVE-2026-31662
* CVE-2026-31666
* CVE-2026-31668
* CVE-2026-31669
* CVE-2026-31675
* CVE-2026-31678
* CVE-2026-31679
* CVE-2026-31681
* CVE-2026-31682
* CVE-2026-31684
* CVE-2026-31685
* CVE-2026-31691
* CVE-2026-31694
* CVE-2026-31700
* CVE-2026-31738
* CVE-2026-31787
* CVE-2026-43009
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43038
* CVE-2026-43045
* CVE-2026-43050
* CVE-2026-43060
* CVE-2026-43082
* CVE-2026-43088
* CVE-2026-43153
* CVE-2026-43190
* CVE-2026-43265
* CVE-2026-43329
* CVE-2026-43365
* CVE-2026-43366
* CVE-2026-43441
* CVE-2026-43494
* CVE-2026-43503
* CVE-2026-46333

CVSS scores:

* CVE-2024-14027 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-14027 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40181 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40181 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40219 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-40219 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68265 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-68265 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68310 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-68310 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71238 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
* CVE-2025-71238 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71268 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71268 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71269 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-71269 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71302 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71302 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23168 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23168 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23236 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23236 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23237 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23237 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23245 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23245 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23246 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23260 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-23260 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-23261 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-23261 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-23264 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23264 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23266 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23266 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23268 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23269 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-23269 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23271 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-23271 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23273 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23273 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23276 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23276 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23279 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23279 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23290 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23290 ( SUSE ): 5.1 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23291 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23298 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23298 ( SUSE ): 5.1 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23300 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23300 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23307 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23312 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23312 ( SUSE ): 5.1 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23313 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23315 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23316 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23317 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23317 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23318 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23321 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-23321 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-23324 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23324 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23325 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23334 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23336 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23339 ( SUSE ): 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-23339 ( SUSE ): 2.3 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-23340 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23340 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23346 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23346 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23347 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23351 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23354 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-23354 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-23357 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23357 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23360 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23360 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23362 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23363 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23365 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23365 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23367 ( SUSE ): 6.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-23367 ( SUSE ): 5.3 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-23368 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23368 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23369 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23369 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23370 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23372 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23373 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23374 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23374 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23375 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23378 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-23378 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23382 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23382 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23387 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-23387 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23391 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23392 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23392 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23395 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23395 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23396 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23396 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23397 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23397 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23399 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23399 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23401 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
* CVE-2026-23401 ( SUSE ): 8.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
* CVE-2026-23403 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-23403 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23404 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23404 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23405 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23405 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23406 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-23406 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23407 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-23407 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23408 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-23408 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23409 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-23409 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23410 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23410 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23411 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23411 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23417 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23417 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23418 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23418 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23420 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23420 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23426 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23426 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23434 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-23434 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23436 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23436 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23437 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23437 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23440 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23440 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23441 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23442 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23442 ( SUSE ): 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23443 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-23443 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23445 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23445 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23446 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23446 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23447 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-23447 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23448 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-23448 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23449 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23449 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23450 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23450 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23452 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23452 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23454 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23454 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23455 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23455 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23456 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-23456 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-23457 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-23457 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23458 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23458 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23460 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23460 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23461 ( SUSE ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23461 ( SUSE ): 7.7 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23462 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23462 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23463 ( SUSE ): 0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N
* CVE-2026-23463 ( SUSE ): 0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-23464 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23464 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23465 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
* CVE-2026-23465 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2026-23466 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23466 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23468 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23468 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23470 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23470 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23472 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23472 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23473 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23473 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23474 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23474 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23475 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23475 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31389 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31389 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31392 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-31392 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-31393 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-31393 ( SUSE ): 5.3 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-31394 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31394 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31395 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31395 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31400 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31400 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31402 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31403 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31403 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31405 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31405 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31406 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31406 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31407 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-31407 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-31408 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31408 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31411 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31411 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31412 ( SUSE ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31412 ( SUSE ): 7 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31415 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31415 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31416 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-31416 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-31417 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31417 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31420 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31420 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31421 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31421 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31422 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31422 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31423 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31423 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31424 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31424 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31425 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31425 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31426 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-31426 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31427 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-31427 ( SUSE ): 2 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-31428 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-31428 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-31435 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31435 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31449 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31449 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31453 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31453 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31456 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31456 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31470 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31470 ( SUSE ): 6 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31494 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-31494 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-31496 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-31496 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-31503 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-31503 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31504 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31504 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31505 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31507 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31507 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31515 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31515 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31519 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31519 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31525 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31525 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31526 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31526 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31528 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31528 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31547 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31547 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31550 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31550 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31554 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31554 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31565 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31565 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31579 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31579 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31588 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31588 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31644 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31644 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31649 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31649 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31658 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31658 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31662 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31662 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31666 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-31666 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-31668 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-31668 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-31669 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31669 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31675 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-31675 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31678 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31678 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31679 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31679 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31681 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-31681 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-31682 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-31682 ( SUSE ): 5.3 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-31684 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-31684 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31691 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31691 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31694 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31700 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31700 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31738 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31738 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31787 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-31787 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43009 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43025 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43038 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43045 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43050 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43050 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43060 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43082 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43088 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-43088 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-43153 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43153 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43265 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43265 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43329 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43329 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43365 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43365 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43366 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43366 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43441 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-43503 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46333 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 206 vulnerabilities and has 248 bug fixes can now be installed.

Description:

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2023-2058: x86/CPU: Fix FPDSS on Zen1 (bsc#1243603).
- CVE-2024-14027: xattr: switch to CLASS(fd) (bsc#1259420).
- CVE-2025-40181: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP (bsc#1253471).
- CVE-2025-68265: nvme: fix admin request_queue lifetime (bsc#1255360).
- CVE-2025-68310: s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump (bsc#1255160).
- CVE-2025-71302: drm/panthor: fix for dma-fence safe access rules (bsc#1264837).
- CVE-2026-23168: flex_proportions: make fprop_new_period() hardirq safe (bsc#1258826).
- CVE-2026-23245: net/sched: act_gate: snapshot parameters with RCU on replace (bsc#1259799).
- CVE-2026-23271: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race (bsc#1260018).
- CVE-2026-23276: net: add xmit recursion limit to tunnel xmit functions (bsc#1260012).
- CVE-2026-23300: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop (bsc#1260538).
- CVE-2026-23313: i40e: Fix preempt count leak in napi poll tracepoint (bsc#1260555).
- CVE-2026-23316: net: ipv4: fix ARM64 alignment fault in multipath hash seed (bsc#1260573).
- CVE-2026-23321: mptcp: pm: in-kernel: always mark signal+subflow endp as used (bsc#1260505).
- CVE-2026-23340: net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs (bsc#1260523).
- CVE-2026-23346: arm64: io: Rename ioremap_prot() to __ioremap_prot() (bsc#1260529).
- CVE-2026-23351: netfilter: nft_set_pipapo: split gc into unlink and reclaim phase (bsc#1260526).
- CVE-2026-23354: x86/fred: Correct speculative safety in fred_extint() (bsc#1260801).
- CVE-2026-23368: net: phy: register phy led_triggers during probe to avoid AB-BA deadlock (bsc#1260530).
- CVE-2026-23374: blktrace: fix __this_cpu_read/write in preemptible context (bsc#1260811).
- CVE-2026-23375: mm: thp: deny THP for files on anonymous inodes (bsc#1260576).
- CVE-2026-23378: net/sched: act_ife: Fix metalist update behavior (bsc#1260546).
- CVE-2026-23391: netfilter: xt_CT: drop pending enqueued packets on template removal (bsc#1260566).
- CVE-2026-23392: netfilter: nf_tables: release flowtable after rcu grace period on error (bsc#1260531).
- CVE-2026-23397: nfnetlink_osf: validate individual option lengths in fingerprints (bsc#1260728).
- CVE-2026-23399: nf_tables: nft_dynset: fix possible stateful expression memleak in error path (bsc#1261020).
- CVE-2026-23417: bpf: Fix constant blinding for PROBE_MEM32 stores (bsc#1261410).
- CVE-2026-23436: net: add helpers for lookup and walking netdevs under netdev_lock() (bsc#1261617).
- CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261635).
- CVE-2026-23440: net/mlx5e: Fix race condition during IPSec ESN update (bsc#1261641).
- CVE-2026-23441: net/mlx5e: Prevent concurrent access to IPSec ASO context (bsc#1261768).
- CVE-2026-23442: ipv6: add NULL checks for idev in SRv6 paths (bsc#1261581).
- CVE-2026-23445: igc: fix page fault in XDP TX timestamps handling (bsc#1261702).
- CVE-2026-23449: net/sched: teql: Fix double-free in teql_master_xmit (bsc#1261779).
- CVE-2026-23450: net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() (bsc#1261584).
- CVE-2026-23455: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (bsc#1261687).
- CVE-2026-23456: netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case (bsc#1261703).
- CVE-2026-23457: netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() (bsc#1261686).
- CVE-2026-23458: netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() (bsc#1261781).
- CVE-2026-23468: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion (bsc#1261692).
- CVE-2026-23472: serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN (bsc#1261636).
- CVE-2026-23473: io_uring/poll: fix multishot recv missing EOF on wakeup race (bsc#1261694).
- CVE-2026-31392: smb: client: fix krb5 mount with username option (bsc#1261788).
- CVE-2026-31395: bnxt_en: fix OOB access in DBG_BUF_PRODUCER async event handler (bsc#1261786).
- CVE-2026-31400: sunrpc: fix cache_request leak in cache_release (bsc#1261645).
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261638).
- CVE-2026-31403: NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd (bsc#1261796).
- CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261629).
- CVE-2026-31407: netfilter: conntrack: add missing netlink policy validations (bsc#1261632).
- CVE-2026-31411: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() (bsc#1261752).
- CVE-2026-31415: ipv6: avoid overflows in ip6_datagram_send_ctl() (bsc#1262099).
- CVE-2026-31416: netfilter: nfnetlink_log: account for netlink header size (bsc#1262100).
- CVE-2026-31420: bridge: mrp: reject zero test interval to avoid OOM panic (bsc#1262055).
- CVE-2026-31421: net/sched: cls_fw: fix NULL pointer dereference on shared blocks (bsc#1262061).
- CVE-2026-31422: net/sched: cls_flow: fix NULL pointer dereference on shared blocks (bsc#1262054).
- CVE-2026-31423: net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() (bsc#1262063).
- CVE-2026-31424: netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP (bsc#1262053).
- CVE-2026-31425: rds: ib: reject FRMR registration before IB connection is established (bsc#1262074).
- CVE-2026-31427: netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp (bsc#1262086).
- CVE-2026-31428: netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD (bsc#1262087).
- CVE-2026-31435: netfs: Fix read abandonment during retry (bsc#1262601).
- CVE-2026-31449: ext4: validate p_idx bounds in ext4_ext_correct_indexes (bsc#1262616).
- CVE-2026-31453: xfs: avoid dereferencing log items after push callbacks (bsc#1262617).
- CVE-2026-31456: mm/pagewalk: fix race between concurrent split and refault (bsc#1262627).
- CVE-2026-31494: net: cadence: macb: Synchronize stats calculations (bsc#1262671).
- CVE-2026-31496: netfilter: nf_conntrack_expect: skip expectations in other netns via proc (bsc#1262673).
- CVE-2026-31503: udp: Fix wildcard bind conflict check when using hash2 (bsc#1263077).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263085).
- CVE-2026-31505: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats() (bsc#1263093).
- CVE-2026-31507: net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer (bsc#1263095).
- CVE-2026-31515: af_key: validate families in pfkey_send_migrate() (bsc#1262752).
- CVE-2026-31519: btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create (bsc#1263012).
- CVE-2026-31525: bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN (bsc#1262725).
- CVE-2026-31526: bpf: Fix exception exit lock checking for subprogs (bsc#1262662).
- CVE-2026-31528: perf: Make sure to use pmu_ctx->pmu for groups (bsc#1263001).
- CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (bsc#1262758).
- CVE-2026-31547: drm/xe: Fix missing runtime PM reference in ccs_mode_store (bsc#1263018).
- CVE-2026-31550: pmdomain: bcm: bcm2835-power: Increase ASB control timeout (bsc#1263104).
- CVE-2026-31554: futex: Require sys_futex_requeue() to have identical flags (bsc#1263107).
- CVE-2026-31565: RDMA/irdma: Fix deadlock during netdev reset with active connections (bsc#1263064).
- CVE-2026-31579: wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit (bsc#1263074).
- CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() (bsc#1263176).
- CVE-2026-31588: KVM: x86: Use scratch field in MMIO fragment to hold small write values (bsc#1263165).
- CVE-2026-31644: net: lan966x: fix use-after-free and leak in lan966x_fdma_reload() (bsc#1263048).
- CVE-2026-31649: net: stmmac: fix integer underflow in chain mode (bsc#1263582).
- CVE-2026-31658: net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() (bsc#1263052).
- CVE-2026-31662: tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG (bsc#1263131).
- CVE-2026-31666: btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref() (bsc#1263138).
- CVE-2026-31668: seg6: separate dst_cache for input and output paths in seg6 lwtunnel (bsc#1263140).
- CVE-2026-31669: mptcp: fix slab-use-after-free in __inet_lookup_established (bsc#1263141).
- CVE-2026-31675: net/sched: sch_netem: fix out-of-bounds access in packet corruption (bsc#1263556).
- CVE-2026-31678: openvswitch: defer tunnel netdev_put to RCU release (bsc#1263562).
- CVE-2026-31679: openvswitch: validate MPLS set/set_masked payload length (bsc#1263592).
- CVE-2026-31681: netfilter: xt_multiport: validate range encoding in checkentry (bsc#1263593).
- CVE-2026-31682: bridge: br_nd_send: linearize skb before parsing ND options (bsc#1263595).
- CVE-2026-31684: net: sched: act_csum: validate nested VLAN headers (bsc#1263596).
- CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all packets (bsc#1263668).
- CVE-2026-31691: igb: remove napi_synchronize() in igb_down() (bsc#1263604).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263901).
- CVE-2026-31700: net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() (bsc#1263882).
- CVE-2026-31738: vxlan: validate ND option lengths in vxlan_na_create (bsc#1264059).
- CVE-2026-31787: xen/privcmd: fix double free via VMA splitting (bsc#1262181).
- CVE-2026-43009: bpf: Fix incorrect pruning due to atomic fetch precision tracking (bsc#1264014).
- CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new expectations (bsc#1263931).
- CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect cleanup (bsc#1263933).
- CVE-2026-43037: ip6_tunnel: clear skb2->cb in ip4ip6_err() (bsc#1263995).
- CVE-2026-43038: ipv6: icmp: clear skb2->cb in ip6_err_gen_icmpv6_unreach() (bsc#1264097).
- CVE-2026-43045: mshv: Refactor and rename memory region handling functions (bsc#1263942).
- CVE-2026-43050: atm: lec: fix use-after-free in sock_def_readable() (bsc#1264082).
- CVE-2026-43060: netfilter: nft_ct: drop pending enqueued packets on removal (bsc#1264183).
- CVE-2026-43082: net: txgbe: leave space for null terminators on property_entry (bsc#1264233).
- CVE-2026-43088: net: af_key: zero aligned sockaddr tail in PF_KEY exports (bsc#1264469).
- CVE-2026-43153: xfs: remove xfs_attr_leaf_hasname (bsc#1264586).
- CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading optlen (bsc#1264848).
- CVE-2026-43265: KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block() (bsc#1264427).
- CVE-2026-43329: netfilter: flowtable: strictly check for maximum number of actions (bsc#1265085).
- CVE-2026-43365: xfs: fix undersized l_iclog_roundoff values (bsc#1265119).
- CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy on recycle (bsc#1265116).
- CVE-2026-43441: net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1264674).
- CVE-2026-43494: net/rds: reset op_nents when zerocopy page pin fails (bsc#1265626).
- CVE-2026-43503: net: skbuff: propagate shared-frag marker through frag-transfer helpers (bsc#1265960).

