CURL, Chromium, DCMTK, and more updates for SUSE

SUSE 5527 Published by

The SUSE Linux updates include several security patches addressing vulnerabilities in various software packages such as curl, Chromium, DCMTK, gdk-pixbuf-loader-libheif, ChromeDriver, GIMP, Traefik, and libvirt. The severity of these updates ranges from moderate to important, indicating the level of risk associated with each vulnerability.

SUSE-SU-2026:0077-1: moderate: Security update for curl
openSUSE-SU-2026:0004-1: important: Security update for chromium, noopenh264
openSUSE-SU-2026:0005-1: moderate: Security update for dcmtk
openSUSE-SU-2026:10019-1: moderate: gdk-pixbuf-loader-libheif-1.21.1-1.1 on GA media
openSUSE-SU-2026:10016-1: moderate: chromedriver-143.0.7499.192-1.1 on GA media
openSUSE-SU-2026:10018-1: moderate: gimp-3.0.6-4.1 on GA media
openSUSE-SU-2026:10020-1: moderate: traefik-3.6.6-1.1 on GA media
openSUSE-SU-2026:10017-1: moderate: curl-8.18.0-1.1 on GA media
SUSE-SU-2026:0080-1: moderate: Security update for libvirt
SUSE-SU-2026:0079-1: moderate: Security update for libvirt
SUSE-SU-2026:0083-1: important: Security update for gimp
openSUSE-SU-2026:0006-1: important: Security update for chromium, noopenh264




SUSE-SU-2026:0077-1: moderate: Security update for curl


# Security update for curl

Announcement ID: SUSE-SU-2026:0077-1
Release Date: 2026-01-08T19:04:01Z
Rating: moderate
References:

* bsc#1256105

Cross-References:

* CVE-2025-14017

CVSS scores:

* CVE-2025-14017 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-14017 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected Products:

* openSUSE Leap 15.6

An update that solves one vulnerability can now be installed.

## Description:

This update for curl fixes the following issues:

* CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-77=1 openSUSE-SLE-15.6-2026-77=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libcurl4-8.14.1-150600.4.37.1
* curl-8.14.1-150600.4.37.1
* curl-debuginfo-8.14.1-150600.4.37.1
* libcurl4-debuginfo-8.14.1-150600.4.37.1
* curl-mini-debugsource-8.14.1-150600.4.37.1
* libcurl-mini4-8.14.1-150600.4.37.1
* libcurl-mini4-debuginfo-8.14.1-150600.4.37.1
* curl-debugsource-8.14.1-150600.4.37.1
* libcurl-devel-8.14.1-150600.4.37.1
* openSUSE Leap 15.6 (noarch)
* curl-fish-completion-8.14.1-150600.4.37.1
* curl-zsh-completion-8.14.1-150600.4.37.1
* libcurl-devel-doc-8.14.1-150600.4.37.1
* openSUSE Leap 15.6 (x86_64)
* libcurl4-32bit-8.14.1-150600.4.37.1
* libcurl-devel-32bit-8.14.1-150600.4.37.1
* libcurl4-32bit-debuginfo-8.14.1-150600.4.37.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libcurl-devel-64bit-8.14.1-150600.4.37.1
* libcurl4-64bit-8.14.1-150600.4.37.1
* libcurl4-64bit-debuginfo-8.14.1-150600.4.37.1

## References:

* https://www.suse.com/security/cve/CVE-2025-14017.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256105



openSUSE-SU-2026:0004-1: important: Security update for chromium, noopenh264


openSUSE Security Update: Security update for chromium, noopenh264
_______________________________

Announcement ID: openSUSE-SU-2026:0004-1
Rating: important
References: #1256067
Cross-References: CVE-2026-0628
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for chromium, noopenh264 fixes the following issues:

Changes in chromium:

- Chromium 143.0.7499.192 (boo#1256067):
* CVE-2026-0628: Insufficient policy enforcement in WebView tag

- Chromium 143.0.7499.169 (stable released 2025-12-18)
* no cve listed yet

Changes in noopenh264:

- Introducing the package.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-4=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

libopenh264-8-2.6.0~noopenh264-bp157.2.1
libopenh264-8-debuginfo-2.6.0~noopenh264-bp157.2.1
libopenh264-devel-2.6.0~noopenh264-bp157.2.1
noopenh264-debugsource-2.6.0~noopenh264-bp157.2.1

