SUSE-SU-2026:2926-1: important: Security update for curl
SUSE-SU-2026:2931-1: moderate: Security update for libslirp
SUSE-SU-2026:2920-1: important: Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:2932-1: important: Security update for the Linux Kernel (Live Patch 50 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:2933-1: important: Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:2937-1: important: Security update for the Linux Kernel (Live Patch 53 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:2942-1: important: Security update for kubernetes
SUSE-SU-2026:2938-1: important: Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:2945-1: important: Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP7)
openSUSE-SU-2026:0243-1: important: Security update for afterburn
SUSE-SU-2026:2949-1: moderate: Security update for python-mistune
SUSE-SU-2026:2954-1: important: Security update for krb5
SUSE-SU-2026:2964-1: important: Security update for buildah
SUSE-SU-2026:2968-1: moderate: Security update for python-Authlib
SUSE-SU-2026:2965-1: important: Security update for kubernetes-old
SUSE-SU-2026:2957-1: important: Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:2961-1: important: Security update for the Linux Kernel (Live Patch 39 for SUSE Linux Enterprise 15 SP5)
openSUSE-SU-2026:11262-1: moderate: sdbootutil-1+git20260713.d869cf8-1.1 on GA media
openSUSE-SU-2026:11256-1: moderate: busybox-1.38.0-1.1 on GA media
openSUSE-SU-2026:11260-1: moderate: patch-2.8-3.1 on GA media
openSUSE-SU-2026:11259-1: moderate: libopenbabel8-3.2.1-1.1 on GA media
openSUSE-SU-2026:11258-1: moderate: libxml2-16-2.15.3-2.1 on GA media
openSUSE-SU-2026:11261-1: moderate: python313-Pillow-12.3.0-1.1 on GA media
openSUSE-SU-2026:11257-1: moderate: freetype2-devel-2.14.3-1.1 on GA media
openSUSE-SU-2026:11255-1: moderate: afterburn-5.10.0.git73.b97f772-1.1 on GA media
openSUSE-SU-2026:0244-1: important: Security update for gosec
openSUSE-SU-2026:0245-1: important: Security update for enc
SUSE-SU-2026:2984-1: moderate: Security update for python3-dulwich
SUSE-SU-2026:2989-1: important: Security update for the Linux Kernel (Live Patch 40 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:2991-1: important: Security update for the Linux Kernel (Live Patch 54 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:2926-1: important: Security update for curl
# Security update for curl
Announcement ID: SUSE-SU-2026:2926-1
Release Date: 2026-07-13T17:55:14Z
Rating: important
References:
* bsc#1268402
* bsc#1268407
* bsc#1268409
* bsc#1268413
* bsc#1268415
* bsc#1268416
* bsc#1268417
* bsc#1268420
* bsc#1268422
* bsc#1268427
Cross-References:
* CVE-2026-10536
* CVE-2026-12064
* CVE-2026-8286
* CVE-2026-8458
* CVE-2026-8924
* CVE-2026-8927
* CVE-2026-9079
* CVE-2026-9080
* CVE-2026-9545
* CVE-2026-9547
CVSS scores:
* CVE-2026-10536 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-10536 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-10536 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-12064 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-12064 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-12064 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-8286 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-8286 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-8286 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-8458 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-8458 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-8458 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-8924 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-8924 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2026-8924 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-8927 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-8927 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-8927 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-9079 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-9079 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-9079 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-9080 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-9080 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-9080 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-9545 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-9545 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-9545 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-9547 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-9547 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-9547 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves 10 vulnerabilities can now be installed.
## Description:
This update for curl fixes the following issues
* CVE-2026-8286: wrong STARTTLS connection reuse (bsc#1268402).
* CVE-2026-8458: wrong reuse for different services (bsc#1268407).
* CVE-2026-8924: traling dot domain super cookie (bsc#1268409).
* CVE-2026-8927: env-set cross-proxy Digest auth state leak (bsc#1268413).
* CVE-2026-9079: stale proxy password leak (bsc#1268415).
* CVE-2026-9080: UAF after pause in socket callback (bsc#1268416).
* CVE-2026-9545: exposing HTTP/3 early data (bsc#1268417).
* CVE-2026-9547: SSH improper host validation (bsc#1268420).
* CVE-2026-10536: HTTP/2 stream-dependency tree UAF (bsc#1268422).