The following non security issues were fixed:

- accel/qaic: Add overflow check to remap_pfn_range during mmap (git-fixes).
- ACPI: AGDI: fix missing newline in error message (git-fixes).
- ACPI: CPPC: Fix related_cpus inconsistency during CPU hotplug (git-fixes).
- ACPI: scan: Use acpi_dev_put() in object add error paths (git-fixes).
- ACPI: video: Add backlight=native quirk for Dell OptiPlex 7770 AIO (git-fixes).
- ACPI: video: force native backlight on HP OMEN 16 (8A44) (stable-fixes).
- ACPI: video: Move Lenovo Legion S7 15ACH6 quirk to the right section (git-fixes).
- ALSA: 6fire: Fix input volume change detection (git-fixes).
- ALSA: 6fire: fix use-after-free on disconnect (git-fixes).
- ALSA: aoa: i2sbus: clear stale prepared state (git-fixes).
- ALSA: aoa: i2sbus: fix OF node lifetime handling (git-fixes).
- ALSA: aoa: Skip devices with no codecs in i2sbus_resume() (git-fixes).
- ALSA: aoa: Use guard() for mutex locks (stable-fixes).
- ALSA: asihpi: avoid write overflow check warning (stable-fixes).
- ALSA: caiaq: Don't abort when no input device is available (git-fixes).
- ALSA: caiaq: Fix control_put() result and cache rollback (git-fixes).
- ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path (git-fixes).
- ALSA: caiaq: fix usb_dev refcount leak on probe failure (git-fixes).
- ALSA: caiaq: Handle probe errors properly (git-fixes).
- ALSA: caiaq: take a reference on the USB device in create_card() (git-fixes).
- ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names() (git-fixes).
- ALSA: core: Fix potential data race at fasync handling (git-fixes).
- ALSA: core: Serialize deferred fasync state checks (git-fixes).
- ALSA: core: Validate compress device numbers without dynamic minors (git-fixes).
- ALSA: ctxfi: Add fallback to default RSR for S/PDIF (git-fixes).
- ALSA: ctxfi: Fix missing SPDIFI1 index handling (stable-fixes).
- ALSA: ctxfi: Limit PTP to a single page (git-fixes).
- ALSA: firewire-tascam: Do not drop unread control events (git-fixes).
- ALSA: fireworks: bound device-supplied status before string array lookup (git-fixes).
- ALSA: hda/hdmi: Add quirk for TUXEDO IBS14G6 (stable-fixes).
- ALSA: hda/realtek - fixed speaker no sound update (git-fixes).
- ALSA: hda/realtek: Add HP ENVY Laptop 13-ba0xxx quirk (stable-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion 15-eg0xxx (stable-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG Flow Z13-KJP GZ302EAC (stable-fixes).
- ALSA: hda/realtek: add quirk for Framework F111:000F (stable-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14IAH10 (stable-fixes).
- ALSA: hda/realtek: fix code style (ERROR: else should follow close brace '}') (git-fixes).
- ALSA: hda: cs35l41: Put ACPI device on missing physical node (git-fixes).
- ALSA: hda: cs35l56: Propagate ASP TX source control errors (git-fixes).
- ALSA: hda: cs35l56: Put ACPI device after setting companion (git-fixes).
- ALSA: hda: Fix NULL pointer dereference in snd_hda_ctl_add() (git-fixes).
- ALSA: misc: Use guard() for spin locks (stable-fixes).
- ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger (stable-fixes).
- ALSA: pcmtest: fix reference leak on failed device registration (git-fixes).
- ALSA: pcmtest: Fix resource leaks in module init error paths (git-fixes).
- ALSA: pcmtest: Return -EFAULT on pattern read copy failure (git-fixes).
- ALSA: sc6000: Keep the programmed board state in card-private data (git-fixes).
- ALSA: scarlett2: Add missing error check when initialise Autogain Status (git-fixes).
- ALSA: scarlett2: Add missing sentinel initializer field (git-fixes).
- ALSA: seq: Notify client and port info changes (stable-fixes).
- ALSA: seq_oss: return full count for successful SEQ_FULLSIZE writes (stable-fixes).
- ALSA: usb-audio: apply quirk for MOONDROP JU Jiu (stable-fixes).
- ALSA: usb-audio: Avoid false E-MU sample-rate notifications (git-fixes).
- ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3() (git-fixes).
- ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans (git-fixes).
- ALSA: usb-audio: Bound MIDI endpoint descriptor scans (git-fixes).
- ALSA: usb-audio: Evaluate packsize caps at the right place (git-fixes).
- ALSA: usb-audio: Fix Audio Advantage Micro II SPDIF switch (git-fixes).
- ALSA: usb-audio: Fix potential leak of pd at parsing UAC3 streams (git-fixes).
- ALSA: usb-audio: Fix quirk flags for NeuralDSP Quad Cortex (stable-fixes).
- ALSA: usb-audio: Fix UAC3 cluster descriptor size check (git-fixes).
- ALSA: usb-audio: midi2: Restart output URBs on resume (git-fixes).
- ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES (git-fixes).
- ALSA: virtio: drop an extaneous kernel-doc comment (git-fixes).
- amdgpu/jpeg: fix deepsleep register for jpeg 5_0_0 and 5_0_2 (stable-fixes).
- ASoC: amd: acp: Add DMI quirk for Valve Steam Deck OLED (git-fixes).
- ASoC: amd: yc: Add DMI entry for HP Laptop 15-fc0xxx (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK BM1403CDA (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for Thin A15 B7VF (stable-fixes).
- ASoC: amd: yc: Add HP OMEN Gaming Laptop 16-ap0xxx product line in quirk table (stable-fixes).
- ASoC: codecs: ab8500: Fix casting of private data (git-fixes).
- ASoC: cs35l56: Destroy workqueue in probe error path (git-fixes).
- ASoC: cs35l56: Don't use devres to unregister component (git-fixes).
- ASoC: cs35l56: Fix hibernate write in runtime resume error path (git-fixes).
- ASoC: fsl_easrc: Change the type for iec958 channel status controls (git-fixes).
- ASoC: fsl_easrc: Check the variable range in fsl_easrc_iec958_put_bits() (git-fixes).
- ASoC: fsl_easrc: fix comment typo (git-fixes).
- ASoC: fsl_easrc: Fix value type in fsl_easrc_iec958_get_bits() (git-fixes).
- ASoC: fsl_micfil: Add access property for "VAD Detected" (git-fixes).
- ASoC: fsl_micfil: Fix event generation in hwvad_put_enable() (git-fixes).
- ASoC: fsl_micfil: Fix event generation in hwvad_put_init_mode() (git-fixes).
- ASoC: fsl_micfil: Fix event generation in micfil_put_dc_remover_state() (git-fixes).
- ASoC: fsl_micfil: Fix event generation in micfil_quality_set() (git-fixes).
- ASoC: fsl_xcvr: Fix event generation for cached controls (git-fixes).
- ASoC: fsl_xcvr: Fix event generation in fsl_xcvr_arc_mode_put() (git-fixes).
- ASoC: fsl_xcvr: Fix event generation in fsl_xcvr_mode_put() (git-fixes).
- ASoC: Intel: bytcr_wm5102: Fix MCLK leak on platform_clock_control error (git-fixes).
- ASoC: qcom: q6apm-dai: reset queue ptr on trigger stop (git-fixes).
- ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens (git-fixes).
- ASoC: qcom: q6apm: move component registration to unmanaged version (git-fixes).
- ASoC: qcom: q6apm: remove child devices when apm is removed (git-fixes).
- ASoC: qcom: qdsp6: topology: check widget type before accessing data (git-fixes).
- ASoC: soc-core: call missing INIT_LIST_HEAD() for card_aux_list (stable-fixes).
- ASoC: SOF: compress: return the configured codec from get_params (git-fixes).
- ASoC: SOF: Don't allow pointer operations on unconfigured streams (git-fixes).
- ASoC: SOF: Intel: hda: Place check before dereference (git-fixes).
- ASoC: SOF: topology: reject invalid vendor array size in token parser (stable-fixes).
- ASoC: sti: Return errors from regmap_field_alloc() (git-fixes).
- ASoC: sti: use managed regmap_field allocations (git-fixes).
- ASoC: stm32_sai: fix incorrect BCLK polarity for DSP_A/B, LEFT_J (stable-fixes).
- ata: ahci: force 32-bit DMA for JMicron JMB582/JMB585 (stable-fixes).
- backlight: sky81452-backlight: Check return value of devm_gpiod_get_optional() in sky81452_bl_parse_dt() (git-fixes).
- batman-adv: bla: only purge non-released claims (git-fixes).
- batman-adv: bla: prevent use-after-free when deleting claims (git-fixes).
- batman-adv: bla: put backbone reference on failed claim hash insert (git-fixes).
- batman-adv: fix integer overflow on buff_pos (git-fixes).
- batman-adv: hold claim backbone gateways by reference (git-fixes).
- batman-adv: reject new tp_meter sessions during teardown (git-fixes).
- batman-adv: reject oversized global TT response buffers (git-fixes).
- batman-adv: stop caching unowned originator pointers in BAT IV (git-fixes).
- bitfield: Add FIELD_MODIFY() helper (jsc#PED-14238).
- Bluetooth: bnep: fix incorrect length parsing in bnep_rx_frame() extension handling (git-fixes).
- Bluetooth: btmtk: validate WMT event SKB length before struct access (git-fixes).
- Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (bsc#1260996).
- Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER (git-fixes).
- Bluetooth: hci_event: fix memset typo (git-fixes).
- Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt (git-fixes).
- Bluetooth: hci_event: fix potential UAF in SSP passkey handlers (git-fixes).
- Bluetooth: hci_ldisc: Clear HCI_UART_PROTO_INIT on error (git-fixes).
- Bluetooth: HIDP: serialise l2cap_unregister_user via hidp_session_sem (git-fixes).
- Bluetooth: ISO: Fix data-race on dst in iso_sock_connect() (git-fixes).
- Bluetooth: l2cap: Add missing chan lock in l2cap_ecred_reconf_rsp (git-fixes).
- Bluetooth: l2cap: fix MPS check in l2cap_ecred_reconf_req (git-fixes).
- Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb() (git-fixes).
- Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb() (git-fixes).
- Bluetooth: L2CAP: Fix printing wrong information if SDU length exceeds MTU (git-fixes).
- Bluetooth: RFCOMM: pull credit byte with skb_pull_data() (git-fixes).
- Bluetooth: SCO: check for codecs->num_codecs == 1 before assigning to sco_pi(sk)->codec (git-fixes).
- Bluetooth: SCO: fix sleeping under spinlock in sco_conn_ready (git-fixes).
- Bluetooth: SCO: hold sk properly in sco_conn_ready (git-fixes).
- Bluetooth: virtio_bt: clamp rx length before skb_put (git-fixes).
- Bluetooth: virtio_bt: validate rx pkt_type header length (git-fixes).
- bpf: Add third round of bounds deduction (git-fixes).
- bpf: Fix u32/s32 bounds when ranges cross min/max boundary (git-fixes).
- bpf: Improve bounds when s64 crosses sign boundary (git-fixes).
- bpf: Switch CONFIG_CFI_CLANG to CONFIG_CFI (git-fixes).
- btrfs: qgroup: update all parent qgroups when doing quick inherit (bsc#1258933).
- btrfs: reject root items with drop_progress and zero drop_level (git-fixes).
- btrfs: replace BUG() with error handling in __btrfs_balance() (git-fixes).
- bus: mhi: host: pci_generic: Switch to async power up to avoid boot delays (git-fixes).
- bus: rifsc: fix RIF configuration check for peripherals (git-fixes).
- can: mcp251x: add error handling for power enable in open and resume (stable-fixes).
- can: raw: fix ro->uniq use-after-free in raw_rcv() (git-fixes).
- can: ucan: fix devres lifetime (git-fixes).
- cdc-acm: new quirk for EPSON HMD (stable-fixes).
- check-for-config-changes: Exclude CC_MS_EXTENSIONS.
- check-for-config-changes: Exclude HAVE_CFI_ICALL_NORMALIZE_INTEGERS{,_RUSTC}.
- comedi: dt2815: add hardware detection to prevent crash (stable-fixes).
- cpufreq: intel_pstate: Drop Arrow Lake from "scaling factor" list (bsc#1249104).
- crypto: af_alg - limit RX SG extraction by receive buffer budget (git-fixes).
- crypto: algif_aead - Fix minimum RX size check for decryption (git-fixes).
- crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup (git-fixes).
- crypto: atmel-ecc - Release client on allocation failure (git-fixes).
- crypto: atmel-sha204a - Fix error codes in OTP reads (git-fixes).
- crypto: atmel-sha204a - Fix OTP sysfs read and error handling (git-fixes).
- crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path (git-fixes).
- crypto: atmel-sha204a - Fix uninitialized data access on OTP read error (git-fixes).
- crypto: atmel-tdes - fix DMA sync direction (git-fixes).
- crypto: ccp - copy IV using skcipher ivsize (git-fixes).
- crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed (git-fixes).
- crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed (git-fixes).
- crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed (git-fixes).
- crypto: ccree - fix a memory leak in cc_mac_digest() (git-fixes).
- crypto: drivers - Switch back to struct platform_driver::remove() (jsc#PED-14238).
- crypto: drivers - Use str_enable_disable-like helpers (jsc#PED-14238).
- crypto: hisilicon - Fix dma_unmap_single() direction (git-fixes).
- crypto: iaa - Adjust workqueue allocation type (jsc#PED-14238).
- crypto: iaa - fix per-node CPU counter reset in rebalance_wq_table() (git-fixes).
- crypto: iaa - Move compression CRC into request object (jsc#PED-14238).
- crypto: iaa - Optimize rebalance_wq_table() (jsc#PED-14238).
- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-14238).
- crypto: iaa - Remove unreachable pr_debug from iaa_crypto_cleanup_module (jsc#PED-14238).
- crypto: iaa - Remove unused disable_async argument from iaa_decompress (jsc#PED-14238).
- crypto: iaa - Replace sprintf with sysfs_emit in sysfs show functions (jsc#PED-14238).
- crypto: iaa - Simplify init_iaa_device() (jsc#PED-14238).
- crypto: jitterentropy - replace long-held spinlock with mutex (git-fixes).
- crypto: nx - Fix packed layout in struct nx842_crypto_header (git-fixes).
- crypto: pcrypt - Fix handling of MAY_BACKLOG requests (git-fixes).
- crypto: qat - #undef field_get() before local definition (jsc#PED-14238).
- crypto: qat - add adf_rl_get_num_svc_aes() in rate limiting (jsc#PED-14238).
- crypto: qat - add bank state save and restore for qat_420xx (jsc#PED-14238).
- crypto: qat - add command queue telemetry counters for GEN6 (jsc#PED-14238).
- crypto: qat - add compression slice count for rate limiting (jsc#PED-14238).
- crypto: qat - add decompression service for rate limiting (jsc#PED-14238).
- crypto: qat - add decompression service to telemetry (jsc#PED-14238).
- crypto: qat - add firmware headers for GEN6 devices (jsc#PED-14238).
- crypto: qat - add GEN6 firmware loader (jsc#PED-14238).
- crypto: qat - add get_svc_slice_cnt() in device data structure (jsc#PED-14238).
- crypto: qat - add live migration enablers for GEN6 devices (jsc#PED-14238).
- crypto: qat - add macro to write 64-bit values to registers (jsc#PED-14238).
- crypto: qat - add missing header inclusion (jsc#PED-14238).
- crypto: qat - add qat_6xxx driver (jsc#PED-14238).
- crypto: qat - add ring buffer idle telemetry counter for GEN6 (jsc#PED-14238).
- crypto: qat - add support for decompression service to GEN6 devices (jsc#PED-14238).
- crypto: qat - consolidate service enums (jsc#PED-14238).
- crypto: qat - Constify struct pm_status_row (jsc#PED-14238).
- crypto: qat - disable 4xxx AE cluster when lead engine is fused off (git-fixes).
- crypto: qat - disable 420xx AE cluster when lead engine is fused off (git-fixes).
- crypto: qat - do not export adf_cfg_services (jsc#PED-14238).
- crypto: qat - enable power management debugfs for GEN6 devices (jsc#PED-14238).
- crypto: qat - enable RAS support for GEN6 devices (jsc#PED-14238).
- crypto: qat - enable rate limiting feature for GEN6 devices (jsc#PED-14238).
- crypto: qat - enable reporting of error counters for GEN6 devices (jsc#PED-14238).
- crypto: qat - enable telemetry for GEN6 devices (jsc#PED-14238).
- crypto: qat - export adf_get_service_mask() (jsc#PED-14238).
- crypto: qat - export adf_init_admin_pm() (jsc#PED-14238).
- crypto: qat - expose configuration functions (jsc#PED-14238).
- crypto: qat - fix compression instance leak (git-fixes).
- crypto: qat - fix IRQ cleanup on 6xxx probe failure (git-fixes).
- crypto: qat - fix object goals in Makefiles (jsc#PED-14238.
- crypto: qat - fix type mismatch in RAS sysfs show functions (git-fixes).
- crypto: qat - Fix typo "accelaration" (jsc#PED-14238).
- crypto: qat - fix virtual channel configuration for GEN6 devices (jsc#PED-14238).
- crypto: qat - include qat_common in top Makefile (jsc#PED-14238).
- crypto: qat - introduce fuse array (jsc#PED-14238).
- crypto: qat - make adf_dev_autoreset() static (jsc#PED-14238).
- crypto: qat - optimize allocations for fw authentication (jsc#PED-14238).
- crypto: qat - refactor compression template logic (jsc#PED-14238).
- crypto: qat - refactor FW signing algorithm (jsc#PED-14238).
- crypto: qat - refactor ring-related debug functions (jsc#PED-14238).
- crypto: qat - refactor service parsing logic (jsc#PED-14238).
- crypto: qat - relocate and rename bank state structure definition (jsc#PED-14238).
- crypto: qat - relocate bank state helper functions (jsc#PED-14238).
- crypto: qat - relocate power management debugfs helper APIs (jsc#PED-14238).
- crypto: qat - relocate service related functions (jsc#PED-14238).
- crypto: qat - remove BITS_IN_DWORD() (jsc#PED-14238).
- crypto: qat - Remove dst_null support (jsc#PED-14238).
- crypto: qat - remove duplicate masking for GEN6 devices (jsc#PED-14238).
- crypto: qat - remove initialization in device class (jsc#PED-14238).
- crypto: qat - remove redundant FW image size check (jsc#PED-14238).
- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-14238).
- crypto: qat - remove unused members in suof structure (jsc#PED-14238).
- crypto: qat - rename and relocate timer logic (jsc#PED-14238).
- crypto: qat - reorder objects in qat_common Makefile (jsc#PED-14238).
- crypto: qat - replace CHECK_STAT macro with static inline function (jsc#PED-14238).
- crypto: qat - Replace kzalloc() + copy_from_user() with memdup_user() (jsc#PED-14238).
- crypto: qat - restore ASYM service support for GEN6 devices (jsc#PED-14238).
- crypto: qat - Return pointer directly in adf_ctl_alloc_resources (jsc#PED-14238).