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le x86_64):

chromedriver-143.0.7499.192-bp157.2.97.1
chromium-143.0.7499.192-bp157.2.97.1

- openSUSE Backports SLE-15-SP7 (aarch64_ilp32):

libopenh264-8-64bit-2.6.0~noopenh264-bp157.2.1
libopenh264-8-64bit-debuginfo-2.6.0~noopenh264-bp157.2.1

- openSUSE Backports SLE-15-SP7 (x86_64):

libopenh264-8-32bit-2.6.0~noopenh264-bp157.2.1
libopenh264-8-32bit-debuginfo-2.6.0~noopenh264-bp157.2.1

References:

https://www.suse.com/security/cve/CVE-2026-0628.html
https://bugzilla.suse.com/1256067



openSUSE-SU-2026:0005-1: moderate: Security update for dcmtk


openSUSE Security Update: Security update for dcmtk
_______________________________

Announcement ID: openSUSE-SU-2026:0005-1
Rating: moderate
References: #1254123 #1255292 #1255464
Cross-References: CVE-2025-14607 CVE-2025-14841
Affected Products:
openSUSE Backports SLE-15-SP6
openSUSE Backports SLE-15-SP7
_______________________________

An update that solves two vulnerabilities and has one
errata is now available.

Description:

This update for dcmtk fixes the following issues:

- Update to 3.7.0. See docs/CHANGES.370 for the full list of changes
* CVE-2025-14841: invalid messages may trigger a segmentation fault due
to a NULL pointer dereference (boo#1255292).
* CVE-2025-14607: manipulation to component dcmdata could lead to memory
corruption (boo#1255464).
- Avoid unnecessary dependencies (boo#1254123):

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-5=1

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2026-5=1

Package List:

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

dcmtk-3.7.0-bp157.3.6.1
dcmtk-debuginfo-3.7.0-bp157.3.6.1
dcmtk-debugsource-3.7.0-bp157.3.6.1
dcmtk-devel-3.7.0-bp157.3.6.1
libdcmtk20-3.7.0-bp157.3.6.1
libdcmtk20-debuginfo-3.7.0-bp157.3.6.1

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

dcmtk-3.7.0-bp156.4.15.1
dcmtk-devel-3.7.0-bp156.4.15.1
libdcmtk20-3.7.0-bp156.4.15.1

References:

https://www.suse.com/security/cve/CVE-2025-14607.html
https://www.suse.com/security/cve/CVE-2025-14841.html
https://bugzilla.suse.com/1254123
https://bugzilla.suse.com/1255292
https://bugzilla.suse.com/1255464



openSUSE-SU-2026:10019-1: moderate: gdk-pixbuf-loader-libheif-1.21.1-1.1 on GA media


# gdk-pixbuf-loader-libheif-1.21.1-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10019-1
Rating: moderate

Cross-References:

* CVE-2025-68431

CVSS scores:

* CVE-2025-68431 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-68431 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the gdk-pixbuf-loader-libheif-1.21.1-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* gdk-pixbuf-loader-libheif 1.21.1-1.1
* libheif-aom 1.21.1-1.1
* libheif-dav1d 1.21.1-1.1
* libheif-devel 1.21.1-1.1
* libheif-ffmpeg 1.21.1-1.1
* libheif-jpeg 1.21.1-1.1
* libheif-openh264 1.21.1-1.1
* libheif-openjpeg 1.21.1-1.1
* libheif-rav1e 1.21.1-1.1
* libheif-svtenc 1.21.1-1.1
* libheif1 1.21.1-1.1
* libheif1-32bit 1.21.1-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-68431.html



openSUSE-SU-2026:10016-1: moderate: chromedriver-143.0.7499.192-1.1 on GA media


# chromedriver-143.0.7499.192-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10016-1
Rating: moderate

Cross-References:

* CVE-2026-0628

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the chromedriver-143.0.7499.192-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* chromedriver 143.0.7499.192-1.1
* chromium 143.0.7499.192-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-0628.html



openSUSE-SU-2026:10018-1: moderate: gimp-3.0.6-4.1 on GA media


# gimp-3.0.6-4.1 on GA media

Announcement ID: openSUSE-SU-2026:10018-1
Rating: moderate

Cross-References:

* CVE-2025-15059

CVSS scores:

* CVE-2025-15059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-15059 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the gimp-3.0.6-4.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* gimp 3.0.6-4.1
* gimp-devel 3.0.6-4.1
* gimp-extension-goat-excercises 3.0.6-4.1
* gimp-lang 3.0.6-4.1
* gimp-plugin-aa 3.0.6-4.1
* gimp-plugin-python3 3.0.6-4.1
* gimp-vala 3.0.6-4.1
* libgimp-3_0-0 3.0.6-4.1
* libgimpui-3_0-0 3.0.6-4.1

## References:

* https://www.suse.com/security/cve/CVE-2025-15059.html



openSUSE-SU-2026:10020-1: moderate: traefik-3.6.6-1.1 on GA media


# traefik-3.6.6-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10020-1
Rating: moderate

Cross-References:

* CVE-2025-66490
* CVE-2025-66491

CVSS scores:

* CVE-2025-66490 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-66490 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the traefik-3.6.6-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* traefik 3.6.6-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-66490.html
* https://www.suse.com/security/cve/CVE-2025-66491.html



openSUSE-SU-2026:10017-1: moderate: curl-8.18.0-1.1 on GA media


# curl-8.18.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10017-1
Rating: moderate

Cross-References:

* CVE-2025-14017
* CVE-2025-14524
* CVE-2025-14819
* CVE-2025-15079
* CVE-2025-15224

CVSS scores:

* CVE-2025-14017 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2025-14017 ( SUSE ): 7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-14524 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-14524 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-14819 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-14819 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-15079 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-15079 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-15224 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-15224 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 5 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the curl-8.18.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* curl 8.18.0-1.1
* curl-fish-completion 8.18.0-1.1
* curl-zsh-completion 8.18.0-1.1
* libcurl-devel 8.18.0-1.1
* libcurl-devel-32bit 8.18.0-1.1
* libcurl-devel-doc 8.18.0-1.1
* libcurl4 8.18.0-1.1
* libcurl4-32bit 8.18.0-1.1
* wcurl 8.18.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-14017.html
* https://www.suse.com/security/cve/CVE-2025-14524.html
* https://www.suse.com/security/cve/CVE-2025-14819.html
* https://www.suse.com/security/cve/CVE-2025-15079.html
* https://www.suse.com/security/cve/CVE-2025-15224.html



SUSE-SU-2026:0080-1: moderate: Security update for libvirt


# Security update for libvirt

Announcement ID: SUSE-SU-2026:0080-1
Release Date: 2026-01-09T08:01:49Z
Rating: moderate
References:

* bsc#1251822
* bsc#1253278
* bsc#1253703

Cross-References:

* CVE-2025-12748
* CVE-2025-13193

CVSS scores:

* CVE-2025-12748 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-12748 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-12748 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-13193 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-13193 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-13193 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise Micro 5.5

An update that solves two vulnerabilities and has one security fix can now be
installed.

## Description:

This update for libvirt fixes the following issues:

Security fixes:

* CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive
snapshots (bsc#1253703)
* CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML
(bsc#1253278)

Other fixes:

* libvirt-supportconfig: Add support for supportconfig.rc (bsc#1251822)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-80=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-80=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* libvirt-daemon-driver-storage-iscsi-direct-9.0.0-150500.6.26.1
* libvirt-libs-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-core-debuginfo-9.0.0-150500.6.26.1
* libvirt-libs-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-9.0.0-150500.6.26.1
* libvirt-daemon-config-nwfilter-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-scsi-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-iscsi-direct-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-nodedev-9.0.0-150500.6.26.1
* libvirt-nss-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-gluster-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-network-9.0.0-150500.6.26.1
* libvirt-daemon-driver-nwfilter-9.0.0-150500.6.26.1
* libvirt-daemon-driver-qemu-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-disk-9.0.0-150500.6.26.1
* libvirt-daemon-driver-lxc-debuginfo-9.0.0-150500.6.26.1
* libvirt-lock-sanlock-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-core-9.0.0-150500.6.26.1
* wireshark-plugin-libvirt-9.0.0-150500.6.26.1
* libvirt-daemon-lxc-9.0.0-150500.6.26.1
* libvirt-daemon-driver-qemu-9.0.0-150500.6.26.1
* libvirt-daemon-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-interface-9.0.0-150500.6.26.1
* libvirt-daemon-driver-secret-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-config-network-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-disk-debuginfo-9.0.0-150500.6.26.1
* libvirt-debugsource-9.0.0-150500.6.26.1
* libvirt-9.0.0-150500.6.26.1
* wireshark-plugin-libvirt-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-network-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-iscsi-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-logical-debuginfo-9.0.0-150500.6.26.1
* libvirt-devel-9.0.0-150500.6.26.1
* libvirt-daemon-9.0.0-150500.6.26.1
* libvirt-daemon-driver-nodedev-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-gluster-9.0.0-150500.6.26.1
* libvirt-daemon-driver-interface-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-scsi-9.0.0-150500.6.26.1
* libvirt-lock-sanlock-debuginfo-9.0.0-150500.6.26.1
* libvirt-nss-debuginfo-9.0.0-150500.6.26.1
* libvirt-client-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-qemu-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-iscsi-debuginfo-9.0.0-150500.6.26.1
* libvirt-client-qemu-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-logical-9.0.0-150500.6.26.1
* libvirt-daemon-driver-secret-9.0.0-150500.6.26.1
* libvirt-daemon-driver-lxc-9.0.0-150500.6.26.1
* libvirt-daemon-hooks-9.0.0-150500.6.26.1
* libvirt-daemon-driver-nwfilter-debuginfo-9.0.0-150500.6.26.1
* libvirt-client-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-mpath-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-mpath-9.0.0-150500.6.26.1
* openSUSE Leap 15.5 (x86_64)
* libvirt-devel-32bit-9.0.0-150500.6.26.1
* libvirt-daemon-driver-libxl-9.0.0-150500.6.26.1
* libvirt-daemon-xen-9.0.0-150500.6.26.1
* libvirt-client-32bit-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-libxl-debuginfo-9.0.0-150500.6.26.1
* openSUSE Leap 15.5 (noarch)
* libvirt-doc-9.0.0-150500.6.26.1
* openSUSE Leap 15.5 (aarch64 x86_64)
* libvirt-daemon-driver-storage-rbd-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-rbd-debuginfo-9.0.0-150500.6.26.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libvirt-devel-64bit-9.0.0-150500.6.26.1
* libvirt-client-64bit-debuginfo-9.0.0-150500.6.26.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libvirt-daemon-driver-storage-iscsi-direct-9.0.0-150500.6.26.1
* libvirt-libs-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-core-debuginfo-9.0.0-150500.6.26.1
* libvirt-libs-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-scsi-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-iscsi-direct-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-nodedev-9.0.0-150500.6.26.1
* libvirt-daemon-driver-network-9.0.0-150500.6.26.1
* libvirt-daemon-driver-nwfilter-9.0.0-150500.6.26.1
* libvirt-daemon-driver-qemu-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-disk-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-core-9.0.0-150500.6.26.1
* libvirt-daemon-driver-qemu-9.0.0-150500.6.26.1
* libvirt-daemon-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-interface-9.0.0-150500.6.26.1
* libvirt-daemon-driver-secret-debuginfo-9.0.0-150500.6.26.1
* libvirt-debugsource-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-disk-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-network-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-iscsi-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-logical-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-9.0.0-150500.6.26.1
* libvirt-daemon-driver-nodedev-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-interface-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-scsi-9.0.0-150500.6.26.1
* libvirt-client-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-qemu-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-iscsi-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-logical-9.0.0-150500.6.26.1
* libvirt-daemon-driver-secret-9.0.0-150500.6.26.1
* libvirt-daemon-driver-nwfilter-debuginfo-9.0.0-150500.6.26.1
* libvirt-client-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-mpath-debuginfo-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-mpath-9.0.0-150500.6.26.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 x86_64)
* libvirt-daemon-driver-storage-rbd-9.0.0-150500.6.26.1
* libvirt-daemon-driver-storage-rbd-debuginfo-9.0.0-150500.6.26.1

## References:

* https://www.suse.com/security/cve/CVE-2025-12748.html
* https://www.suse.com/security/cve/CVE-2025-13193.html
* https://bugzilla.suse.com/show_bug.cgi?id=1251822
* https://bugzilla.suse.com/show_bug.cgi?id=1253278
* https://bugzilla.suse.com/show_bug.cgi?id=1253703



SUSE-SU-2026:0079-1: moderate: Security update for libvirt


# Security update for libvirt

Announcement ID: SUSE-SU-2026:0079-1
Release Date: 2026-01-09T08:01:29Z
Rating: moderate
References:

* bsc#1251822
* bsc#1253278
* bsc#1253703

Cross-References:

* CVE-2025-12748
* CVE-2025-13193

CVSS scores:

* CVE-2025-12748 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-12748 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-12748 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-13193 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-13193 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-13193 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2

An update that solves two vulnerabilities and has one security fix can now be
installed.