* CVE-2026-12064: proto-default skips SSH verification (bsc#1268427).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2926=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2926=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2926=1
## Package List:
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* curl-mini-debugsource-8.14.1-150600.4.46.1
* libcurl4-8.14.1-150600.4.46.1
* libcurl-mini4-8.14.1-150600.4.46.1
* curl-8.14.1-150600.4.46.1
* libcurl4-debuginfo-8.14.1-150600.4.46.1
* libcurl-mini4-debuginfo-8.14.1-150600.4.46.1
* curl-debugsource-8.14.1-150600.4.46.1
* curl-debuginfo-8.14.1-150600.4.46.1
* libcurl-devel-8.14.1-150600.4.46.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libcurl-devel-64bit-8.14.1-150600.4.46.1
* libcurl4-64bit-8.14.1-150600.4.46.1
* libcurl4-64bit-debuginfo-8.14.1-150600.4.46.1
* openSUSE Leap 15.6 (x86_64)
* libcurl4-32bit-8.14.1-150600.4.46.1
* libcurl-devel-32bit-8.14.1-150600.4.46.1
* libcurl4-32bit-debuginfo-8.14.1-150600.4.46.1
* openSUSE Leap 15.6 (noarch)
* curl-zsh-completion-8.14.1-150600.4.46.1
* libcurl-devel-doc-8.14.1-150600.4.46.1
* curl-fish-completion-8.14.1-150600.4.46.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libcurl4-8.14.1-150600.4.46.1
* curl-8.14.1-150600.4.46.1
* libcurl4-debuginfo-8.14.1-150600.4.46.1
* curl-debugsource-8.14.1-150600.4.46.1
* libcurl-devel-8.14.1-150600.4.46.1
* curl-debuginfo-8.14.1-150600.4.46.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
* libcurl4-32bit-8.14.1-150600.4.46.1
* libcurl4-32bit-debuginfo-8.14.1-150600.4.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libcurl4-8.14.1-150600.4.46.1
* curl-8.14.1-150600.4.46.1
* libcurl4-debuginfo-8.14.1-150600.4.46.1
* curl-debugsource-8.14.1-150600.4.46.1
* curl-debuginfo-8.14.1-150600.4.46.1
* libcurl-devel-8.14.1-150600.4.46.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* libcurl4-32bit-debuginfo-8.14.1-150600.4.46.1
* libcurl4-32bit-8.14.1-150600.4.46.1
## References:
* https://www.suse.com/security/cve/CVE-2026-10536.html
* https://www.suse.com/security/cve/CVE-2026-12064.html
* https://www.suse.com/security/cve/CVE-2026-8286.html
* https://www.suse.com/security/cve/CVE-2026-8458.html
* https://www.suse.com/security/cve/CVE-2026-8924.html
* https://www.suse.com/security/cve/CVE-2026-8927.html
* https://www.suse.com/security/cve/CVE-2026-9079.html
* https://www.suse.com/security/cve/CVE-2026-9080.html
* https://www.suse.com/security/cve/CVE-2026-9545.html
* https://www.suse.com/security/cve/CVE-2026-9547.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268402
* https://bugzilla.suse.com/show_bug.cgi?id=1268407
* https://bugzilla.suse.com/show_bug.cgi?id=1268409
* https://bugzilla.suse.com/show_bug.cgi?id=1268413
* https://bugzilla.suse.com/show_bug.cgi?id=1268415
* https://bugzilla.suse.com/show_bug.cgi?id=1268416
* https://bugzilla.suse.com/show_bug.cgi?id=1268417
* https://bugzilla.suse.com/show_bug.cgi?id=1268420
* https://bugzilla.suse.com/show_bug.cgi?id=1268422
* https://bugzilla.suse.com/show_bug.cgi?id=1268427
SUSE-SU-2026:2931-1: moderate: Security update for libslirp
# Security update for libslirp
Announcement ID: SUSE-SU-2026:2931-1
Release Date: 2026-07-13T18:43:58Z
Rating: moderate
References:
* bsc#1268903
Cross-References:
* CVE-2026-9539
CVSS scores:
* CVE-2026-9539 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2026-9539 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products:
* Basesystem Module 15-SP7
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for libslirp fixes the following issues:
* CVE-2026-9539: TCP URG out of bounds heap read information leak
(bsc#1268903).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2931=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-2931=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2931=1
## Package List:
* openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64)
* libslirp-devel-4.7.0+44-150500.4.3.1
* libslirp-debugsource-4.7.0+44-150500.4.3.1
* libslirp0-debuginfo-4.7.0+44-150500.4.3.1
* libslirp0-4.7.0+44-150500.4.3.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libslirp-devel-4.7.0+44-150500.4.3.1
* libslirp0-debuginfo-4.7.0+44-150500.4.3.1
* libslirp0-4.7.0+44-150500.4.3.1
* libslirp-debugsource-4.7.0+44-150500.4.3.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libslirp0-4.7.0+44-150500.4.3.1
* libslirp-debugsource-4.7.0+44-150500.4.3.1
* libslirp0-debuginfo-4.7.0+44-150500.4.3.1
## References:
* https://www.suse.com/security/cve/CVE-2026-9539.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268903
SUSE-SU-2026:2920-1: important: Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise 15 SP4)
# Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise
15 SP4)
Announcement ID: SUSE-SU-2026:2920-1
Release Date: 2026-07-13T16:50:39Z
Rating: important
References:
* bsc#1256615
* bsc#1260524
* bsc#1262759
* bsc#1263118
* bsc#1263177
* bsc#1263670
* bsc#1264094
* bsc#1264252
* bsc#1264253
* bsc#1264849
* bsc#1265127
* bsc#1265197
* bsc#1265945
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023
Cross-References:
* CVE-2025-71089
* CVE-2026-23393
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31685
* CVE-2026-31758
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43190
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943
CVSS scores:
* CVE-2025-71089 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71089 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves 21 vulnerabilities can now be installed.