- crypto: qat - set command ids as reserved (jsc#PED-14238).
- crypto: qat - switch to standard pattern for PCI IDs (jsc#PED-14238).
- crypto: qat - update firmware api (jsc#PED-14238).
- crypto: qat - use pr_fmt() in adf_gen4_hw_data.c (jsc#PED-14238).
- crypto: qat - use pr_fmt() in qat uclo.c (jsc#PED-14238).
- crypto: qat - use simple_strtoull to improve qat_uclo_parse_num (jsc#PED-14238).
- crypto: qat - use swab32 macro (git-fixes).
- crypto: qat - validate service in rate limiting sysfs api (jsc#PED-14238).
- crypto: qat/qat_6xxx - Fix NULL vs IS_ERR() check in adf_probe() (jsc#PED-14238).
- crypto: sa2ul - Fix AEAD fallback algorithm names (git-fixes).
- crypto: simd - reject compat registrations without __ prefixes (git-fixes).
- crypto: talitos - fix SEC1 32k ahash request limitation (git-fixes).
- crypto: tegra - Disable softirqs before finalizing request (git-fixes).
- devres: fix missing node debug info in devm_krealloc() (git-fixes).
- dmaengine: dw-axi-dmac: fix Alignment should match open parenthesis (git-fixes).
- dmaengine: dw-axi-dmac: Remove unnecessary return statement from void function (git-fixes).
- dmaengine: mxs-dma: Fix missing return value from of_dma_controller_register() (git-fixes).
- dpll: zl3073x: Add support to adjust phase (bsc#1255752).
- dpll: zl3073x: Fix output pin phase adjustment sign (bsc#1255752).
- dpll: zl3073x: fix REF_PHASE_OFFSET_COMP register width for some chip IDs (bsc#1255752).
- dpll: zl3073x: Specify phase adjustment granularity for pins (bsc#1255752).
- drivers/base/memory: fix memory block reference leak in poison accounting (git-fixes).
- drm/amd/display: Add NULL check for integrated_info in clk_mgr_construct (git-fixes).
- drm/amd/display: Allow DCE link encoder without AUX registers (git-fixes).
- drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths (git-fixes).
- drm/amd/display: Change dither policy for 10 bpc output back to dithering (git-fixes).
- drm/amd/display: Correct logic check error for fastboot (git-fixes).
- drm/amd/display: Disable 10-bit truncation and dithering on DCE 6.x (git-fixes).
- drm/amd/display: Disable fastboot on DCE 6 too (stable-fixes).
- drm/amd/display: Read EDID from VBIOS embedded panel info (git-fixes).
- drm/amd/pm/ci: Clear EnabledForActivity field for memory levels (git-fixes).
- drm/amd/pm/ci: Disable MCLK DPM on problematic CI ASICs (git-fixes).
- drm/amd/pm/ci: Fill DW8 fields from SMC (git-fixes).
- drm/amd/pm/ci: Fix powertune defaults for Hawaii 0x67B0 (git-fixes).
- drm/amd/pm/ci: Use highest MCLK on CI when MCLK DPM is disabled (git-fixes).
- drm/amd/pm/smu7: Add SCLK cap for quirky Hawaii board (git-fixes).
- drm/amd/pm/smu7: Fix SMU7 voltage dependency on display clock (git-fixes).
- drm/amd/pm: fix incorrect FeatureCtrlMask setting on smu v14.0.x (git-fixes).
- drm/amdgpu/gfx6: Support harvested SI chips with disabled TCCs (v2) (git-fixes).
- drm/amdgpu/gfx9: drop unnecessary 64-bit fence flag check in KIQ (stable-fixes).
- drm/amdgpu/gfx10: look at the right prop for gfx queue priority (git-fixes).
- drm/amdgpu/gfx11: look at the right prop for gfx queue priority (git-fixes).
- drm/amdgpu/gmc: Fix AMDGPU_GART_PLACEMENT_LOW to not overlap with VRAM (git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v2.0 ring (git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v2.5 ring (git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v3.0 ring (git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0 ring (git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0.3 ring (git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0.5 ring (git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v5.0.0 ring (git-fixes).
- drm/amdgpu/pm: add missing revision check for CI (git-fixes).
- drm/amdgpu/pm: align Hawaii mclk workaround with radeon (git-fixes).
- drm/amdgpu/pm: drop SMU driver if version not matched messages (stable-fixes).
- drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission (git-fixes).
- drm/amdgpu/vce: Prevent partial address patches (stable-fixes).
- drm/amdgpu/vcn3: Avoid overflow on msg bound check (git-fixes).
- drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg (stable-fixes).
- drm/amdgpu/vcn4: Avoid overflow on msg bound check (git-fixes).
- drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg (stable-fixes).
- drm/amdgpu/vcn4: Prevent OOB reads when parsing IB (stable-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v2.0 enc/dec rings (git-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v2.5 enc/dec rings (git-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v3.0 enc/dec rings (git-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v4.0 enc ring (git-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v4.0.3 enc ring (git-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v4.0.5 enc ring (git-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v5.0.0 enc ring (git-fixes).
- drm/amdgpu: Add bounds checking to ib_{get,set}_value (stable-fixes).
- drm/amdgpu: Add default case in DVI mode validation (git-fixes).
- drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG (git-fixes).
- drm/amdgpu: fix zero-size GDS range init on RDNA4 (stable-fixes).
- drm/amdgpu: gate VM CPU HDP flush on reset lock (stable-fixes).
- drm/amdgpu: replace PASID IDR with XArray (git-fixes).
- drm/amdgpu: Use SMUIO 15.0.0 offsets for TSC upper and lower count (stable-fixes).
- drm/amdgpu: zero-initialize GART table on allocation (stable-fixes).
- drm/amdkfd: Add upper bound check for num_of_nodes (stable-fixes).
- drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure (stable-fixes).
- drm/amdkfd: Make all TLB-flushes heavy-weight (stable-fixes).
- drm/amdkfd: validate SVM ioctl nattr against buffer size (stable-fixes).
- drm/arcpgu: fix device node leak (git-fixes).
- drm/bridge: cadence: cdns-mhdp8546-core: Add mode_valid hook to drm_bridge_funcs (git-fixes).
- drm/bridge: cadence: cdns-mhdp8546-core: Handle HDCP state in bridge atomic check (git-fixes).
- drm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp connector earlier in atomic_enable() (git-fixes).
- drm/bridge: stm_lvds: Do not fail atomic_check on disabled connector (git-fixes).
- drm/etnaviv: Fix armed job not being pushed to the DRM scheduler (git-fixes).
- drm/exynos: remove bridge when component_add fails (git-fixes).
- drm/fb-helper: Fix clipping when damage area spans a single scanline (git-fixes).
- drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() (git-fixes).
- drm/gma500/oaktrail_hdmi: fix i2c adapter leak on setup (git-fixes).
- drm/gma500/oaktrail_lvds: fix hang on init failure (git-fixes).
- drm/gma500/oaktrail_lvds: fix i2c adapter leaks on init (git-fixes).
- drm/i915/dp: Fix VSC dynamic range signaling for RGB formats (git-fixes).
- drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat (git-fixes).
- drm/i915/wm: Verify the correct plane DDB entry (git-fixes).
- drm/i915: skip __i915_request_skip() for already signaled requests (git-fixes).
- drm/imagination: Switch reset_reason fields from enum to u32 (git-fixes).
- drm/komeda: fix integer overflow in AFBC framebuffer size check (git-fixes).
- drm/loongson: Use managed KMS polling (git-fixes).
- drm/msm/a6xx: Fix dumping A650+ debugbus blocks (git-fixes).
- drm/msm/a6xx: Fix HLSQ register dumping (git-fixes).
- drm/msm/a6xx: Use barriers while updating HFI Q headers (git-fixes).
- drm/msm/dpu: fix mismatch between power and frequency (git-fixes).
- drm/msm/dsi: add the missing parameter description (git-fixes).
- drm/msm/dsi: fix bits_per_pclk (git-fixes).
- drm/msm/dsi: fix hdisplay calculation for CMD mode panel (git-fixes).
- drm/msm/dsi: rename MSM8998 DSI version from V2_2_0 to V2_0_0 (git-fixes).
- drm/msm/gem: fix error handling in msm_ioctl_gem_info_get_metadata() (git-fixes).
- drm/msm/shrinker: Fix can_block() logic (git-fixes).
- drm/nouveau: fix nvkm_device leak on aperture removal failure (git-fixes).
- drm/nouveau: fix u32 overflow in pushbuf reloc bounds check (git-fixes).
- drm/panel: boe-tv101wum-nl6: restore MODE_LPM after sending disable cmds (git-fixes).
- drm/panel: himax-hx83102: restore MODE_LPM after sending disable cmds (git-fixes).
- drm/panel: sharp-ls043t1le01: make use of prepare_prev_first (git-fixes).
- drm/panel: simple: Correct G190EAN01 prepare timing (git-fixes).
- drm/panfrost: Fix wait_bo ioctl leaking positive return from dma_resv_wait_timeout() (git-fixes).
- drm/panthor: Fix outdated function documentation (git-fixes).
- drm/radeon: add missing revision check for CI (git-fixes).
- drm/sun4i: backend: fix error pointer dereference (git-fixes).
- drm/sun4i: Fix resource leaks (git-fixes).
- drm/v3d: Handle error from drm_sched_entity_init() (git-fixes).
- drm/vc4: Fix a memory leak in hang state error path (git-fixes).
- drm/vc4: Fix memory leak of BO array in hang state (git-fixes).
- drm/vc4: platform_get_irq_byname() returns an int (stable-fixes).
- drm/vc4: Protect madv read in vc4_gem_object_mmap() with madv_lock (git-fixes).
- drm/vc4: Release runtime PM reference after binding V3D (git-fixes).
- drm/vram: remove DRM_VRAM_MM_FILE_OPERATIONS from docs (git-fixes).
- drm/xe/bo: Fix bo leak on GGTT flag validation in xe_bo_init_locked() (git-fixes).
- drm/xe/bo: Fix bo leak on unaligned size validation in xe_bo_init_locked() (git-fixes).
- drm/xe/debugfs: Correct printing of register whitelist ranges (git-fixes).
- drm/xe/dma-buf: handle empty bo and UAF races (git-fixes).
- drm/xe/gsc: Fix BO leak on error in query_compatibility_version() (git-fixes).
- drm/xe/uapi: update used tracking kernel-doc (git-fixes).
- drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import() (git-fixes).
- drm/xe: Fix error cleanup in xe_exec_queue_create_ioctl() (git-fixes).
- dt-bindings: net: Fix Tegra234 MGBE PTP clock (git-fixes).
- efi/capsule-loader: fix incorrect sizeof in phys array reallocation (git-fixes).
- efi: pstore: Drop efivar lock when efi_pstore_open() returns with an error (git-fixes).
- erofs: add GFP_NOIO in the bio completion if needed (git-fixes).
- ext4: fix fsync(2) for nojournal mode (git-fixes).
- ext4: make recently_deleted() properly work with lazy itable initialization (git-fixes).
- ext4: reject mount if bigalloc with s_first_data_block != 0 (git-fixes).
- extcon: Fixed sysfs duplicate filename issue (git-fixes).
- extcon: ptn5150: handle pending IRQ events during system resume (git-fixes).
- fbdev: matroxfb: Mark variable with __maybe_unused to avoid W=1 build break (git-fixes).
- fbdev: offb: fix PCI device reference leak on probe failure (git-fixes).
- fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO (stable-fixes).
- fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO (git-fixes).
- firmware: arm_ffa: Use the correct buffer size during RXTX_MAP (git-fixes).
- firmware: dmi: Correct an indexing error in dmi.h (git-fixes).
- firmware: google: framebuffer: Do not mark framebuffer as busy (git-fixes).
- firmware: google: framebuffer: Do not unregister platform device (git-fixes).
- gpio: of: clear OF_POPULATED on hog nodes in remove path (git-fixes).
- gpio: tegra: fix irq_release_resources calling enable instead of disable (git-fixes).
- gtp: disable BH before calling udp_tunnel_xmit_skb() (git-fixes).
- HID: alps: fix NULL pointer dereference in alps_raw_event() (git-fixes).
- HID: amd_sfh: don't log error when device discovery fails with -EOPNOTSUPP (git-fixes).
- HID: apple: ensure the keyboard backlight is off if suspending (git-fixes).
- HID: asus: do not abort probe when not necessary (git-fixes).
- HID: asus: make asus_resume adhere to linux kernel coding standards (git-fixes).
- HID: core: clamp report_size in s32ton() to avoid undefined shift (stable-fixes).
- HID: logitech-hidpp: Enable MX Master 4 over bluetooth (stable-fixes).
- HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure (stable-fixes).
- HID: multitouch: Check to ensure report responses match the request (stable-fixes).
- HID: quirks: add HID_QUIRK_ALWAYS_POLL for 8BitDo Pro 3 (stable-fixes).
- HID: roccat: fix use-after-free in roccat_report_event (stable-fixes).
- HID: usbhid: fix deadlock in hid_post_reset() (git-fixes).
- HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (stable-fixes).
- hisi_acc_vfio_pci: add eq and aeq interruption restore (git-fixes).
- hisi_acc_vfio_pci: bugfix cache write-back issue (git-fixes).
- hisi_acc_vfio_pci: bugfix the problem of uninstalling driver (git-fixes).
- hv_sock: fix ARM64 support (git-fixes).
- hv_sock: update outdated comment for renamed vsock_stream_recvmsg() (git-fixes).
- hwmon: (ads7871) Fix endianness bug in 16-bit register reads (git-fixes).
- hwmon: (corsair-psu) Close HID device on probe errors (git-fixes).
- hwmon: (lm63) Add locking to avoid TOCTOU (git-fixes).
- hwmon: (ltc2992) Clamp threshold writes to hardware range (git-fixes).
- hwmon: (ltc2992) Fix u32 overflow in power read path (git-fixes).
- hwmon: (ltc4286) Add missing MODULE_IMPORT_NS("PMBUS") (git-fixes).
- hwmon: (powerz) Fix missing usb_kill_urb() on signal interrupt (git-fixes).
- hwmon: (powerz) Fix use-after-free on USB disconnect (git-fixes).
- hwmon: (pt5161l) Fix bugs in pt5161l_read_block_data() (git-fixes).
- i2c: s3c24xx: check the size of the SMBUS message before using it (stable-fixes).
- i2c: smbus: reject oversized block transfers in the common path (git-fixes).
- i2c: stm32f7: reinit_completion() per transfer not per msg (git-fixes).
- i2c: stub: Reject I2C block transfers with invalid length (git-fixes).
- i2c: tegra: Add HS mode support (bsc#1261550).
- i2c: tegra: Add Tegra256 support (bsc#1261550).
- i2c: tegra: Do not configure DMA if not supported (bsc#1261550).
- i2c: tegra: Don't mark devices with pins as IRQ safe (stable-fixes).
- i2c: tegra: Update Tegra256 timing parameters (bsc#1261550).
- i2c: tegra: Use separate variables for fast and fastplus (bsc#1261550).
- i3c: dw: Fix memory leak in dw_i3c_master_i3c_xfers() (git-fixes).
- i3c: master: Fix error codes at send_ccc_cmd (git-fixes).
- i3c: mipi-i3c-hci: fix IBI payload length calculation for final status (git-fixes).
- ibmveth: Disable GSO for packets with small MSS (bsc#1265144).
- iio: adc: ad7192: Revert "properly check spi_get_device_match_data()" (stable-fixes).
- iio: adc: ad7768-1: fix one-shot mode data acquisition (git-fixes).
- iio: adc: ti-ads7950: use iio_push_to_buffers_with_ts_unaligned() (git-fixes).
- iio: frequency: admv1013: add dev variable (stable-fixes).
- iio: frequency: admv1013: fix NULL pointer dereference on str (git-fixes).
- Input: bcm5974 - recover from failed mode switch (stable-fixes).
- Input: i8042 - add TUXEDO InfinityBook Max 16 Gen10 AMD to i8042 quirk table (stable-fixes).
- Input: uinput - fix circular locking dependency with ff-core (git-fixes).
- Input: uinput - take event lock when submitting FF request "event" (stable-fixes).
- Input: xpad - add support for BETOP BTP-KP50B/C controller's wireless mode (stable-fixes).
- Input: xpad - add support for Razer Wolverine V3 Pro (stable-fixes).
- interconnect: debugfs: fix devm_kstrdup and kfree mismatch (git-fixes).
- io_uring/timeout: check unused sqe fields (git-fixes).
- iommu/amd: move wait_on_sem() out of spinlock (git-fixes bsc#1260593).
- iommu/amd: serialize sequence allocation under concurrent TLB invalidations (git-fixes bsc#1260593).
- iommu/vt-d: Remove LPIG from page group response descriptor (jsc#PED-16113).
- ipmi: Add limits to event and receive message requests (git-fixes).
- ipmi: Check event message buffer response for bad data (git-fixes).
- ipmi: ssif_bmc: change log level to dbg in irq callback (git-fixes).
- ipmi: ssif_bmc: fix message desynchronization after truncated response (git-fixes).
- ipmi: ssif_bmc: fix missing check for copy_to_user() partial failure (git-fixes).
- ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (git-fixes).
- KVM: arm64: Allow cacheable stage 2 mapping using VMA flags (git-fixes).
- KVM: arm64: Assume non-PFNMAP/MIXEDMAP VMAs can be mapped cacheable (git-fixes).
- KVM: arm64: Block cacheable PFNMAP mapping (git-fixes).
- KVM: arm64: Consolidate idreg callbacks (git-fixes).
- KVM: arm64: Discard PC update state on vcpu reset (git-fixes).
- KVM: arm64: Finalize ID registers only once per VM (git-fixes).
- KVM: arm64: Fix MTE flag initialization for protected VMs (git-fixes).
- KVM: arm64: Fix page leak in user_mem_abort() (git-fixes).
- KVM: arm64: Fix Trace Buffer trap polarity for protected VMs (git-fixes).
- KVM: arm64: Fix Trace Buffer trapping for protected VMs (git-fixes).
- KVM: arm64: Fix vma_shift staleness on nested hwpoison path (git-fixes).
- KVM: arm64: Hide S1POE from guests when not supported by the host (git-fixes).
- KVM: arm64: Limit clearing of ID_{AA64PFR0,PFR1}_EL1.GIC to userspace irqchip (git-fixes).
- KVM: arm64: Make all 32bit ID registers fully writable (git-fixes).
- KVM: arm64: nv: Add trap config for DBGWCR_EL1 (git-fixes).
- KVM: arm64: nv: Return correct RES0 bits for FGT registers (git-fixes).
- KVM: arm64: pkvm: Fallback to level-3 mapping on host stage-2 fault (git-fixes).
- KVM: arm64: Read PMUVer as unsigned (git-fixes).
- KVM: arm64: Rename the device variable to s2_force_noncacheable (git-fixes).
- KVM: arm64: Return early from trace helpers when KVM isn't available (git-fixes).
- KVM: arm64: Set ID_{AA64PFR0,PFR1}_EL1.GIC when GICv3 is configured (git-fixes).
- KVM: arm64: vgic-v3: Release reserved slot outside of lpi_xa's lock (git-fixes).