## Description:

This update for libvirt fixes the following issues:

Security fixes:

* CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive
snapshots (bsc#1253703)
* CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML
(bsc#1253278)

Other fixes:

* libvirt-supportconfig: Add support for supportconfig.rc (bsc#1251822)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-79=1

* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-79=1

* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-79=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-hooks-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-gluster-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-config-nwfilter-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-7.1.0-150300.6.44.1
* wireshark-plugin-libvirt-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-disk-7.1.0-150300.6.44.1
* libvirt-admin-debuginfo-7.1.0-150300.6.44.1
* libvirt-client-7.1.0-150300.6.44.1
* libvirt-7.1.0-150300.6.44.1
* libvirt-nss-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-nwfilter-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.44.1
* libvirt-libs-debuginfo-7.1.0-150300.6.44.1
* libvirt-debugsource-7.1.0-150300.6.44.1
* libvirt-daemon-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-core-7.1.0-150300.6.44.1
* libvirt-lock-sanlock-7.1.0-150300.6.44.1
* libvirt-libs-7.1.0-150300.6.44.1
* libvirt-daemon-config-network-7.1.0-150300.6.44.1
* libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.44.1
* libvirt-daemon-driver-network-7.1.0-150300.6.44.1
* libvirt-nss-7.1.0-150300.6.44.1
* libvirt-client-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-secret-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.44.1
* libvirt-lock-sanlock-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-qemu-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-gluster-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-interface-7.1.0-150300.6.44.1
* libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-lxc-debuginfo-7.1.0-150300.6.44.1
* libvirt-admin-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.44.1
* libvirt-devel-7.1.0-150300.6.44.1
* libvirt-daemon-driver-nodedev-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.44.1
* wireshark-plugin-libvirt-7.1.0-150300.6.44.1
* libvirt-daemon-lxc-7.1.0-150300.6.44.1
* libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-logical-7.1.0-150300.6.44.1
* libvirt-daemon-driver-lxc-7.1.0-150300.6.44.1
* libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-qemu-7.1.0-150300.6.44.1
* openSUSE Leap 15.3 (noarch)
* libvirt-doc-7.1.0-150300.6.44.1
* libvirt-bash-completion-7.1.0-150300.6.44.1
* openSUSE Leap 15.3 (x86_64)
* libvirt-daemon-xen-7.1.0-150300.6.44.1
* libvirt-devel-32bit-7.1.0-150300.6.44.1
* libvirt-daemon-driver-libxl-7.1.0-150300.6.44.1
* libvirt-daemon-driver-libxl-debuginfo-7.1.0-150300.6.44.1
* libvirt-client-32bit-debuginfo-7.1.0-150300.6.44.1
* openSUSE Leap 15.3 (aarch64 x86_64)
* libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.44.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* libvirt-client-64bit-debuginfo-7.1.0-150300.6.44.1
* libvirt-devel-64bit-7.1.0-150300.6.44.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-disk-7.1.0-150300.6.44.1
* libvirt-client-7.1.0-150300.6.44.1
* libvirt-daemon-driver-nwfilter-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.44.1
* libvirt-libs-debuginfo-7.1.0-150300.6.44.1
* libvirt-debugsource-7.1.0-150300.6.44.1
* libvirt-daemon-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-core-7.1.0-150300.6.44.1
* libvirt-libs-7.1.0-150300.6.44.1
* libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.44.1
* libvirt-daemon-driver-network-7.1.0-150300.6.44.1
* libvirt-client-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-secret-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.44.1
* libvirt-daemon-qemu-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-interface-7.1.0-150300.6.44.1
* libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-nodedev-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-logical-7.1.0-150300.6.44.1
* libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-qemu-7.1.0-150300.6.44.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64)
* libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.44.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* libvirt-daemon-driver-network-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-iscsi-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-disk-7.1.0-150300.6.44.1
* libvirt-client-7.1.0-150300.6.44.1
* libvirt-daemon-driver-nwfilter-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-150300.6.44.1
* libvirt-libs-debuginfo-7.1.0-150300.6.44.1
* libvirt-debugsource-7.1.0-150300.6.44.1
* libvirt-daemon-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-core-7.1.0-150300.6.44.1
* libvirt-libs-7.1.0-150300.6.44.1
* libvirt-daemon-driver-interface-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-scsi-7.1.0-150300.6.44.1
* libvirt-daemon-driver-network-7.1.0-150300.6.44.1
* libvirt-client-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-secret-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-mpath-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-iscsi-direct-7.1.0-150300.6.44.1
* libvirt-daemon-qemu-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-interface-7.1.0-150300.6.44.1
* libvirt-daemon-driver-nodedev-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-nodedev-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-core-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-qemu-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-logical-7.1.0-150300.6.44.1
* libvirt-daemon-driver-secret-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-qemu-7.1.0-150300.6.44.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64)
* libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-150300.6.44.1
* libvirt-daemon-driver-storage-rbd-7.1.0-150300.6.44.1