## Description:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.173 fixes
various security issues
The following security issues were fixed:
* CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256615).
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260524).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262759).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263118).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263177).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263670).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1264253).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1264252).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264849).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265127).
* CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2920=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2920=1
## Package List:
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-17-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_43-debugsource-17-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_43-debugsource-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-debuginfo-17-150400.2.1
* kernel-livepatch-5_14_21-150400_24_173-default-17-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2025-71089.html
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256615
* https://bugzilla.suse.com/show_bug.cgi?id=1260524
* https://bugzilla.suse.com/show_bug.cgi?id=1262759
* https://bugzilla.suse.com/show_bug.cgi?id=1263118
* https://bugzilla.suse.com/show_bug.cgi?id=1263177
* https://bugzilla.suse.com/show_bug.cgi?id=1263670
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1264252
* https://bugzilla.suse.com/show_bug.cgi?id=1264253
* https://bugzilla.suse.com/show_bug.cgi?id=1264849
* https://bugzilla.suse.com/show_bug.cgi?id=1265127
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1265945
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023
SUSE-SU-2026:2932-1: important: Security update for the Linux Kernel (Live Patch 50 for SUSE Linux Enterprise 15 SP4)
# Security update for the Linux Kernel (Live Patch 50 for SUSE Linux Enterprise
15 SP4)
Announcement ID: SUSE-SU-2026:2932-1
Release Date: 2026-07-13T20:00:29Z
Rating: important
References:
* bsc#1260524
* bsc#1262759
* bsc#1263118
* bsc#1263177
* bsc#1263670
* bsc#1264094
* bsc#1264252
* bsc#1264253
* bsc#1264849
* bsc#1265127
* bsc#1265197
* bsc#1265945
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023
Cross-References:
* CVE-2026-23393
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31685
* CVE-2026-31758
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43190
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943
CVSS scores:
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves 20 vulnerabilities can now be installed.
## Description:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.200 fixes
various security issues
The following security issues were fixed:
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260524).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262759).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263118).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263177).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263670).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1264253).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1264252).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264849).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265127).
* CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2934=1 SUSE-2026-2935=1 SUSE-2026-2932=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2934=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2026-2935=1 SUSE-SLE-Module-Live-
Patching-15-SP4-2026-2932=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_194-default-debuginfo-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_194-default-8-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_48-debugsource-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_200-default-debuginfo-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_197-default-debuginfo-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_50-debugsource-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_200-default-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_197-default-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_49-debugsource-6-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_194-default-debuginfo-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_194-default-8-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_48-debugsource-8-150400.2.1
* kernel-livepatch-5_14_21-150400_24_200-default-debuginfo-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_197-default-debuginfo-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_50-debugsource-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_200-default-6-150400.2.1
* kernel-livepatch-5_14_21-150400_24_197-default-6-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_49-debugsource-6-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260524
* https://bugzilla.suse.com/show_bug.cgi?id=1262759
* https://bugzilla.suse.com/show_bug.cgi?id=1263118
* https://bugzilla.suse.com/show_bug.cgi?id=1263177
* https://bugzilla.suse.com/show_bug.cgi?id=1263670
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1264252
* https://bugzilla.suse.com/show_bug.cgi?id=1264253
* https://bugzilla.suse.com/show_bug.cgi?id=1264849
* https://bugzilla.suse.com/show_bug.cgi?id=1265127
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1265945
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023
SUSE-SU-2026:2933-1: important: Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5)
# Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise
15 SP5)
Announcement ID: SUSE-SU-2026:2933-1
Release Date: 2026-07-13T19:10:43Z
Rating: important
References:
* bsc#1256615
* bsc#1260524
* bsc#1262759
* bsc#1263094
* bsc#1263118
* bsc#1263177
* bsc#1263670
* bsc#1264094
* bsc#1264252
* bsc#1264253
* bsc#1264849
* bsc#1265117
* bsc#1265127
* bsc#1265197
* bsc#1265945
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023
Cross-References:
* CVE-2025-71089
* CVE-2026-23393
* CVE-2026-31505
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31685
* CVE-2026-31758
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43190
* CVE-2026-43366
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943
CVSS scores:
* CVE-2025-71089 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71089 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31505 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43366 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43366 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43366 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves 23 vulnerabilities can now be installed.
## Description:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.113 fixes
various security issues
The following security issues were fixed:
* CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256615).
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260524).
* CVE-2026-31505: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
(bsc#1263094).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262759).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263118).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263177).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263670).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1264253).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1264252).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264849).
* CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy
on recycle (bsc#1265117).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265127).
* CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-2933=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2933=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_113-default-20-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-20-150500.2.2
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-20-150500.2.2
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_113-default-20-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_28-debugsource-20-150500.2.2
* kernel-livepatch-5_14_21-150500_55_113-default-debuginfo-20-150500.2.2
## References:
* https://www.suse.com/security/cve/CVE-2025-71089.html
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-31505.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43366.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256615
* https://bugzilla.suse.com/show_bug.cgi?id=1260524
* https://bugzilla.suse.com/show_bug.cgi?id=1262759
* https://bugzilla.suse.com/show_bug.cgi?id=1263094
* https://bugzilla.suse.com/show_bug.cgi?id=1263118
* https://bugzilla.suse.com/show_bug.cgi?id=1263177
* https://bugzilla.suse.com/show_bug.cgi?id=1263670
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1264252
* https://bugzilla.suse.com/show_bug.cgi?id=1264253
* https://bugzilla.suse.com/show_bug.cgi?id=1264849
* https://bugzilla.suse.com/show_bug.cgi?id=1265117
* https://bugzilla.suse.com/show_bug.cgi?id=1265127
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1265945
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023
SUSE-SU-2026:2937-1: important: Security update for the Linux Kernel (Live Patch 53 for SUSE Linux Enterprise 15 SP4)
# Security update for the Linux Kernel (Live Patch 53 for SUSE Linux Enterprise
15 SP4)
Announcement ID: SUSE-SU-2026:2937-1
Release Date: 2026-07-13T21:16:08Z
Rating: important
References:
* bsc#1260524
* bsc#1262759
* bsc#1263118
* bsc#1263177
* bsc#1263670
* bsc#1264094
* bsc#1264252
* bsc#1264253
* bsc#1264849
* bsc#1265127
* bsc#1265197
* bsc#1265945
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023
Cross-References:
* CVE-2026-23393
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31685
* CVE-2026-31758
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43190
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943
CVSS scores:
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves 20 vulnerabilities can now be installed.
## Description:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.214 fixes
various security issues
The following security issues were fixed:
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260524).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262759).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263118).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263177).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263670).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1264253).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1264252).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264849).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265127).
* CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2937=1 SUSE-2026-2936=1
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2937=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2026-2936=1
## Package List:
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_214-default-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_205-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_205-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_214-default-debuginfo-3-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_51-debugsource-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_53-debugsource-3-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_214-default-3-150400.2.1
* kernel-livepatch-5_14_21-150400_24_205-default-debuginfo-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_205-default-5-150400.2.1
* kernel-livepatch-5_14_21-150400_24_214-default-debuginfo-3-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_51-debugsource-5-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_53-debugsource-3-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260524
* https://bugzilla.suse.com/show_bug.cgi?id=1262759
* https://bugzilla.suse.com/show_bug.cgi?id=1263118
* https://bugzilla.suse.com/show_bug.cgi?id=1263177
* https://bugzilla.suse.com/show_bug.cgi?id=1263670
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1264252
* https://bugzilla.suse.com/show_bug.cgi?id=1264253
* https://bugzilla.suse.com/show_bug.cgi?id=1264849
* https://bugzilla.suse.com/show_bug.cgi?id=1265127
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1265945
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023
SUSE-SU-2026:2942-1: important: Security update for kubernetes
# Security update for kubernetes
Announcement ID: SUSE-SU-2026:2942-1
Release Date: 2026-07-14T06:10:19Z
Rating: important
References:
Affected Products:
* Containers Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that can now be installed.
## Description:
This update for kubernetes rebuilds it against the current go security release.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-2942=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2942=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* kubernetes1.35-client-1.35.4-150600.13.36.1
* kubernetes1.35-client-common-1.35.4-150600.13.36.1
* openSUSE Leap 15.6 (noarch)
* kubernetes1.35-client-bash-completion-1.35.4-150600.13.36.1
* kubernetes1.35-client-fish-completion-1.35.4-150600.13.36.1
* Containers Module 15-SP7 (noarch)
* kubernetes1.35-client-bash-completion-1.35.4-150600.13.36.1
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* kubernetes1.35-client-1.35.4-150600.13.36.1
* kubernetes1.35-client-common-1.35.4-150600.13.36.1
SUSE-SU-2026:2938-1: important: Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise 15 SP5)
# Security update for the Linux Kernel (Live Patch 38 for SUSE Linux Enterprise
15 SP5)
Announcement ID: SUSE-SU-2026:2938-1
Release Date: 2026-07-14T04:32:24Z
Rating: important
References:
* bsc#1260524
* bsc#1262759
* bsc#1263094
* bsc#1263118
* bsc#1263177
* bsc#1263670
* bsc#1264094
* bsc#1264252
* bsc#1264253
* bsc#1264849
* bsc#1265117
* bsc#1265127
* bsc#1265197
* bsc#1265945
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023
Cross-References:
* CVE-2026-23393
* CVE-2026-31505
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31685
* CVE-2026-31758
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43190
* CVE-2026-43366
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943
CVSS scores:
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31505 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43366 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43366 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43366 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves 22 vulnerabilities can now be installed.