- KVM: arm64: vgic: Fix IIDR revision field extracted from wrong value (git-fixes).
- KVM: nSVM: Use vcpu->arch.cr2 when updating vmcb12 on nested #VMEXIT (git-fixes).
- KVM: nVMX: Add consistency check for TSC_MULTIPLIER=0 (git-fixes).
- KVM: Reject wrapped offset in kvm_reset_dirty_gfn() (git-fixes).
- KVM: SEV: Disallow LAUNCH_FINISH if vCPUs are actively being created (git-fixes).
- KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION (git-fixes).
- KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish (git-fixes).
- KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock (git-fixes).
- KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU (git-fixes).
- KVM: SVM: Disallow EFER.LMSLE when not supported by hardware (git-fixes).
- KVM: SVM: Fix a missing kunmap_local() in sev_gmem_post_populate() (git-fixes).
- KVM: SVM: Initialize AVIC VMCB fields if AVIC is enabled with in-kernel APIC (git-fixes).
- KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN (git-fixes).
- KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN (git-fixes).
- KVM: SVM: Properly check RAX in the emulator for SVM instructions (git-fixes).
- KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated (git-fixes).
- KVM: TDX: Explicitly set user-return MSRs that *may* be clobbered by the TDX-Module (git-fixes).
- KVM: x86/mmu: Fix UBSAN warning when reading nx_huge_pages parameter (git-fixes).
- KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls (git-fixes).
- KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2() (git-fixes).
- KVM: x86: Advertise EferLmsleUnsupported to userspace (git-fixes).
- KVM: x86: check for nEPT/nNPT in slow flush hypercalls (git-fixes).
- KVM: X86: Fix array_index_nospec protection in __pv_send_ipi (git-fixes).
- KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (git-fixes).
- KVM: x86: hyper-v: Validate all GVAs during PV TLB flush (git-fixes).
- KVM: x86: Ignore cpuid faulting in SMM (git-fixes).
- leds: lgm-sso: Remove duplicate assignments for priv->mmap (git-fixes).
- leds: qcom-lpg: Check for array overflow when selecting the high resolution (stable-fixes).
- lib/hexdump: print_hex_dump_bytes() calls print_hex_dump_debug() (git-fixes).
- md/raid1: fix the comparing region of interval tree (bsc#1261555).
- md/raid1: serialize overlap io for writemostly disk (bsc#1261555).
- media: amphion: Fix race between m2m job_abort and device_run (git-fixes).
- media: as102: fix to not free memory after the device is registered in as102_usb_probe() (git-fixes).
- media: chips-media: wave5: add missing spinlock protection for handle_dynamic_resolution_change() (git-fixes).
- media: chips-media: wave5: add missing spinlock protection for send_eos_event() (git-fixes).
- media: chips-media: wave5: fix a potential memory leak in wave5_vdi_init() (git-fixes).
- media: dib8000: avoid division by 0 in dib8000_set_dds() (git-fixes).
- media: em28xx: fix use-after-free in em28xx_v4l2_open() (git-fixes).
- media: hackrf: fix to not free memory after the device is registered in hackrf_probe() (git-fixes).
- media: i2c: imx219: Check return value of devm_gpiod_get_optional() in imx219_probe() (git-fixes).
- media: i2c: imx283: Enter full standby when stopping streaming (git-fixes).
- media: i2c: imx283: Fix hang when going from large to small resolution (git-fixes).
- media: i2c: imx412: Assert reset GPIO during probe (git-fixes).
- media: i2c: ov08d10: fix image vertical start setting (git-fixes).
- media: i2c: ov8856: free control handler on error in ov8856_init_controls() (git-fixes).
- media: intel/ipu6: fix error pointer dereference (git-fixes).
- media: mtk-jpeg: fix use-after-free in release path due to uncancelled work (git-fixes).
- media: nxp: imx8-isi: Reduce minimum queued buffers from 2 to 0 (git-fixes).
- media: omap3isp: drop the use count of v4l2 pipeline (git-fixes).
- media: pci: zoran: fix potential memory leak in zoran_probe() (git-fixes).
- media: rc: streamzap: Error handling in probe (git-fixes).
- media: rc: xbox_remote: heed DMA restrictions (git-fixes).
- media: saa7164: add ioremap return checks and cleanups (git-fixes).
- media: staging: imx: configure src_mux in csi_start (git-fixes).
- media: staging: imx: request mbus_config in csi_start (git-fixes).
- media: uvcvideo: Enable VB2_DMABUF for metadata stream (git-fixes).
- media: videobuf2: Set vma_flags in vb2_dma_sg_mmap (git-fixes).
- media: vidtv: fix nfeeds state corruption on start_streaming failure (git-fixes).
- media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections (git-fixes).
- media: vidtv: fix pass-by-value structs causing MSAN warnings (git-fixes).
- memory: tegra30-emc: Fix dll_change check (git-fixes).
- memory: tegra124-emc: Fix dll_change check (git-fixes).
- mfd: core: Preserve OF node when ACPI handle is present (git-fixes).
- mfd: mc13xxx-core: Fix memory leak in mc13xxx_add_subdevice_pdata() (git-fixes).
- mfd: stpmic1: Attempt system shutdown twice in case PMIC is confused (git-fixes).
- mkspec: Add signature to source list only when it exists.
- mmc: sdhci-of-dwcmshc: Disable clock before DLL configuration (git-fixes).
- mmc: vub300: fix NULL-deref on disconnect (git-fixes).
- modpost: Amend ppc64 save/restfpr symnames for -Os build (bsc#1215199).
- mtd: docg3: fix use-after-free in docg3_release() (git-fixes).
- mtd: parsers: ofpart: call of_node_get() for dedicated subpartitions (git-fixes).
- mtd: parsers: ofpart: call of_node_put() only in ofpart_fail path (git-fixes).
- mtd: physmap_of_gemini: Fix disabled pinctrl state check (git-fixes).
- mtd: rawnand: sunxi: fix sunxi_nfc_hw_ecc_read_extra_oob (git-fixes).
- mtd: spi-nor: core: correct the op.dummy.nbytes when check read operations (git-fixes).
- mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show() (git-fixes).
- mtd: spi-nor: sst: Fix write enable before AAI sequence (git-fixes).
- mtd: spi-nor: swp: check SR_TB flag when getting tb_mask (git-fixes).
- net-shapers: don't free reply skb after genlmsg_reply() (git-fixes).
- net/mlx5: Fix HCA caps leak on notifier init failure (git-fixes).
- net/rds: reset op_nents when zerocopy page pin fails (bsc#1265626).
- net/sched: cls_fw: fix NULL dereference of "old" filters before change() (git-fixes).
- net/sched: fix pedit partial COW leading to page cache corruption (bsc#1265421).
- net: gro: don't merge zcopy skbs (git-fixes).
- net: hamradio: 6pack: fix uninit-value in sixpack_receive_buf (git-fixes).
- net: mana: Add MAC address to vPort logs and clarify error messages (git-fixes).
- net: mana: check xdp_rxq registration before unreg in mana_destroy_rxq() (git-fixes).
- net: mana: Don't overwrite port probe error with add_adev result (git-fixes).
- net: mana: Fix crash from unvalidated SHM offset read from BAR0 during FLR (bsc#1265846).
- net: mana: Fix EQ leak in mana_remove on NULL port (git-fixes).
- net: mana: Fix RX skb truesize accounting (bsc#1248754).
- net: mana: Guard mana_remove against double invocation (git-fixes).
- net: mana: hardening: Validate adapter_mtu from MANA_QUERY_DEV_CONFIG (git-fixes).
- net: mana: hardening: Validate doorbell ID from GDMA_REGISTER_DEVICE response (git-fixes).
- net: mana: Init gf_stats_work before potential error paths in probe (git-fixes).
- net: mana: Init link_change_work before potential error paths in probe (git-fixes).
- net: mana: Move current_speed debugfs file to mana_init_port() (git-fixes).
- net: mana: remove double CQ cleanup in mana_create_rxq error path (git-fixes).
- net: mana: Set default number of queues to 16 (bsc#1261648).
- net: mana: Skip WQ object destruction for uninitialized RXQ (git-fixes).
- net: mana: Use at least SZ_4K in doorbell ID range check (git-fixes).
- net: mana: Use pci_name() for debugfs directory naming (git-fixes).
- net: phy: broadcom: Save PHY counters during suspend (git-fixes).
- net: phy: DP83TC811: add reading of abilities (git-fixes).
- net: phy: dp83869: fix setting CLK_O_SEL field (git-fixes).
- net: phy: fix a return path in get_phy_c45_ids() (git-fixes).
- net: phy: qcom: at803x: Use the correct bit to disable extended next page (git-fixes).
- net: stmmac: Fix PTP ref clock for Tegra234 (git-fixes).
- net: usb: asix: ax88772: re-add usbnet_link_change() in phylink callbacks (git-fixes).
- net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete() (git-fixes).
- net: usb: rtl8150: fix use-after-free in rtl8150_start_xmit() (git-fixes).
- net: usb: rtl8150: free skb on usb_submit_urb() failure in xmit (git-fixes).
- net: wan: fsl_ucc_hdlc: fix ucc_hdlc_remove (git-fixes).
- net: wan: fsl_ucc_hdlc: fix uhdlc_memclean (git-fixes).
- net: wan: fsl_ucc_hdlc: free tx_skbuff in uhdlc_memclean (git-fixes).
- net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler (git-fixes).
- NFC: digital: Bounds check NFC-A cascade depth in SDD response handler (git-fixes).
- nfc: llcp: add missing return after LLCP_CLOSED checks (git-fixes).
- nfc: pn533: allocate rx skb before consuming bytes (git-fixes).
- nfc: s3fwrn5: allocate rx skb before consuming bytes (git-fixes).
- NFC: trf7970a: Ignore antenna noise when checking for RF field (git-fixes).
- nvme-apple: drop invalid put of admin queue reference count (git-fixes).
- nvme-auth: Include SC_C in RVAL controller hash (bsc#1260428).
- nvme-loop: do not cancel I/O and admin tagset during ctrl reset/shutdown (bsc#1262709).
- nvme-pci: add NVME_QUIRK_DISABLE_WRITE_ZEROES for Kingston OM3SGP4 (git-fixes).
- nvme: Allow reauth from sysfs (bsc#1259672).
- nvme: Expose the tls_configured sysfs for secure concat connections (bsc#1259672).
- nvme: expose TLS mode (bsc#1259672).
- nvme: fix admin queue leak on controller reset (git-fixes).
- nvme: fix PCIe subsystem reset controller state transition (bsc#1261738).
- nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers (git-fixes).
- ocfs2: fix possible deadlock between unlink and dio_end_io_write (bsc#1258718).
- ocfs2: split transactions in dio completion to avoid credit exhaustion (bsc#1258718).
- openvswitch: vport: fix self-deadlock on release of tunnel ports (git-fixes).
- panic/printk: replace other_cpu_in_panic() with panic_on_other_cpu() (bsc#1261149).
- panic/printk: replace this_cpu_in_panic() with panic_on_this_cpu() (bsc#1261149).
- panic: introduce helper functions for panic state (bsc#1261149).
- panic: use angle-bracket include for panic.h (bsc#1261149).
- PCI/AER: Clear only error bits in PCIe Device Status (git-fixes).
- PCI/AER: Stop ruling out unbound devices as error source (git-fixes).
- PCI/ASPM: Fix pci_clear_and_set_config_dword() usage (git-fixes).
- PCI/NPEM: Set LED_HW_PLUGGABLE for hotplug-capable ports (git-fixes).
- PCI/TPH: Allow TPH enable for RCiEPs (git-fixes).
- PCI: dwc: Apply ECRC workaround to DesignWare 5.00a as well (git-fixes).
- PCI: dwc: rcar-gen4: Change EPC BAR alignment to 4K as per the documentation (git-fixes).
- PCI: Enable AtomicOps only if Root Port supports them (git-fixes).
- PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown (git-fixes).
- PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup (git-fixes).
- PCI: epf-mhi: Return 0, not remaining timeout, when eDMA ops complete (git-fixes).
- PCI: hv: Set default NUMA node to 0 for devices without affinity info (bsc#1261648).
- PCI: mediatek-gen3: Prevent leaking IRQ domains when IRQ not found (git-fixes).
- PCI: qcom: Advertise Hotplug Slot Capability with no Command Completion support (git-fixes).
- PCI: tegra194: Allow system suspend when the Endpoint link is not up (git-fixes).
- PCI: tegra194: Disable direct speed change for Endpoint mode (git-fixes).
- PCI: tegra194: Disable LTSSM after transition to Detect on surprise link down (git-fixes).
- PCI: tegra194: Disable PERST# IRQ only in Endpoint mode (git-fixes).
- PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on (git-fixes).
- PCI: tegra194: Fix polling delay for L2 state (git-fixes).
- PCI: tegra194: Free up Endpoint resources during remove() (git-fixes).
- PCI: tegra194: Increase LTSSM poll time on surprise link down (git-fixes).
- PCI: tegra194: Set LTR message request before PCIe link up in Endpoint mode (git-fixes).
- PCI: tegra194: Use devm_gpiod_get_optional() to parse "nvidia,refclk-select" (git-fixes).
- PCI: tegra194: Use DWC IP core version (git-fixes).
- pinctrl: abx500: Fix type of 'argument' variable (git-fixes).
- pinctrl: Fix spelling problem (git-fixes).
- pinctrl: intel: Fix the revision for new features (1kOhm PD, HW debouncer) (stable-fixes).
- pinctrl: pic32: change all cases of bare 'unsigned' to 'unsigned int' (git-fixes).
- pinctrl: pic32: use consistent spacing around '+' (git-fixes).
- pinctrl: pinctrl-pic32: Fix resource leak (git-fixes).
- pinctrl: realtek: Fix function signature for config argument (git-fixes).
- pinctrl: renesas: rzg2l: Fix save/restore of {IOLH,IEN,PUPD,SMT} registers (git-fixes).
- platform/chrome: chromeos_tbmc: Drop wakeup source on remove (git-fixes).
- platform/surface: surfacepro3_button: Drop wakeup source on remove (git-fixes).
- platform/x86/amd: pmc: Add Thinkpad L14 Gen3 to quirk_s2idle_bug (stable-fixes).
- platform/x86/intel-uncore-freq: Handle autonomous UFS status bit (git-fixes).
- platform/x86: asus-wmi: adjust screenpad power/brightness handling (git-fixes).
- platform/x86: asus-wmi: fix screenpad brightness range (git-fixes).
- platform/x86: dell-wmi-sysman: bound enumeration string aggregation (git-fixes).
- platform/x86: dell_rbu: avoid uninit value usage in packet_size_write() (git-fixes).
- platform/x86: hp-wmi: Ignore backlight and FnLock events (stable-fixes).
- platform/x86: panasonic-laptop: Fix OPTD notifier registration and cleanup (git-fixes).
- power: supply: axp288_charger: Do not cancel work before initializing it (git-fixes).
- power: supply: max17042: avoid overflow when determining health (git-fixes).
- powerpc/crash: fix backup region offset update to elfcorehdr (bsc#1259535).
- powerpc/crash: Update backup region offset in elfcorehdr on memory hotplug (bsc#1259535).
- printk/nbcon/panic: Allow printk kthread to sleep when the system is in panic (bsc#1261149).
- printk/nbcon: Block printk kthreads when any CPU is in an emergency context (bsc#1261149).
- printk/nbcon: Release nbcon consoles ownership in atomic flush after each emitted record (bsc#1261149).
- printk/nbcon: Restore IRQ in atomic flush after each emitted record (bsc#1261149).
- printk/nbcon: use panic_on_this_cpu() helper (bsc#1261149).
- printk: Allow printk_trigger_flush() to flush all types (bsc#1262750).
- printk: Allow to use the printk kthread immediately even for 1st nbcon (jsc#PED-7912).
- printk: Avoid irq_work for printk_deferred() on suspend (bsc#1262750).
- printk: Avoid scheduling irq_work on suspend (bsc#1262750).
- printk: console_flush_one_record() code cleanup (bsc#1261149).
- printk: Introduce console_flush_one_record (bsc#1261149).
- printk: Use console_flush_one_record for legacy printer kthread (bsc#1261149).
- pwm: imx-tpm: Count the number of enabled channels in probe (git-fixes).
- qat: don't mess with ->d_name (jsc#PED-14238).
- r8152: fix incorrect register write to USB_UPHY_XTAL (git-fixes).
- RDMA/irdma: Fix double free related to rereg_user_mr (git-fixes).
- RDMA/mana: Fix error unwind in mana_ib_create_qp_rss() (git-fixes).
- RDMA/mana: Fix mana_destroy_wq_obj() cleanup in mana_ib_create_qp_rss() (git-fixes).
- RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() (git-fixes).
- RDMA/mana: Validate rx_hash_key_len (git-fixes).
- RDMA/mana_ib: cleanup the usage of mana_gd_send_request() (git-fixes).
- RDMA/mana_ib: Disable RX steering on RSS QP destroy (git-fixes).
- RDMA/mana_ib: Support memory windows (git-fixes).
- regulator: act8945a: fix OF node reference imbalance (git-fixes).
- regulator: bd9571mwv: fix OF node reference imbalance (git-fixes).
- regulator: max77650: fix OF node reference imbalance (git-fixes).
- regulator: mt6357: fix OF node reference imbalance (git-fixes).
- regulator: rk808: fix OF node reference imbalance (git-fixes).
- remoteproc: xlnx: Fix sram property parsing (git-fixes).
- remoteproc: xlnx: Only access buffer information if IPI is buffered (git-fixes).
- Revert "ALSA: usb: Increase volume range that triggers a warning" (git-fixes).
- Revert "serial: 8250: Revert "drop lockdep annotation from serial8250_clear_IER()"" (bsc#1262480).
- Revert "serial: 8250: Switch to nbcon console" (bsc#1262480).
- rtc: abx80x: Disable alarm feature if no interrupt attached (git-fixes).
- rtc: ntxec: fix OF node reference imbalance (git-fixes).
- s390/dasd: Copy detected format information to secondary device (bsc#1259994).
- s390/dasd: Fix gendisk parent after copy pair swap (bsc#1259994).
- s390/dasd: Move quiesce state with pprc swap (bsc#1259994).
- sched/fair: Change likelyhood of nohz.nr_cpus (bsc#1234634 bsc#1258961).
- sched/fair: Move checking for nohz cpus after time check (bsc#1234634 bsc#1258961).
- sched/fair: Remove nohz.nr_cpus and use weight of cpumask instead (bsc#1234634 bsc#1258961).
- scsi: lpfc: Add clean up of aborted NVMe commands during PCI fcn reset (bsc#1262019).
- scsi: lpfc: Add log messages to fabric login error labels (bsc#1262019).
- scsi: lpfc: Add PCI ID support for LPe42100 series adapters (bsc#1262019).
- scsi: lpfc: Add REG_VFI mailbox cmd error handling (bsc#1262019).
- scsi: lpfc: Break out of IRQ affinity assignment when mask reaches nr_cpu_ids (bsc#1262019).
- scsi: lpfc: Check ASIC_ID register to aid diagnostics during failed fw updates (bsc#1262019).