## References:

* https://www.suse.com/security/cve/CVE-2025-12748.html
* https://www.suse.com/security/cve/CVE-2025-13193.html
* https://bugzilla.suse.com/show_bug.cgi?id=1251822
* https://bugzilla.suse.com/show_bug.cgi?id=1253278
* https://bugzilla.suse.com/show_bug.cgi?id=1253703



SUSE-SU-2026:0083-1: important: Security update for gimp


# Security update for gimp

Announcement ID: SUSE-SU-2026:0083-1
Release Date: 2026-01-09T09:13:06Z
Rating: important
References:

* bsc#1255766

Cross-References:

* CVE-2025-15059

CVSS scores:

* CVE-2025-15059 ( SUSE ): 8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-15059 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Linux Enterprise Workstation Extension 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for gimp fixes the following issues:

* CVE-2025-15059: Fixed Heap-based Buffer Overflow Remote Code Execution
Vulnerability in GIMP PSP File Parsing (bsc#1255766).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-83=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-83=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-83=1

* SUSE Linux Enterprise Workstation Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-83=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* gimp-devel-debuginfo-2.10.30-150400.3.35.1
* libgimp-2_0-0-debuginfo-2.10.30-150400.3.35.1
* gimp-plugin-aa-2.10.30-150400.3.35.1
* gimp-devel-2.10.30-150400.3.35.1
* gimp-2.10.30-150400.3.35.1
* gimp-plugin-aa-debuginfo-2.10.30-150400.3.35.1
* gimp-debuginfo-2.10.30-150400.3.35.1
* libgimp-2_0-0-2.10.30-150400.3.35.1
* gimp-debugsource-2.10.30-150400.3.35.1
* libgimpui-2_0-0-debuginfo-2.10.30-150400.3.35.1
* libgimpui-2_0-0-2.10.30-150400.3.35.1
* openSUSE Leap 15.4 (noarch)
* gimp-lang-2.10.30-150400.3.35.1
* openSUSE Leap 15.4 (x86_64)
* libgimp-2_0-0-32bit-2.10.30-150400.3.35.1
* libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.35.1
* libgimpui-2_0-0-32bit-2.10.30-150400.3.35.1
* libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.35.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libgimpui-2_0-0-64bit-2.10.30-150400.3.35.1
* libgimpui-2_0-0-64bit-debuginfo-2.10.30-150400.3.35.1
* libgimp-2_0-0-64bit-2.10.30-150400.3.35.1
* libgimp-2_0-0-64bit-debuginfo-2.10.30-150400.3.35.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* gimp-devel-debuginfo-2.10.30-150400.3.35.1
* libgimp-2_0-0-debuginfo-2.10.30-150400.3.35.1
* gimp-plugin-aa-2.10.30-150400.3.35.1
* gimp-devel-2.10.30-150400.3.35.1
* gimp-2.10.30-150400.3.35.1
* gimp-plugin-aa-debuginfo-2.10.30-150400.3.35.1
* gimp-debuginfo-2.10.30-150400.3.35.1
* libgimp-2_0-0-2.10.30-150400.3.35.1
* gimp-debugsource-2.10.30-150400.3.35.1
* libgimpui-2_0-0-debuginfo-2.10.30-150400.3.35.1
* libgimpui-2_0-0-2.10.30-150400.3.35.1
* openSUSE Leap 15.6 (noarch)
* gimp-lang-2.10.30-150400.3.35.1
* openSUSE Leap 15.6 (x86_64)
* libgimp-2_0-0-32bit-2.10.30-150400.3.35.1
* libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.35.1