## Description:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.149 fixes
various security issues
The following security issues were fixed:
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260524).
* CVE-2026-31505: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
(bsc#1263094).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262759).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263118).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263177).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263670).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1264253).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1264252).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264849).
* CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy
on recycle (bsc#1265117).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265127).
* CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-2940=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2026-2941=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2026-2938=1 SUSE-SLE-Module-Live-Patching-15-SP5-2026-2939=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2940=1 SUSE-2026-2941=1 SUSE-2026-2938=1
SUSE-2026-2939=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_149-default-debuginfo-5-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_35-debugsource-9-150500.2.2
* kernel-livepatch-5_14_21-150500_55_149-default-5-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_37-debugsource-6-150500.2.2
* kernel-livepatch-5_14_21-150500_55_141-default-debuginfo-6-150500.2.2
* kernel-livepatch-5_14_21-150500_55_136-default-9-150500.2.2
* kernel-livepatch-5_14_21-150500_55_144-default-6-150500.2.2
* kernel-livepatch-5_14_21-150500_55_141-default-6-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_36-debugsource-6-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_38-debugsource-5-150500.2.2
* kernel-livepatch-5_14_21-150500_55_144-default-debuginfo-6-150500.2.2
* kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-9-150500.2.2
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_149-default-debuginfo-5-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_35-debugsource-9-150500.2.2
* kernel-livepatch-5_14_21-150500_55_149-default-5-150500.2.2
* kernel-livepatch-5_14_21-150500_55_141-default-debuginfo-6-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_37-debugsource-6-150500.2.2
* kernel-livepatch-5_14_21-150500_55_136-default-9-150500.2.2
* kernel-livepatch-5_14_21-150500_55_144-default-6-150500.2.2
* kernel-livepatch-5_14_21-150500_55_141-default-6-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_36-debugsource-6-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_38-debugsource-5-150500.2.2
* kernel-livepatch-5_14_21-150500_55_144-default-debuginfo-6-150500.2.2
* kernel-livepatch-5_14_21-150500_55_136-default-debuginfo-9-150500.2.2
## References:
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-31505.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43366.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260524
* https://bugzilla.suse.com/show_bug.cgi?id=1262759
* https://bugzilla.suse.com/show_bug.cgi?id=1263094
* https://bugzilla.suse.com/show_bug.cgi?id=1263118
* https://bugzilla.suse.com/show_bug.cgi?id=1263177
* https://bugzilla.suse.com/show_bug.cgi?id=1263670
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1264252
* https://bugzilla.suse.com/show_bug.cgi?id=1264253
* https://bugzilla.suse.com/show_bug.cgi?id=1264849
* https://bugzilla.suse.com/show_bug.cgi?id=1265117
* https://bugzilla.suse.com/show_bug.cgi?id=1265127
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1265945
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023
SUSE-SU-2026:2945-1: important: Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP7)
# Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise
15 SP7)
Announcement ID: SUSE-SU-2026:2945-1
Release Date: 2026-07-14T06:15:48Z
Rating: important
References:
* bsc#1260524
* bsc#1262759
* bsc#1263094
* bsc#1263118
* bsc#1263177
* bsc#1263670
* bsc#1264094
* bsc#1264252
* bsc#1264253
* bsc#1264567
* bsc#1264849
* bsc#1265117
* bsc#1265127
* bsc#1265197
* bsc#1265945
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023
* bsc#1269495
Cross-References:
* CVE-2026-23393
* CVE-2026-31505
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31685
* CVE-2026-31758
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43120
* CVE-2026-43190
* CVE-2026-43366
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943
* CVE-2026-53362
CVSS scores:
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31505 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43120 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43120 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-43120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43366 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43366 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43366 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53362 ( SUSE ): 9.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-53362 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves 24 vulnerabilities can now be installed.
## Description:
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.34 fixes
various security issues
The following security issues were fixed:
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260524).
* CVE-2026-31505: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
(bsc#1263094).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262759).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263118).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263177).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263670).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1264253).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1264252).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43120: RDMA/irdma: Fix double free related to rereg_user_mr
(bsc#1264567).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264849).
* CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy
on recycle (bsc#1265117).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265127).
* CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).