- scsi: lpfc: Cleanup error exit paths in lpfc_fdmi_cmd() and associated messages (bsc#1262019).
- scsi: lpfc: ELIMINATE kernel-doc warnings in lpfc.h (bsc#1262019).
- scsi: lpfc: Fix incorrect txcmplq_cnt during cleanup in lpfc_sli_abort_ring() (bsc#1262019).
- scsi: lpfc: Introduce 128G link speed selection and support (bsc#1262019).
- scsi: lpfc: Log discarded and insufficient RQE buffer events (bsc#1262019).
- scsi: lpfc: Log MCQE contents for mbox commands with no context (bsc#1262019).
- scsi: lpfc: Properly set WC for DPP mapping (bsc#1262019).
- scsi: lpfc: Reduce pointer chasing when accessing vmid_flag (bsc#1262019).
- scsi: lpfc: Remove deprecated PBDE feature (bsc#1262019).
- scsi: lpfc: Remove unnecessary ndlp kref get in lpfc_check_nlp_post_devloss (bsc#1262019).
- scsi: lpfc: Restrict first burst to non-FCoE and SLI4 adapters only (bsc#1262019).
- scsi: lpfc: Select mailbox rq_create cmd version based on SLI4 if_type (bsc#1262019).
- scsi: lpfc: Update class of service bit field to 3 bits for WQE submissions (bsc#1262019).
- scsi: lpfc: Update construction of SGL when XPSGL is enabled (bsc#1262019).
- scsi: lpfc: Update copyright year string for 2026 (bsc#1262019).
- scsi: lpfc: Update log message when ndlp kref get is unsuccessful (bsc#1262019).
- scsi: lpfc: Update lpfc version to 14.4.0.14 (bsc#1262019).
- scsi: lpfc: Update lpfc version to 15.0.0.0 (bsc#1262019).
- scsi: lpfc: Update outdated comment for renamed lpfc_freenode() (bsc#1262019).
- scsi: lpfc: Use min_t() instead of min() in lpfc_sli4_driver_resource_setup (bsc#1262019).
- scsi: lpfc: Use the crc32c() function (bsc#1262019).
- scsi: mpi3mr: Add NULL checks when resetting request and reply queues (git-fixes).
- scsi: ses: Fix devices attaching to different hosts (git-fixes).
- scsi: storvsc: Handle PERSISTENT_RESERVE_IN truncation for Hyper-V vFC (git-fixes).
- scsi: target: iscsi: validate CHAP_R length before base64 decode (bsc#1265449).
- scsi: ufs: ufs-pci: Add support for Intel Wildcat Lake (jsc#PED-13771).
- selftests/bpf: Test cross-sign 64bits range refinement (git-fixes).
- selftests/bpf: Test invariants on JSLT crossing sign (git-fixes).
- selftests/bpf: test refining u32/s32 bounds when ranges cross min/max boundary (git-fixes).
- selftests: net: build net/lib dependency in all target (bsc#1262245).
- selinux: don't reserve xattr slot when we won't fill it (stable-fixes).
- selinux: prune /sys/fs/selinux/disable (stable-fixes).
- selinux: shrink critical section in sel_write_load() (stable-fixes).
- serial: 8250: Add serial8250_handle_irq_locked() (bsc#1262480).
- serial: 8250: Protect LCR write in shutdown (bsc#1262480).
- serial: 8250_dw: Avoid unnecessary LCR writes (bsc#1262480).
- serial: 8250_dw: Ensure BUSY is deasserted (bsc#1262480).
- serial: 8250_dw: Rework dw8250_handle_irq() locking and IIR handling (bsc#1262480).
- serial: 8250_dw: Rework IIR_NO_INT handling to stop interrupt storm (bsc#1262480).
- Set CONFIG_INTEL_TSX_MODE to follow upstream AUTO default (bsc#1263044).
- soc/tegra: cbb: Set ERD on resume for err interrupt (git-fixes).
- soc: qcom: aoss: compare against normalized cooling state (git-fixes).
- soc: qcom: llcc: fix v1 SB syndrome register offset (git-fixes).
- soc: qcom: ocmem: make the core clock optional (git-fixes).
- soc: qcom: ocmem: register reasons for probe deferrals (git-fixes).
- soc: qcom: ocmem: return -EPROBE_DEFER is ocmem is not available (git-fixes).
- sound: ua101: fix division by zero at probe (git-fixes).
- soundwire: bus: demote UNATTACHED state warnings to dev_dbg() (git-fixes).
- soundwire: cadence: Clear message complete before signaling waiting thread (git-fixes).
- soundwire: debugfs: initialize firmware_file to empty string (git-fixes).
- spi: aspeed-smc: fix controller deregistration (git-fixes).
- spi: at91-usart: fix controller deregistration (git-fixes).
- spi: atmel: fix controller deregistration (git-fixes).
- spi: bcm63xx: fix controller deregistration (git-fixes).
- spi: bcmbca-hsspi: fix controller deregistration (git-fixes).
- spi: cadence: fix controller deregistration (git-fixes).
- spi: cadence: fix unclocked access on unbind (git-fixes).
- spi: ch341: fix memory leaks on probe failures (git-fixes).
- spi: coldfire-qspi: fix controller deregistration (git-fixes).
- spi: dln2: fix controller deregistration (git-fixes).
- spi: fix controller cleanup() documentation (git-fixes).
- spi: fix misleading controller deregistration kernel-doc (git-fixes).
- spi: fix misleading controller registration kernel-doc (git-fixes).
- spi: fsl-espi: fix controller deregistration (git-fixes).
- spi: fsl-qspi: Use reinit_completion() for repeated operations (git-fixes).
- spi: fsl: fix controller deregistration (git-fixes).
- spi: hisi-kunpeng: prevent infinite while() loop in hisi_spi_flush_fifo (git-fixes).
- spi: img-spfi: fix controller deregistration (git-fixes).
- spi: imx: fix runtime pm leak on probe deferral (git-fixes).
- spi: imx: fix use-after-free on unbind (git-fixes).
- spi: lantiq-ssc: fix controller deregistration (git-fixes).
- spi: meson-spicc: fix controller deregistration (git-fixes).
- spi: microchip-core-qspi: fix controller deregistration (git-fixes).
- spi: mpc52xx: fix controller deregistration (git-fixes).
- spi: mpc52xx: fix use-after-free on registration failure (git-fixes).
- spi: mpc52xx: fix use-after-free on unbind (git-fixes).
- spi: mtk-nor: fix controller deregistration (git-fixes).
- spi: mtk-snfi: fix memory leak in probe (git-fixes).
- spi: mtk-snfi: unregister ECC engine on probe failure and remove() callback (git-fixes).
- spi: mxic: fix controller deregistration (git-fixes).
- spi: mxs: fix controller deregistration (git-fixes).
- spi: npcm-pspi: fix controller deregistration (git-fixes).
- spi: omap2-mcspi: fix controller deregistration (git-fixes).
- spi: orion: fix clock imbalance on registration failure (git-fixes).
- spi: orion: fix controller deregistration (git-fixes).
- spi: orion: fix runtime pm leak on unbind (git-fixes).
- spi: pic32-sqi: fix controller deregistration (git-fixes).
- spi: pic32: fix controller deregistration (git-fixes).
- spi: pl022: fix controller deregistration (git-fixes).
- spi: qup: fix controller deregistration (git-fixes).
- spi: rockchip: fix controller deregistration (git-fixes).
- spi: rockchip: Read ISR, not IMR, to detect cs-inactive IRQ (git-fixes).
- spi: rspi: fix controller deregistration (git-fixes).
- spi: s3c64xx: fix controller deregistration (git-fixes).
- spi: s3c64xx: fix NULL-deref on driver unbind (git-fixes).
- spi: sh-hspi: fix controller deregistration (git-fixes).
- spi: sprd: fix controller deregistration (git-fixes).
- spi: st-ssc4: fix controller deregistration (git-fixes).
- spi: sun4i: fix controller deregistration (git-fixes).
- spi: sun6i: fix controller deregistration (git-fixes).
- spi: syncuacer: fix controller deregistration (git-fixes).
- spi: ti-qspi: fix controller deregistration (git-fixes).
- spi: topcliff-pch: fix controller deregistration (git-fixes).
- spi: topcliff-pch: fix use-after-free on unbind (git-fixes).
- spi: uniphier: fix controller deregistration (git-fixes).
- spi: uniphier: Simplify clock handling with devm_clk_get_enabled() (stable-fixes).
- spi: zynq-qspi: fix controller deregistration (git-fixes).
- spi: zynq-qspi: Simplify clock handling with devm_clk_get_enabled() (stable-fixes).
- spi: zynqmp-gqspi: fix controller deregistration (git-fixes).
- staging: media: atomisp: Disallow all private IOCTLs (git-fixes).
- staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify() (git-fixes).
- staging: sm750fb: fix division by zero in ps_to_hz() (git-fixes).
- staging: vme_user: fix root device leak on init failure (git-fixes).
- tg3: replace placeholder MAC address with device property (git-fixes).
- thermal/drivers/spear: Fix error condition for reading st,thermal-flags (git-fixes).
- thermal/drivers/sprd: Fix raw temperature clamping in sprd_thm_rawdata_to_temp (git-fixes).
- thermal/drivers/sprd: Fix temperature clamping in sprd_thm_temp_to_rawdata (git-fixes).
- tools/power/turbostat: Fix microcode patch level output for AMD/Hygon (git-fixes).
- tools: hv: Fix cross-compilation (git-fixes).
- tpm2-sessions: Fix missing tpm_buf_destroy() in tpm2_read_public() (git-fixes).
- tpm: avoid -Wunused-but-set-variable (git-fixes).
- tpm: Fix auth session leak in tpm2_get_random() error path (git-fixes).
- tpm: tpm_tis: add error logging for data transfer (git-fixes).
- tpm: tpm_tis: stop transmit if retries are exhausted (git-fixes).
- tpm: Use kfree_sensitive() to free auth session in tpm_dev_release() (git-fixes).
- tty: serial: ip22zilog: Fix section mispatch warning (git-fixes).
- udp: Force compute_score to always inline (bsc#1241259).
- unshare: fix unshare_fs() handling (git-fixes).
- USB: cdc-acm: Add quirks for Yoga Book 9 14IAH10 INGENIC touchscreen (git-fixes).
- usb: chipidea: core: allow ci_irq_handler() handle both ID and VBUS change (git-fixes).
- usb: chipidea: otg: not wait vbus drop if use role_switch (git-fixes).
- USB: core: add NO_LPM quirk for Razer Kiyo Pro webcam (stable-fixes).
- usb: gadget: dummy_hcd: fix premature URB completion when ZLP follows partial transfer (stable-fixes).
- usb: gadget: f_hid: Add missing error code (git-fixes).
- usb: gadget: f_hid: don't call cdev_init while cdev in use (git-fixes).
- usb: gadget: f_hid: move list and spinlock inits from bind to alloc (stable-fixes).
- usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb() (git-fixes).
- usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete() (git-fixes).
- usb: gadget: f_uac1_legacy: validate control request size (stable-fixes).
- usb: gadget: renesas_usb3: validate endpoint index in standard request handlers (git-fixes).
- usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo (git-fixes).
- USB: omap_udc: DMA: Don't enable burst 4 mode (git-fixes).
- usb: port: add delay after usb_hub_set_port_power() (git-fixes).
- usb: quirks: add DELAY_INIT quirk for another Silicon Motion flash drive (stable-fixes).
- USB: serial: io_edgeport: add support for Blackbox IC135A (stable-fixes).
- USB: serial: option: add MeiG Smart SRM825WN (stable-fixes).
- USB: serial: option: add support for Rolling Wireless RW135R-GL (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990A MBIM composition (git-fixes).
- USB: serial: option: add Telit Cinterion LE910Cx compositions (stable-fixes).
- usb: storage: Expand range of matched versions for VL817 quirks entry (git-fixes).
- usb: typec: tcpm: reset internal port states on soft reset AMS (git-fixes).
- usb: ulpi: fix memory leak on ulpi_register() error paths (git-fixes).
- usb: usblp: fix heap leak in IEEE 1284 device ID via short response (stable-fixes).
- usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl (stable-fixes).
- usb: xhci: Make usb_host_endpoint.hcpriv survive endpoint_disable() (git-fixes).
- usbip: validate number_of_packets in usbip_pack_ret_submit() (git-fixes).
- vfio/pci: Lock upstream bridge for vfio_pci_core_disable() (git-fixes).
- vfio/pds: Fix memory leak in pds_vfio_dirty_enable() (git-fixes).
- vfio/pds: Fix missing detach_ioas op (git-fixes).
- vfio/pds: replace bitmap_free with vfree (git-fixes).
- vfio/type1: Fix error unwind in migration dirty bitmap allocation (git-fixes).
- vfio: Fix unbalanced vfio_df_close call in no-iommu mode (git-fixes).
- vfio: Prevent open_count decrement to negative (git-fixes).
- virt: arm-cca-guest: fix error check for RSI_INCOMPLETE (git-fixes).
- virt: sev-guest: Do not use host-controlled page order in cleanup path (git-fixes).
- virt: tdx-guest: Fix handling of host controlled 'quote' buffer length (git-fixes).
- virt: tdx-guest: Return error for GetQuote failures (git-fixes).
- wifi: ath5k: do not access array OOB (git-fixes).
- wifi: ath9k: Fix typo (git-fixes).
- wifi: ath10k: fix station lookup failure during disconnect (git-fixes).
- wifi: ath11k: fix memory leaks in beacon template setup (git-fixes).
- wifi: ath12k: fix leak in some ath12k_wmi_xxx() functions (git-fixes).
- wifi: ath12k: use lockdep_assert_in_rcu_read_lock() for RCU assertions (git-fixes).
- wifi: b43: enforce bounds check on firmware key index in b43_rx() (git-fixes).
- wifi: b43legacy: enforce bounds check on firmware key index in RX path (git-fixes).
- wifi: brcmfmac: Fix error pointer dereference (git-fixes).
- wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task (git-fixes).
- wifi: brcmfmac: validate bsscfg indices in IF events (stable-fixes).
- wifi: brcmsmac: Fix dma_free_coherent() size (git-fixes).
- wifi: cw1200: Revert "Fix locking in error paths" (git-fixes).
- wifi: libertas: notify firmware load wait on disconnect (git-fixes).
- wifi: mac80211: check ieee80211_rx_data_set_link return in pubsta MLO path (git-fixes).
- wifi: mac80211: check tdls flag in ieee80211_tdls_oper (stable-fixes).
- wifi: mac80211: drop stray 'static' from fast-RX rx_result (git-fixes).
- wifi: mac80211: handle VHT EXT NSS in ieee80211_determine_our_sta_mode() (git-fixes).
- wifi: mac80211: remove station if connection prep fails (git-fixes).
- wifi: mac80211: use safe list iteration in radar detect work (git-fixes).
- wifi: mt76: Fix memory leak after mt76_connac_mcu_alloc_sta_req() (git-fixes).
- wifi: mt76: mt792x: describe USB WFSYS reset with a descriptor (stable-fixes).
- wifi: mt76: mt792x: fix mt7925u USB WFSYS reset handling (git-fixes).
- wifi: mt76: mt7615: fix use_cts_prot support (git-fixes).
- wifi: mt76: mt7915: fix use-after-free bugs in mt7915_mac_dump_work() (git-fixes).
- wifi: mt76: mt7915: fix use_cts_prot support (git-fixes).
- wifi: mt76: mt7921: fix 6GHz regulatory update on connection (git-fixes).
- wifi: mt76: mt7921: fix a potential clc buffer length underflow (git-fixes).
- wifi: mt76: mt7921: fix ROC abort flow interruption in mt7921_roc_work (git-fixes).
- wifi: mt76: mt7921: Place upper limit on station AID (git-fixes).
- wifi: mt76: mt7921: Reset ampdu_state state in case of failure in mt76_connac2_tx_check_aggr() (git-fixes).
- wifi: mt76: mt7925: fix AMPDU state handling in mt7925_tx_check_aggr (git-fixes).
- wifi: mt76: mt7925: fix incorrect length field in txpower command (git-fixes).
- wifi: mt76: mt7925: Fix incorrect MLO mode in firmware control (git-fixes).
- wifi: mt76: mt7925: fix incorrect TLV length in CLC command (git-fixes).
- wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_tx_check_aggr() (git-fixes).
- wifi: mt76: mt7925: prevent NULL vif dereference in mt7925_mac_write_txwi (git-fixes).
- wifi: mt76: mt7996: fix FCS error flag check in RX descriptor (git-fixes).
- wifi: mt76: mt7996: fix struct mt7996_mcu_uni_event (git-fixes).
- wifi: mt76: mt7996: fix use-after-free bugs in mt7996_mac_dump_work() (git-fixes).
- wifi: mwifiex: Fix memory leak in mwifiex_11n_aggregate_pkt() (git-fixes).
- wifi: nl80211: fix NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST usage (git-fixes).
- wifi: nl80211: require admin perm on SET_PMK / DEL_PMK (git-fixes).
- wifi: rsi: fix kthread lifetime race between self-exit and external-stop (git-fixes).
- wifi: rt2x00usb: fix devres lifetime (git-fixes).
- wifi: rtl8xxxu: fix potential use of uninitialized value (git-fixes).
- wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irq_prepare_bcn_tasklet (git-fixes).
- wifi: rtw88: Add additional USB IDs for RTL8812BU (bsc#1263135).
- wifi: rtw88: Add BUFFALO WI-U3-866DHP to the USB ID list (bsc#1263135).
- wifi: rtw88: Add support for Mercusys MA30N and D-Link DWA-T185 rev. A1 (bsc#1263135).
- wifi: rtw88: check for PCI upstream bridge existence (git-fixes).
- wifi: rtw88: fix device leak on probe failure (git-fixes).
- wifi: rtw88: rtw8822bu VID/PID for BUFFALO WI-U2-866DM (bsc#1263135).
- wifi: rtw89: phy: fix uninitialized variable access in rtw89_phy_cfo_set_crystal_cap() (git-fixes).
- wifi: wl1251: validate packet IDs before indexing tx_frames (stable-fixes).
- x86/acpi/boot: Correct acpi_is_processor_usable() check again (git-fixes).
- x86/boot/sev: Avoid shared GHCB page for early memory acceptance (git-fixes).
- x86/boot/sev: Support memory acceptance in the EFI stub under SVSM (git-fixes).
- x86/boot: Fix page table access in 5-level to 4-level paging transition (git-fixes).
- x86/CPU/AMD: Add X86_FEATURE_ZEN6 (bsc#1263255).
- x86/cpufeatures: Free up unused feature bits (bsc#1263255).
- x86/fred: Fix early boot failures on SEV-ES/SNP guests (git-fixes).
- x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() (git-fixes).
- x86/sev: Add missing RIP_REL_REF() invocations during sme_enable() (git-fixes).
- x86/sev: Do not touch VMSA pages during SNP guest memory kdump (git-fixes).
- x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero (git-fixes).
- x86/sev: Fix operator precedence in GHCB_MSR_VMPL_REQ_LEVEL macro (git-fixes).
- x86/sev: Improve handling of writes to intercepted TSC MSRs (git-fixes).
- x86/sev: Make sure pages are not skipped during kdump (git-fixes).
- x86/tsx: Get the tsx= command line parameter with early_param() (bsc#1250951 bsc#1263044).
- x86/tsx: Make tsx_ctrl_state static (bsc#1250951 bsc#1263044).
- x86/vmware: Parse MP tables for SEV-SNP enabled guests under VMware hypervisors (git-fixes).
- X.509: Fix out-of-bounds access when parsing extensions (git-fixes).
- Xarray: do not return sibling entries from xas_find_marked() (bsc#1263815).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-814=1