* libgimpui-2_0-0-32bit-2.10.30-150400.3.35.1
* libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.35.1
* SUSE Package Hub 15 15-SP7 (aarch64)
* gimp-devel-debuginfo-2.10.30-150400.3.35.1
* gimp-plugin-aa-2.10.30-150400.3.35.1
* gimp-devel-2.10.30-150400.3.35.1
* gimp-2.10.30-150400.3.35.1
* gimp-plugin-aa-debuginfo-2.10.30-150400.3.35.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x)
* libgimp-2_0-0-debuginfo-2.10.30-150400.3.35.1
* gimp-debuginfo-2.10.30-150400.3.35.1
* libgimp-2_0-0-2.10.30-150400.3.35.1
* gimp-debugsource-2.10.30-150400.3.35.1
* libgimpui-2_0-0-debuginfo-2.10.30-150400.3.35.1
* libgimpui-2_0-0-2.10.30-150400.3.35.1
* SUSE Package Hub 15 15-SP7 (noarch)
* gimp-lang-2.10.30-150400.3.35.1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64)
* gimp-devel-debuginfo-2.10.30-150400.3.35.1
* libgimp-2_0-0-debuginfo-2.10.30-150400.3.35.1
* gimp-devel-2.10.30-150400.3.35.1
* gimp-2.10.30-150400.3.35.1
* gimp-debuginfo-2.10.30-150400.3.35.1
* libgimp-2_0-0-2.10.30-150400.3.35.1
* gimp-debugsource-2.10.30-150400.3.35.1
* libgimpui-2_0-0-debuginfo-2.10.30-150400.3.35.1
* libgimpui-2_0-0-2.10.30-150400.3.35.1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch)
* gimp-lang-2.10.30-150400.3.35.1

## References:

* https://www.suse.com/security/cve/CVE-2025-15059.html
* https://bugzilla.suse.com/show_bug.cgi?id=1255766



openSUSE-SU-2026:0006-1: important: Security update for chromium, noopenh264


openSUSE Security Update: Security update for chromium, noopenh264
_______________________________

Announcement ID: openSUSE-SU-2026:0006-1
Rating: important
References: #1256067
Cross-References: CVE-2026-0628
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for chromium, noopenh264 fixes the following issues:

Changes in chromium:

- Chromium 143.0.7499.192 (boo#1256067):
* CVE-2026-0628: Insufficient policy enforcement in WebView tag

- Chromium 143.0.7499.169 (stable released 2025-12-18)
* no cve listed yet

Changes in noopenh264:

- Introducing the package.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2026-6=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

libopenh264-8-2.6.0~noopenh264-bp156.2.1
libopenh264-8-debuginfo-2.6.0~noopenh264-bp156.2.1
libopenh264-devel-2.6.0~noopenh264-bp156.2.1
noopenh264-debugsource-2.6.0~noopenh264-bp156.2.1

- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64):

chromedriver-143.0.7499.192-bp156.2.212.1
chromium-143.0.7499.192-bp156.2.212.1

- openSUSE Backports SLE-15-SP6 (aarch64_ilp32):

libopenh264-8-64bit-2.6.0~noopenh264-bp156.2.1
libopenh264-8-64bit-debuginfo-2.6.0~noopenh264-bp156.2.1

- openSUSE Backports SLE-15-SP6 (x86_64):

libopenh264-8-32bit-2.6.0~noopenh264-bp156.2.1
libopenh264-8-32bit-debuginfo-2.6.0~noopenh264-bp156.2.1

References:

https://www.suse.com/security/cve/CVE-2026-0628.html
https://bugzilla.suse.com/1256067


Lcms2 update for Slackware

Kernel updates for Ubuntu

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...