* CVE-2026-53362: ipv6: account for fraggap on the paged allocation path
(bsc#1269495).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-2946=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2945=1 SUSE-2026-2944=1
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2944=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2026-2945=1
## Package List:
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_25-debugsource-3-150600.2.2
* kernel-livepatch-6_4_0-150600_23_103-default-4-150600.2.2
* kernel-livepatch-6_4_0-150600_23_109-default-debuginfo-3-150600.2.2
* kernel-livepatch-6_4_0-150600_23_109-default-3-150600.2.2
* kernel-livepatch-6_4_0-150600_23_103-default-debuginfo-4-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_24-debugsource-4-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_25-debugsource-3-150600.2.2
* kernel-livepatch-6_4_0-150600_23_103-default-4-150600.2.2
* kernel-livepatch-6_4_0-150600_23_109-default-debuginfo-3-150600.2.2
* kernel-livepatch-6_4_0-150600_23_109-default-3-150600.2.2
* kernel-livepatch-6_4_0-150600_23_103-default-debuginfo-4-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_24-debugsource-4-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150700_53_34-default-6-150700.2.2
* kernel-livepatch-6_4_0-150700_53_34-default-debuginfo-6-150700.2.2
* kernel-livepatch-SLE15-SP7_Update_10-debugsource-6-150700.2.2
## References:
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-31505.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43120.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43366.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://www.suse.com/security/cve/CVE-2026-53362.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260524
* https://bugzilla.suse.com/show_bug.cgi?id=1262759
* https://bugzilla.suse.com/show_bug.cgi?id=1263094
* https://bugzilla.suse.com/show_bug.cgi?id=1263118
* https://bugzilla.suse.com/show_bug.cgi?id=1263177
* https://bugzilla.suse.com/show_bug.cgi?id=1263670
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1264252
* https://bugzilla.suse.com/show_bug.cgi?id=1264253
* https://bugzilla.suse.com/show_bug.cgi?id=1264567
* https://bugzilla.suse.com/show_bug.cgi?id=1264849
* https://bugzilla.suse.com/show_bug.cgi?id=1265117
* https://bugzilla.suse.com/show_bug.cgi?id=1265127
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1265945
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023
* https://bugzilla.suse.com/show_bug.cgi?id=1269495
openSUSE-SU-2026:0243-1: important: Security update for afterburn
openSUSE Security Update: Security update for afterburn
_______________________________
Announcement ID: openSUSE-SU-2026:0243-1
Rating: important
References: #1196972 #1242665 #1243850 #1244199 #1270175
#1270483 #1270555 #1270651 #1270787 #1270817
#1270886 #1270949
Cross-References: CVE-2022-24713 CVE-2024-12224 CVE-2025-3416
CVE-2025-5791 CVE-2026-25541 CVE-2026-41676
CVE-2026-41677 CVE-2026-41678 CVE-2026-41681
CVE-2026-41898 CVE-2026-42327 CVE-2026-44662
CVE-2026-45784
CVSS scores:
CVE-2022-24713 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2024-12224 (SUSE): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
CVE-2025-3416 (SUSE): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVE-2025-5791 (SUSE): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2026-25541 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2026-41676 (SUSE): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
CVE-2026-41677 (SUSE): 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
CVE-2026-41678 (SUSE): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
CVE-2026-41681 (SUSE): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2026-41898 (SUSE): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
CVE-2026-42327 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2026-44662 (SUSE): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
CVE-2026-45784 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that fixes 13 vulnerabilities is now available.
Description:
This update for afterburn fixes the following issues:
- Update to version 5.10.0.git73.b97f772:
* build(deps): bump anyhow from 1.0.99 to 1.0.103
https://github.com/coreos/afterburn/pull/1284
* build(deps): bump libflate from 2.1.0 to 2.2.2
https://github.com/coreos/afterburn/pull/1283
* build(deps): bump openssl from 0.10.79 to 0.10.80 not vulnerable but
patches CVE-2026-45784 AKA boo#1270949
https://github.com/coreos/afterburn/pull/1277
- Update to version 5.10.0.git70.9cc2a7b:
* build(deps): bump openssl from 0.10.78 to 0.10.79 fixes CVE-2026-42327
AKA boo#1270483 , CVE-2026-44662 AKA boo#1270886
* providers/hetzner: Add the HETZNER_PUBLIC_IPV6 attribute
* providers/hetzner: Add support for network configuration
* build(deps): bump rustls-webpki from 0.103.10 to 0.103.13 fixes
GHSA-82j2-j2ch-gfr8 , GHSA-965h-392x-2mh5 , GHSA-xgp8-3hg3-c2mh
* build(deps): bump openssl from 0.10.73 to 0.10.78 fixes CVE-2026-41898