Package List:

- openSUSE Leap 16.0:

cluster-md-kmp-64kb-6.12.0-160000.33.1
cluster-md-kmp-azure-6.12.0-160000.33.1
cluster-md-kmp-default-6.12.0-160000.33.1
cluster-md-kmp-rt-6.12.0-160000.33.1
dlm-kmp-64kb-6.12.0-160000.33.1
dlm-kmp-azure-6.12.0-160000.33.1
dlm-kmp-default-6.12.0-160000.33.1
dlm-kmp-rt-6.12.0-160000.33.1
dtb-allwinner-6.12.0-160000.33.1
dtb-altera-6.12.0-160000.33.1
dtb-amazon-6.12.0-160000.33.1
dtb-amd-6.12.0-160000.33.1
dtb-amlogic-6.12.0-160000.33.1
dtb-apm-6.12.0-160000.33.1
dtb-apple-6.12.0-160000.33.1
dtb-arm-6.12.0-160000.33.1
dtb-broadcom-6.12.0-160000.33.1
dtb-cavium-6.12.0-160000.33.1
dtb-exynos-6.12.0-160000.33.1
dtb-freescale-6.12.0-160000.33.1
dtb-hisilicon-6.12.0-160000.33.1
dtb-lg-6.12.0-160000.33.1
dtb-marvell-6.12.0-160000.33.1
dtb-mediatek-6.12.0-160000.33.1
dtb-nvidia-6.12.0-160000.33.1
dtb-qcom-6.12.0-160000.33.1
dtb-renesas-6.12.0-160000.33.1
dtb-rockchip-6.12.0-160000.33.1
dtb-socionext-6.12.0-160000.33.1
dtb-sprd-6.12.0-160000.33.1
dtb-xilinx-6.12.0-160000.33.1
gfs2-kmp-64kb-6.12.0-160000.33.1
gfs2-kmp-azure-6.12.0-160000.33.1
gfs2-kmp-default-6.12.0-160000.33.1
gfs2-kmp-rt-6.12.0-160000.33.1
kernel-64kb-6.12.0-160000.33.1
kernel-64kb-devel-6.12.0-160000.33.1
kernel-64kb-extra-6.12.0-160000.33.1
kernel-64kb-optional-6.12.0-160000.33.1
kernel-azure-6.12.0-160000.33.1
kernel-azure-devel-6.12.0-160000.33.1
kernel-azure-extra-6.12.0-160000.33.1
kernel-azure-optional-6.12.0-160000.33.1
kernel-azure-vdso-6.12.0-160000.33.1
kernel-default-6.12.0-160000.33.1
kernel-default-base-6.12.0-160000.33.1.160000.2.14
kernel-default-devel-6.12.0-160000.33.1
kernel-default-extra-6.12.0-160000.33.1
kernel-default-optional-6.12.0-160000.33.1
kernel-default-vdso-6.12.0-160000.33.1
kernel-devel-6.12.0-160000.33.1
kernel-docs-6.12.0-160000.33.1
kernel-docs-html-6.12.0-160000.33.1
kernel-kvmsmall-6.12.0-160000.33.1
kernel-kvmsmall-devel-6.12.0-160000.33.1
kernel-kvmsmall-vdso-6.12.0-160000.33.1
kernel-macros-6.12.0-160000.33.1
kernel-obs-build-6.12.0-160000.33.1
kernel-obs-qa-6.12.0-160000.33.1
kernel-rt-6.12.0-160000.33.1
kernel-rt-devel-6.12.0-160000.33.1
kernel-rt-extra-6.12.0-160000.33.1
kernel-rt-optional-6.12.0-160000.33.1
kernel-rt-vdso-6.12.0-160000.33.1
kernel-source-6.12.0-160000.33.1
kernel-source-vanilla-6.12.0-160000.33.1
kernel-syms-6.12.0-160000.33.1
kernel-zfcpdump-6.12.0-160000.33.1
kselftests-kmp-64kb-6.12.0-160000.33.1
kselftests-kmp-azure-6.12.0-160000.33.1
kselftests-kmp-default-6.12.0-160000.33.1
kselftests-kmp-rt-6.12.0-160000.33.1
ocfs2-kmp-64kb-6.12.0-160000.33.1
ocfs2-kmp-azure-6.12.0-160000.33.1
ocfs2-kmp-default-6.12.0-160000.33.1
ocfs2-kmp-rt-6.12.0-160000.33.1

References:

* https://www.suse.com/security/cve/CVE-2023-2058.html
* https://www.suse.com/security/cve/CVE-2024-14027.html
* https://www.suse.com/security/cve/CVE-2025-40181.html
* https://www.suse.com/security/cve/CVE-2025-40219.html
* https://www.suse.com/security/cve/CVE-2025-68265.html
* https://www.suse.com/security/cve/CVE-2025-68310.html
* https://www.suse.com/security/cve/CVE-2025-71238.html
* https://www.suse.com/security/cve/CVE-2025-71268.html
* https://www.suse.com/security/cve/CVE-2025-71269.html
* https://www.suse.com/security/cve/CVE-2025-71302.html
* https://www.suse.com/security/cve/CVE-2026-23168.html
* https://www.suse.com/security/cve/CVE-2026-23209.html
* https://www.suse.com/security/cve/CVE-2026-23236.html
* https://www.suse.com/security/cve/CVE-2026-23237.html
* https://www.suse.com/security/cve/CVE-2026-23245.html
* https://www.suse.com/security/cve/CVE-2026-23246.html
* https://www.suse.com/security/cve/CVE-2026-23253.html
* https://www.suse.com/security/cve/CVE-2026-23260.html
* https://www.suse.com/security/cve/CVE-2026-23261.html
* https://www.suse.com/security/cve/CVE-2026-23264.html
* https://www.suse.com/security/cve/CVE-2026-23266.html
* https://www.suse.com/security/cve/CVE-2026-23268.html
* https://www.suse.com/security/cve/CVE-2026-23269.html
* https://www.suse.com/security/cve/CVE-2026-23271.html
* https://www.suse.com/security/cve/CVE-2026-23273.html
* https://www.suse.com/security/cve/CVE-2026-23276.html
* https://www.suse.com/security/cve/CVE-2026-23279.html
* https://www.suse.com/security/cve/CVE-2026-23290.html
* https://www.suse.com/security/cve/CVE-2026-23291.html
* https://www.suse.com/security/cve/CVE-2026-23298.html
* https://www.suse.com/security/cve/CVE-2026-23300.html
* https://www.suse.com/security/cve/CVE-2026-23307.html
* https://www.suse.com/security/cve/CVE-2026-23312.html
* https://www.suse.com/security/cve/CVE-2026-23313.html
* https://www.suse.com/security/cve/CVE-2026-23315.html
* https://www.suse.com/security/cve/CVE-2026-23316.html
* https://www.suse.com/security/cve/CVE-2026-23317.html
* https://www.suse.com/security/cve/CVE-2026-23318.html
* https://www.suse.com/security/cve/CVE-2026-23321.html
* https://www.suse.com/security/cve/CVE-2026-23324.html
* https://www.suse.com/security/cve/CVE-2026-23325.html
* https://www.suse.com/security/cve/CVE-2026-23334.html
* https://www.suse.com/security/cve/CVE-2026-23336.html
* https://www.suse.com/security/cve/CVE-2026-23339.html
* https://www.suse.com/security/cve/CVE-2026-23340.html
* https://www.suse.com/security/cve/CVE-2026-23346.html
* https://www.suse.com/security/cve/CVE-2026-23347.html
* https://www.suse.com/security/cve/CVE-2026-23351.html
* https://www.suse.com/security/cve/CVE-2026-23354.html
* https://www.suse.com/security/cve/CVE-2026-23357.html
* https://www.suse.com/security/cve/CVE-2026-23360.html
* https://www.suse.com/security/cve/CVE-2026-23362.html
* https://www.suse.com/security/cve/CVE-2026-23363.html
* https://www.suse.com/security/cve/CVE-2026-23365.html
* https://www.suse.com/security/cve/CVE-2026-23367.html
* https://www.suse.com/security/cve/CVE-2026-23368.html
* https://www.suse.com/security/cve/CVE-2026-23369.html
* https://www.suse.com/security/cve/CVE-2026-23370.html
* https://www.suse.com/security/cve/CVE-2026-23372.html
* https://www.suse.com/security/cve/CVE-2026-23373.html
* https://www.suse.com/security/cve/CVE-2026-23374.html
* https://www.suse.com/security/cve/CVE-2026-23375.html
* https://www.suse.com/security/cve/CVE-2026-23378.html
* https://www.suse.com/security/cve/CVE-2026-23382.html
* https://www.suse.com/security/cve/CVE-2026-23387.html
* https://www.suse.com/security/cve/CVE-2026-23391.html
* https://www.suse.com/security/cve/CVE-2026-23392.html
* https://www.suse.com/security/cve/CVE-2026-23395.html
* https://www.suse.com/security/cve/CVE-2026-23396.html
* https://www.suse.com/security/cve/CVE-2026-23397.html
* https://www.suse.com/security/cve/CVE-2026-23399.html
* https://www.suse.com/security/cve/CVE-2026-23401.html
* https://www.suse.com/security/cve/CVE-2026-23403.html
* https://www.suse.com/security/cve/CVE-2026-23404.html
* https://www.suse.com/security/cve/CVE-2026-23405.html
* https://www.suse.com/security/cve/CVE-2026-23406.html
* https://www.suse.com/security/cve/CVE-2026-23407.html
* https://www.suse.com/security/cve/CVE-2026-23408.html
* https://www.suse.com/security/cve/CVE-2026-23409.html
* https://www.suse.com/security/cve/CVE-2026-23410.html
* https://www.suse.com/security/cve/CVE-2026-23411.html
* https://www.suse.com/security/cve/CVE-2026-23417.html
* https://www.suse.com/security/cve/CVE-2026-23418.html
* https://www.suse.com/security/cve/CVE-2026-23420.html
* https://www.suse.com/security/cve/CVE-2026-23426.html
* https://www.suse.com/security/cve/CVE-2026-23434.html
* https://www.suse.com/security/cve/CVE-2026-23436.html
* https://www.suse.com/security/cve/CVE-2026-23437.html
* https://www.suse.com/security/cve/CVE-2026-23440.html
* https://www.suse.com/security/cve/CVE-2026-23441.html
* https://www.suse.com/security/cve/CVE-2026-23442.html
* https://www.suse.com/security/cve/CVE-2026-23443.html
* https://www.suse.com/security/cve/CVE-2026-23445.html
* https://www.suse.com/security/cve/CVE-2026-23446.html
* https://www.suse.com/security/cve/CVE-2026-23447.html
* https://www.suse.com/security/cve/CVE-2026-23448.html
* https://www.suse.com/security/cve/CVE-2026-23449.html
* https://www.suse.com/security/cve/CVE-2026-23450.html
* https://www.suse.com/security/cve/CVE-2026-23452.html
* https://www.suse.com/security/cve/CVE-2026-23454.html
* https://www.suse.com/security/cve/CVE-2026-23455.html
* https://www.suse.com/security/cve/CVE-2026-23456.html
* https://www.suse.com/security/cve/CVE-2026-23457.html
* https://www.suse.com/security/cve/CVE-2026-23458.html
* https://www.suse.com/security/cve/CVE-2026-23460.html
* https://www.suse.com/security/cve/CVE-2026-23461.html
* https://www.suse.com/security/cve/CVE-2026-23462.html
* https://www.suse.com/security/cve/CVE-2026-23463.html
* https://www.suse.com/security/cve/CVE-2026-23464.html
* https://www.suse.com/security/cve/CVE-2026-23465.html
* https://www.suse.com/security/cve/CVE-2026-23466.html
* https://www.suse.com/security/cve/CVE-2026-23468.html
* https://www.suse.com/security/cve/CVE-2026-23470.html
* https://www.suse.com/security/cve/CVE-2026-23472.html
* https://www.suse.com/security/cve/CVE-2026-23473.html
* https://www.suse.com/security/cve/CVE-2026-23474.html
* https://www.suse.com/security/cve/CVE-2026-23475.html
* https://www.suse.com/security/cve/CVE-2026-31389.html
* https://www.suse.com/security/cve/CVE-2026-31392.html
* https://www.suse.com/security/cve/CVE-2026-31393.html
* https://www.suse.com/security/cve/CVE-2026-31394.html
* https://www.suse.com/security/cve/CVE-2026-31395.html
* https://www.suse.com/security/cve/CVE-2026-31400.html
* https://www.suse.com/security/cve/CVE-2026-31402.html
* https://www.suse.com/security/cve/CVE-2026-31403.html
* https://www.suse.com/security/cve/CVE-2026-31405.html
* https://www.suse.com/security/cve/CVE-2026-31406.html
* https://www.suse.com/security/cve/CVE-2026-31407.html
* https://www.suse.com/security/cve/CVE-2026-31408.html
* https://www.suse.com/security/cve/CVE-2026-31411.html
* https://www.suse.com/security/cve/CVE-2026-31412.html
* https://www.suse.com/security/cve/CVE-2026-31415.html
* https://www.suse.com/security/cve/CVE-2026-31416.html
* https://www.suse.com/security/cve/CVE-2026-31417.html
* https://www.suse.com/security/cve/CVE-2026-31420.html
* https://www.suse.com/security/cve/CVE-2026-31421.html
* https://www.suse.com/security/cve/CVE-2026-31422.html
* https://www.suse.com/security/cve/CVE-2026-31423.html
* https://www.suse.com/security/cve/CVE-2026-31424.html
* https://www.suse.com/security/cve/CVE-2026-31425.html
* https://www.suse.com/security/cve/CVE-2026-31426.html
* https://www.suse.com/security/cve/CVE-2026-31427.html
* https://www.suse.com/security/cve/CVE-2026-31428.html
* https://www.suse.com/security/cve/CVE-2026-31435.html
* https://www.suse.com/security/cve/CVE-2026-31449.html
* https://www.suse.com/security/cve/CVE-2026-31453.html
* https://www.suse.com/security/cve/CVE-2026-31456.html
* https://www.suse.com/security/cve/CVE-2026-31470.html
* https://www.suse.com/security/cve/CVE-2026-31494.html
* https://www.suse.com/security/cve/CVE-2026-31496.html
* https://www.suse.com/security/cve/CVE-2026-31503.html
* https://www.suse.com/security/cve/CVE-2026-31504.html
* https://www.suse.com/security/cve/CVE-2026-31505.html
* https://www.suse.com/security/cve/CVE-2026-31507.html
* https://www.suse.com/security/cve/CVE-2026-31515.html
* https://www.suse.com/security/cve/CVE-2026-31519.html
* https://www.suse.com/security/cve/CVE-2026-31525.html
* https://www.suse.com/security/cve/CVE-2026-31526.html
* https://www.suse.com/security/cve/CVE-2026-31528.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31547.html
* https://www.suse.com/security/cve/CVE-2026-31550.html
* https://www.suse.com/security/cve/CVE-2026-31554.html
* https://www.suse.com/security/cve/CVE-2026-31565.html
* https://www.suse.com/security/cve/CVE-2026-31579.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31588.html
* https://www.suse.com/security/cve/CVE-2026-31644.html
* https://www.suse.com/security/cve/CVE-2026-31649.html
* https://www.suse.com/security/cve/CVE-2026-31658.html
* https://www.suse.com/security/cve/CVE-2026-31662.html
* https://www.suse.com/security/cve/CVE-2026-31666.html
* https://www.suse.com/security/cve/CVE-2026-31668.html
* https://www.suse.com/security/cve/CVE-2026-31669.html
* https://www.suse.com/security/cve/CVE-2026-31675.html
* https://www.suse.com/security/cve/CVE-2026-31678.html
* https://www.suse.com/security/cve/CVE-2026-31679.html
* https://www.suse.com/security/cve/CVE-2026-31681.html
* https://www.suse.com/security/cve/CVE-2026-31682.html
* https://www.suse.com/security/cve/CVE-2026-31684.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31691.html
* https://www.suse.com/security/cve/CVE-2026-31694.html
* https://www.suse.com/security/cve/CVE-2026-31700.html
* https://www.suse.com/security/cve/CVE-2026-31738.html
* https://www.suse.com/security/cve/CVE-2026-31787.html
* https://www.suse.com/security/cve/CVE-2026-43009.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43038.html
* https://www.suse.com/security/cve/CVE-2026-43045.html
* https://www.suse.com/security/cve/CVE-2026-43050.html
* https://www.suse.com/security/cve/CVE-2026-43060.html
* https://www.suse.com/security/cve/CVE-2026-43082.html
* https://www.suse.com/security/cve/CVE-2026-43088.html
* https://www.suse.com/security/cve/CVE-2026-43153.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43265.html
* https://www.suse.com/security/cve/CVE-2026-43329.html
* https://www.suse.com/security/cve/CVE-2026-43365.html
* https://www.suse.com/security/cve/CVE-2026-43366.html
* https://www.suse.com/security/cve/CVE-2026-43441.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43503.html
* https://www.suse.com/security/cve/CVE-2026-46333.html



openSUSE-SU-2026:20839-1: important: Security update for python-pytest-html


openSUSE security update: security update for python-pytest-html
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20839-1
Rating: important
References:

* bsc#1266254

Cross-References:

* CVE-2026-9277

CVSS scores:

* CVE-2026-9277 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-9277 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for python-pytest-html fixes the following issues:

Changes in python-pytest-html:

- CVE-2026-9277: shell-quote: improper escaping of newlines (bsc#1266254)
Update the vendored shell-quote to 1.8.4 node_modules

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-278=1

Package List:

- openSUSE Leap 16.0:

python313-pytest-html-4.1.1-bp160.2.1

References:

* https://www.suse.com/security/cve/CVE-2026-9277.html



openSUSE-SU-2026:20833-1: important: Security update for trivy


openSUSE security update: security update for trivy
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20833-1
Rating: important
References:

* bsc#1265648
* bsc#1266075

Cross-References:

* CVE-2026-33814
* CVE-2026-39827
* CVE-2026-39828
* CVE-2026-39829
* CVE-2026-39830
* CVE-2026-39831
* CVE-2026-39832
* CVE-2026-39833
* CVE-2026-39834
* CVE-2026-39835
* CVE-2026-42508
* CVE-2026-46595
* CVE-2026-46597
* CVE-2026-46598

CVSS scores:

* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
* CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 14 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for trivy fixes the following issues:

Changes in trivy:

- update x/crypto to 0.52.0 (bsc#1266075, CVE-2026-39827,
CVE-2026-39834,CVE-2026-39828,CVE-2026-39829,CVE-2026-39831,
CVE-2026-42508,CVE-2026-39833,CVE-2026-39830,CVE-2026-39832,
CVE-2026-46597,CVE-2026-46598,CVE-2026-46595,CVE-2026-39835)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-272=1

Package List:

- openSUSE Leap 16.0:

trivy-0.70.0-bp160.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39828.html
* https://www.suse.com/security/cve/CVE-2026-39829.html
* https://www.suse.com/security/cve/CVE-2026-39830.html
* https://www.suse.com/security/cve/CVE-2026-39831.html
* https://www.suse.com/security/cve/CVE-2026-39832.html
* https://www.suse.com/security/cve/CVE-2026-39833.html
* https://www.suse.com/security/cve/CVE-2026-39834.html
* https://www.suse.com/security/cve/CVE-2026-39835.html
* https://www.suse.com/security/cve/CVE-2026-42508.html
* https://www.suse.com/security/cve/CVE-2026-46595.html
* https://www.suse.com/security/cve/CVE-2026-46597.html
* https://www.suse.com/security/cve/CVE-2026-46598.html



openSUSE-SU-2026:20831-1: important: Security update for python-Pillow


openSUSE security update: security update for python-pillow
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20831-1
Rating: important
References:

* bsc#1265153
* bsc#1265154
* bsc#1265359

Cross-References:

* CVE-2026-42308
* CVE-2026-42309
* CVE-2026-42310

CVSS scores:

* CVE-2026-42308 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-42308 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42309 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-42309 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42310 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.