AKA boo#1270817 , CVE-2026-41681 AKA boo#1270787 , CVE-2026-41676 AKA
boo#1270175 , CVE-2026-41678 AKA boo#1270651 , CVE-2026-41677 AKA
boo#1270555
* docs: Add AGENTS.md and CLAUDE.md for AI coding assistants
* build(deps): bump rand from 0.9.2 to 0.9.4 not vulnerable but patches
RUSTSEC-2026-0097 AKA GHSA-cq8v-f236-94qc
* opencode: add skills for provider scaffolding and release automation
* ibmcloud-classic: Add missing network_id to fixture
* kubevirt: Support static gateway and DNS with DHCP
* build(deps): bump rustls-webpki from 0.103.6 to 0.103.10 fixes
GHSA-pwjx-qhcg-rvj4
* fix(proxmoxve): Define DNS entries for every interface
* Makefile: download `90-afterburn-authorized-keys-file.conf` for rpm
building
* Sync repo templates
* build(deps): bump bytes from 1.10.1 to 1.11.1 fixes CVE-2026-25541
* util/dhcp: Fix clippy lints
* build(deps): bump actions/checkout from 4 to 6
* build(deps): bump actions/upload-artifact from 4 to 5
* kubevirt: modprobe for virtio_blk; remove dracut preload
* kubevirt: Add NoCloud network configuration support
* kubevirt: Support config drive network data
* kubevirt: Refactor the provider to follow the proxmoxve structure
* dracut: Add virtio_blk module preload to afterburn-network-kargs
service
* docs: Add release notes
* cargo: Afterburn release 5.10.0
- Update to version 5.10.0:
* cargo: Afterburn release 5.10.0
* docs/release-notes: update for release 5.10.0
* cargo: update dependencies
* microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat
* docs/release-notes: Add entry for Azure SharedConfig XML parsing fix
* microsoft/azure: Fix SharedConfig parsing of XML attributes
* microsoft/azure: Mock goalstate.SharedConfig output in tests
* providers/azure: switch SSH key retrieval from certs endpoint to IMDS
* build(deps): bump the build group with 8 updates
* build(deps): bump slab from 0.4.10 to 0.4.11
* build(deps): bump actions/checkout from 4 to 5
* upcloud: implement UpCloud provider
* build(deps): bump the build group with 4 updates
* Sync repo templates
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-243=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):
afterburn-5.10.0.git73.b97f772-bp157.2.9.1
- openSUSE Backports SLE-15-SP7 (noarch):
afterburn-dracut-5.10.0.git73.b97f772-bp157.2.9.1
References:
https://www.suse.com/security/cve/CVE-2022-24713.html
https://www.suse.com/security/cve/CVE-2024-12224.html
https://www.suse.com/security/cve/CVE-2025-3416.html
https://www.suse.com/security/cve/CVE-2025-5791.html
https://www.suse.com/security/cve/CVE-2026-25541.html
https://www.suse.com/security/cve/CVE-2026-41676.html
https://www.suse.com/security/cve/CVE-2026-41677.html
https://www.suse.com/security/cve/CVE-2026-41678.html
https://www.suse.com/security/cve/CVE-2026-41681.html
https://www.suse.com/security/cve/CVE-2026-41898.html
https://www.suse.com/security/cve/CVE-2026-42327.html
https://www.suse.com/security/cve/CVE-2026-44662.html
https://www.suse.com/security/cve/CVE-2026-45784.html
https://bugzilla.suse.com/1196972
https://bugzilla.suse.com/1242665
https://bugzilla.suse.com/1243850
https://bugzilla.suse.com/1244199
https://bugzilla.suse.com/1270175
https://bugzilla.suse.com/1270483
https://bugzilla.suse.com/1270555
https://bugzilla.suse.com/1270651
https://bugzilla.suse.com/1270787
https://bugzilla.suse.com/1270817
https://bugzilla.suse.com/1270886
https://bugzilla.suse.com/1270949
SUSE-SU-2026:2949-1: moderate: Security update for python-mistune
# Security update for python-mistune
Announcement ID: SUSE-SU-2026:2949-1
Release Date: 2026-07-14T09:23:51Z
Rating: moderate
References:
* bsc#1265052
Cross-References:
* CVE-2026-44898
CVSS scores:
* CVE-2026-44898 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-44898 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-44898 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
* openSUSE Leap 15.4
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for python-mistune fixes the following issue
* CVE-2026-44898: improper sanitization of user-supplied HTML input in
`render_toc_ul` can lead to XSS (bsc#1265052).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-2949=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2949=1
## Package List:
* Python 3 Module 15-SP7 (noarch)
* python311-mistune-2.0.5-150400.11.8.1
* openSUSE Leap 15.4 (noarch)
* python311-mistune-2.0.5-150400.11.8.1
## References:
* https://www.suse.com/security/cve/CVE-2026-44898.html
* https://bugzilla.suse.com/show_bug.cgi?id=1265052
SUSE-SU-2026:2954-1: important: Security update for krb5
# Security update for krb5
Announcement ID: SUSE-SU-2026:2954-1
Release Date: 2026-07-14T09:57:42Z
Rating: important
References:
* bsc#1268131
Cross-References:
* CVE-2026-11850
CVSS scores:
* CVE-2026-11850 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-11850 ( NVD ): 5.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves one vulnerability can now be installed.