Description:

This update for python-Pillow fixes the following issues

- CVE-2026-42308: integer overflow in font processing can lead to denial of service (bsc#1265359).
- CVE-2026-42309: heap buffer overflow when processing nested list coordinates (bsc#1265153).
- CVE-2026-42310: infinite loop and resource exhaustion when processing specially crafted PDFs (bsc#1265154).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-820=1

Package List:

- openSUSE Leap 16.0:

python313-Pillow-11.3.0-160000.5.1
python313-Pillow-tk-11.3.0-160000.5.1

References:

* https://www.suse.com/security/cve/CVE-2026-42308.html
* https://www.suse.com/security/cve/CVE-2026-42309.html
* https://www.suse.com/security/cve/CVE-2026-42310.html



openSUSE-SU-2026:20834-1: important: Security update for apptainer


openSUSE security update: security update for apptainer
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20834-1
Rating: important
References:

* bsc#1257432
* bsc#1265844
* bsc#1266202

Cross-References:

* CVE-2024-45310
* CVE-2026-33814
* CVE-2026-39827
* CVE-2026-39828
* CVE-2026-39829
* CVE-2026-39830
* CVE-2026-39831
* CVE-2026-39832
* CVE-2026-39833
* CVE-2026-39834
* CVE-2026-39835
* CVE-2026-42508
* CVE-2026-46595
* CVE-2026-46597
* CVE-2026-46598

CVSS scores:

* CVE-2024-45310 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
* CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 15 vulnerabilities and has 3 bug fixes can now be installed.

Description:

This update for apptainer fixes the following issues:

Changes in apptainer:

- Fix CVE-2026-39827, CVE-2026-39834, CVE-2026-39828, CVE-2026-39829,
CVE-2026-39831, CVE-2026-42508, CVE-2026-39833, CVE-2026-39830,
CVE-2026-39832, CVE-2026-46597, CVE-2026-46598, CVE-2026-46595,
CVE-2026-39835 (bsc#1266202)
Update golang.org/x/crypto to v0.52.0

- Fix CVE-2026-33814 GO-2026-4918 (bsc#1265844)
Update golang.org/x/net to version v0.53.0
- Integrate vulnchecker into %check stage (optional).

- Sync with Factory version which also fixes CVE-2024-45310
tracked in bsc#1257432
- Readded SLE-15SP6.def as it was removed from Factory

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-273=1

Package List:

- openSUSE Leap 16.0:

apptainer-1.4.5-bp160.2.1
apptainer-leap-1.4.5-bp160.2.1

References:

* https://www.suse.com/security/cve/CVE-2024-45310.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39828.html
* https://www.suse.com/security/cve/CVE-2026-39829.html
* https://www.suse.com/security/cve/CVE-2026-39830.html
* https://www.suse.com/security/cve/CVE-2026-39831.html
* https://www.suse.com/security/cve/CVE-2026-39832.html
* https://www.suse.com/security/cve/CVE-2026-39833.html
* https://www.suse.com/security/cve/CVE-2026-39834.html
* https://www.suse.com/security/cve/CVE-2026-39835.html
* https://www.suse.com/security/cve/CVE-2026-42508.html
* https://www.suse.com/security/cve/CVE-2026-46595.html
* https://www.suse.com/security/cve/CVE-2026-46597.html
* https://www.suse.com/security/cve/CVE-2026-46598.html



openSUSE-SU-2026:20828-1: important: Security update for vim


openSUSE security update: security update for vim
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20828-1
Rating: important
References:

* bsc#1261833
* bsc#1262395
* bsc#1264706
* bsc#1264707
* bsc#1264708
* bsc#1265349
* bsc#1265360

Cross-References:

* CVE-2026-39881
* CVE-2026-42307
* CVE-2026-43961
* CVE-2026-44656
* CVE-2026-45130
* CVE-2026-46483

CVSS scores:

* CVE-2026-39881 ( SUSE ): 6 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
* CVE-2026-39881 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-43961 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-43961 ( SUSE ): 5.4 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44656 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-44656 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-45130 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
* CVE-2026-46483 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-46483 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 6 vulnerabilities and has 7 bug fixes can now be installed.

Description:

This update for vim fixes the following issues

- CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes (bsc#1261833).
- CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin
bundled with Vim (bsc#1264706).
- CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile() via crafted filename (bsc#1265349).
- CVE-2026-44656: Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's: find command-line
completion (bsc#1264707).
- CVE-2026-45130: Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when
loading a crafted spell file (.spl) with UTF-8 encoding active (bsc#1264708).
- CVE-2026-46483: command injection via ` tar#Vimuntar()` in `runtime/autoload/tar.vim` when decompressing `.tgz`
archives on Unix-like systems (bsc#1265360).

Changes for vim:

- Update to v9.2.0530.
- Fix for incorrectly detecting scientific parameter files as bitbake recipies. (bsc#1262395)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-817=1

Package List:

- openSUSE Leap 16.0:

gvim-9.2.0530-160000.1.1
vim-9.2.0530-160000.1.1
vim-data-9.2.0530-160000.1.1
vim-data-common-9.2.0530-160000.1.1
vim-small-9.2.0530-160000.1.1
xxd-9.2.0530-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-39881.html
* https://www.suse.com/security/cve/CVE-2026-42307.html
* https://www.suse.com/security/cve/CVE-2026-43961.html
* https://www.suse.com/security/cve/CVE-2026-44656.html
* https://www.suse.com/security/cve/CVE-2026-45130.html
* https://www.suse.com/security/cve/CVE-2026-46483.html



openSUSE-SU-2026:20838-1: important: Security update for hauler


openSUSE security update: security update for hauler
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20838-1
Rating: important
References:

* bsc#1265765
* bsc#1266167

Cross-References:

* CVE-2026-33814
* CVE-2026-39827
* CVE-2026-39828
* CVE-2026-39829
* CVE-2026-39830
* CVE-2026-39831
* CVE-2026-39832
* CVE-2026-39833
* CVE-2026-39834
* CVE-2026-39835
* CVE-2026-42508
* CVE-2026-46595
* CVE-2026-46597
* CVE-2026-46598

CVSS scores:

* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39828 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39828 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39829 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39829 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39832 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2026-39832 ( SUSE ): 6.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
* CVE-2026-39833 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39833 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39835 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39835 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-42508 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-42508 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46595 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46595 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-46597 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46597 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 14 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for hauler fixes the following issues:

Changes in hauler:

- update x/crypto to 0.52.0 (bsc#1266167, CVE-2026-39827,
CVE-2026-39834,CVE-2026-39828,CVE-2026-39829,CVE-2026-39831,
CVE-2026-42508,CVE-2026-39833,CVE-2026-39830,CVE-2026-39832,
CVE-2026-46597,CVE-2026-46598,CVE-2026-46595,CVE-2026-39835)

- update x/net to v0.53.0 to address CVE-2026-33814 (bsc#1265765)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-277=1

Package List:

- openSUSE Leap 16.0:

hauler-1.4.3-bp160.2.1

References:

* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39828.html
* https://www.suse.com/security/cve/CVE-2026-39829.html
* https://www.suse.com/security/cve/CVE-2026-39830.html
* https://www.suse.com/security/cve/CVE-2026-39831.html
* https://www.suse.com/security/cve/CVE-2026-39832.html
* https://www.suse.com/security/cve/CVE-2026-39833.html
* https://www.suse.com/security/cve/CVE-2026-39834.html
* https://www.suse.com/security/cve/CVE-2026-39835.html
* https://www.suse.com/security/cve/CVE-2026-42508.html
* https://www.suse.com/security/cve/CVE-2026-46595.html
* https://www.suse.com/security/cve/CVE-2026-46597.html
* https://www.suse.com/security/cve/CVE-2026-46598.html



openSUSE-SU-2026:20821-1: moderate: Security update for localsearch


openSUSE security update: security update for localsearch
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20821-1
Rating: moderate
References:

* bsc#1257606
* bsc#1257607
* bsc#1257608
* bsc#1257609

Cross-References:

* CVE-2026-1764
* CVE-2026-1765
* CVE-2026-1766
* CVE-2026-1767

CVSS scores:

* CVE-2026-1764 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1764 ( SUSE ): 5.2 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-1765 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1766 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1767 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 4 vulnerabilities and has 4 bug fixes can now be installed.

Description:

This update for localsearch fixes the following issues:

- CVE-2026-1764: Fixed a heap buffer overflow leads to denial of service or information disclosure when parsing MP3 files. (bsc#1257606)
- CVE-2026-1765: Fixed a Denial of Service and potential information disclosure via crafted MP3 files. (bsc#1257607)
- CVE-2026-1766: Fixed a Denial of Service and information disclosure via malformed MP3 files. (bsc#1257608)
- CVE-2026-1767: Fixed a heap buffer overflow leading to denial of service or information disclosure via malformed MP3 ID3 tags. (bsc#1257609)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-809=1

Package List:

- openSUSE Leap 16.0:

localsearch-3.8.2-160000.3.1
localsearch-lang-3.8.2-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-1764.html
* https://www.suse.com/security/cve/CVE-2026-1765.html
* https://www.suse.com/security/cve/CVE-2026-1766.html
* https://www.suse.com/security/cve/CVE-2026-1767.html



openSUSE-SU-2026:10874-1: moderate: bind-9.20.23-1.1 on GA media


# bind-9.20.23-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10874-1
Rating: moderate

Cross-References:

* CVE-2026-3039
* CVE-2026-3592
* CVE-2026-5946
* CVE-2026-5947
* CVE-2026-5950

CVSS scores:

* CVE-2026-3039 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-3592 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-5946 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-5947 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-5950 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Tumbleweed

An update that solves 5 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the bind-9.20.23-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* bind 9.20.23-1.1
* bind-doc 9.20.23-1.1
* bind-modules-bdbhpt 9.20.23-1.1
* bind-modules-generic 9.20.23-1.1
* bind-modules-ldap 9.20.23-1.1
* bind-modules-mysql 9.20.23-1.1
* bind-modules-perl 9.20.23-1.1
* bind-modules-sqlite3 9.20.23-1.1
* bind-utils 9.20.23-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-3039.html
* https://www.suse.com/security/cve/CVE-2026-3592.html
* https://www.suse.com/security/cve/CVE-2026-5946.html
* https://www.suse.com/security/cve/CVE-2026-5947.html
* https://www.suse.com/security/cve/CVE-2026-5950.html



openSUSE-SU-2026:10878-1: moderate: gdk-pixbuf-loader-libheif-1.22.2-1.1 on GA media


# gdk-pixbuf-loader-libheif-1.22.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10878-1
Rating: moderate

Cross-References:

* CVE-2026-32738
* CVE-2026-32739
* CVE-2026-32740
* CVE-2026-32741
* CVE-2026-32814
* CVE-2026-32882
* CVE-2026-3950
* CVE-2026-41069
* CVE-2026-41071
* CVE-2026-47178
* CVE-2026-47247
* CVE-2026-47251
* CVE-2026-47254
* CVE-2026-47709
* CVE-2026-47714
* CVE-2026-48029

CVSS scores:

* CVE-2026-32738 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-32738 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-32739 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-32739 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-32740 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-32740 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-32741 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
* CVE-2026-32741 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-32814 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-32814 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-32882 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-32882 ( SUSE ): 7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-3950 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-3950 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-41069 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-41069 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41071 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-41071 ( SUSE ): 7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-47178 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-47178 ( SUSE ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-47247 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-47247 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-47251 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-47251 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-47254 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-47254 ( SUSE ): 7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-47709 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-47709 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-47714 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-47714 ( SUSE ): 7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-48029 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-48029 ( SUSE ): 7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 16 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the gdk-pixbuf-loader-libheif-1.22.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* gdk-pixbuf-loader-libheif 1.22.2-1.1
* libheif-aom 1.22.2-1.1
* libheif-dav1d 1.22.2-1.1
* libheif-devel 1.22.2-1.1
* libheif-ffmpeg 1.22.2-1.1
* libheif-jpeg 1.22.2-1.1
* libheif-openh264 1.22.2-1.1
* libheif-openjpeg 1.22.2-1.1
* libheif-rav1e 1.22.2-1.1
* libheif-svtenc 1.22.2-1.1
* libheif1 1.22.2-1.1
* libheif1-32bit 1.22.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-32738.html
* https://www.suse.com/security/cve/CVE-2026-32739.html
* https://www.suse.com/security/cve/CVE-2026-32740.html
* https://www.suse.com/security/cve/CVE-2026-32741.html
* https://www.suse.com/security/cve/CVE-2026-32814.html
* https://www.suse.com/security/cve/CVE-2026-32882.html
* https://www.suse.com/security/cve/CVE-2026-3950.html
* https://www.suse.com/security/cve/CVE-2026-41069.html
* https://www.suse.com/security/cve/CVE-2026-41071.html
* https://www.suse.com/security/cve/CVE-2026-47178.html
* https://www.suse.com/security/cve/CVE-2026-47247.html
* https://www.suse.com/security/cve/CVE-2026-47251.html
* https://www.suse.com/security/cve/CVE-2026-47254.html
* https://www.suse.com/security/cve/CVE-2026-47709.html
* https://www.suse.com/security/cve/CVE-2026-47714.html
* https://www.suse.com/security/cve/CVE-2026-48029.html



openSUSE-SU-2026:10879-1: moderate: libredwg-devel-0.13.4.8200-1.1 on GA media


# libredwg-devel-0.13.4.8200-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10879-1
Rating: moderate

Cross-References:

* CVE-2026-9501
* CVE-2026-9503
* CVE-2026-9504
* CVE-2026-9605

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the libredwg-devel-0.13.4.8200-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libredwg-devel 0.13.4.8200-1.1
* libredwg-tools 0.13.4.8200-1.1
* libredwg0 0.13.4.8200-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-9501.html
* https://www.suse.com/security/cve/CVE-2026-9503.html
* https://www.suse.com/security/cve/CVE-2026-9504.html
* https://www.suse.com/security/cve/CVE-2026-9605.html



openSUSE-SU-2026:10876-1: moderate: helm-4.2.0-3.1 on GA media


# helm-4.2.0-3.1 on GA media

Announcement ID: openSUSE-SU-2026:10876-1
Rating: moderate

Cross-References:

* CVE-2026-39821

CVSS scores:

* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the helm-4.2.0-3.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* helm 4.2.0-3.1
* helm-bash-completion 4.2.0-3.1
* helm-fish-completion 4.2.0-3.1
* helm-zsh-completion 4.2.0-3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-39821.html



openSUSE-SU-2026:10875-1: moderate: hauler-1.4.3-4.1 on GA media


# hauler-1.4.3-4.1 on GA media

Announcement ID: openSUSE-SU-2026:10875-1
Rating: moderate

Cross-References:

* CVE-2026-39821

CVSS scores:

* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the hauler-1.4.3-4.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* hauler 1.4.3-4.1

## References:

* https://www.suse.com/security/cve/CVE-2026-39821.html



openSUSE-SU-2026:10873-1: moderate: azure-storage-azcopy-10.32.4-1.1 on GA media


# azure-storage-azcopy-10.32.4-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10873-1
Rating: moderate

Cross-References:

* CVE-2026-39821

CVSS scores:

* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the azure-storage-azcopy-10.32.4-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* azure-storage-azcopy 10.32.4-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-39821.html



openSUSE-SU-2026:10872-1: moderate: amazon-ssm-agent-3.3.4515.0-1.1 on GA media


# amazon-ssm-agent-3.3.4515.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10872-1
Rating: moderate

Cross-References:

* CVE-2026-39821

CVSS scores:

* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the amazon-ssm-agent-3.3.4515.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* amazon-ssm-agent 3.3.4515.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-39821.html



openSUSE-SU-2026:10877-1: moderate: helm3-3.21.0-2.1 on GA media


# helm3-3.21.0-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10877-1
Rating: moderate

Cross-References:

* CVE-2026-39821

CVSS scores:

* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the helm3-3.21.0-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* helm3 3.21.0-2.1
* helm3-bash-completion 3.21.0-2.1
* helm3-fish-completion 3.21.0-2.1
* helm3-zsh-completion 3.21.0-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-39821.html



openSUSE-SU-2026:10871-1: moderate: amazon-ecs-init-1.103.2-1.1 on GA media


# amazon-ecs-init-1.103.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10871-1
Rating: moderate

Cross-References:

* CVE-2026-39821

CVSS scores:

* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the amazon-ecs-init-1.103.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* amazon-ecs-init 1.103.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-39821.html


Critical Patches for Flatpak, Cockpit, Kernel, Systemd, and Golang Across Rocky Linux 8 and 10

Apache HTTP Server and pip Regressions Resolved alongside QT WebEngine, GDAL, and Texmaker Vulnerabilities in Ubuntu

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...