## Description:
This update for krb5 fixes the following issue
* CVE-2026-11850: integer underflow in berval2tl_data() leads to heap out-of-
bounds read (bsc#1268131).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2954=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2954=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2954=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2954=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2954=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2954=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2954=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2954=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2954=1
## Package List:
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* krb5-client-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-kdb-ldap-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-preauth-pkinit-1.19.2-150400.3.24.1
* krb5-server-1.19.2-150400.3.24.1
* krb5-debugsource-1.19.2-150400.3.24.1
* krb5-1.19.2-150400.3.24.1
* krb5-client-1.19.2-150400.3.24.1
* krb5-debuginfo-1.19.2-150400.3.24.1
* krb5-devel-1.19.2-150400.3.24.1
* krb5-server-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-preauth-otp-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-preauth-otp-1.19.2-150400.3.24.1
* krb5-plugin-kdb-ldap-1.19.2-150400.3.24.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64)
* krb5-32bit-debuginfo-1.19.2-150400.3.24.1
* krb5-32bit-1.19.2-150400.3.24.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* krb5-debugsource-1.19.2-150400.3.24.1
* krb5-mini-debugsource-1.19.2-150400.3.24.1
* krb5-plugin-preauth-spake-1.19.2-150400.3.24.1
* krb5-plugin-preauth-otp-1.19.2-150400.3.24.1
* krb5-mini-debuginfo-1.19.2-150400.3.24.1
* krb5-debuginfo-1.19.2-150400.3.24.1
* krb5-server-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-preauth-otp-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150400.3.24.1
* krb5-server-1.19.2-150400.3.24.1
* krb5-mini-1.19.2-150400.3.24.1
* krb5-plugin-preauth-pkinit-1.19.2-150400.3.24.1
* krb5-devel-1.19.2-150400.3.24.1
* krb5-client-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-kdb-ldap-debuginfo-1.19.2-150400.3.24.1
* krb5-1.19.2-150400.3.24.1
* krb5-mini-devel-1.19.2-150400.3.24.1
* krb5-client-1.19.2-150400.3.24.1
* krb5-plugin-preauth-spake-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-kdb-ldap-1.19.2-150400.3.24.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* krb5-64bit-debuginfo-1.19.2-150400.3.24.1
* krb5-devel-64bit-1.19.2-150400.3.24.1
* krb5-64bit-1.19.2-150400.3.24.1
* openSUSE Leap 15.4 (x86_64)
* krb5-32bit-debuginfo-1.19.2-150400.3.24.1
* krb5-devel-32bit-1.19.2-150400.3.24.1
* krb5-32bit-1.19.2-150400.3.24.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* krb5-client-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-kdb-ldap-debuginfo-1.19.2-150400.3.24.1
* krb5-server-1.19.2-150400.3.24.1
* krb5-debugsource-1.19.2-150400.3.24.1
* krb5-plugin-preauth-pkinit-1.19.2-150400.3.24.1
* krb5-1.19.2-150400.3.24.1
* krb5-debuginfo-1.19.2-150400.3.24.1
* krb5-client-1.19.2-150400.3.24.1
* krb5-devel-1.19.2-150400.3.24.1
* krb5-server-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-preauth-otp-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-preauth-otp-1.19.2-150400.3.24.1
* krb5-plugin-kdb-ldap-1.19.2-150400.3.24.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64)
* krb5-32bit-debuginfo-1.19.2-150400.3.24.1
* krb5-32bit-1.19.2-150400.3.24.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* krb5-client-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-kdb-ldap-debuginfo-1.19.2-150400.3.24.1
* krb5-server-1.19.2-150400.3.24.1
* krb5-plugin-preauth-pkinit-1.19.2-150400.3.24.1
* krb5-debugsource-1.19.2-150400.3.24.1
* krb5-1.19.2-150400.3.24.1
* krb5-client-1.19.2-150400.3.24.1
* krb5-devel-1.19.2-150400.3.24.1
* krb5-debuginfo-1.19.2-150400.3.24.1
* krb5-server-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-preauth-otp-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-preauth-otp-1.19.2-150400.3.24.1
* krb5-plugin-kdb-ldap-1.19.2-150400.3.24.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64)
* krb5-32bit-debuginfo-1.19.2-150400.3.24.1
* krb5-32bit-1.19.2-150400.3.24.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* krb5-client-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-kdb-ldap-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-preauth-pkinit-1.19.2-150400.3.24.1
* krb5-debugsource-1.19.2-150400.3.24.1
* krb5-server-1.19.2-150400.3.24.1
* krb5-1.19.2-150400.3.24.1
* krb5-client-1.19.2-150400.3.24.1
* krb5-debuginfo-1.19.2-150400.3.24.1
* krb5-devel-1.19.2-150400.3.24.1
* krb5-server-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-preauth-otp-debuginfo-1.19.2-150400.3.24.1
* krb5-plugin-preauth-otp-1.19.2-150400.3.24.1
* krb5-plugin-kdb-ldap-1.19.2-150400.3.24.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64)
* krb5-32bit-debuginfo-1.19.2-150400.3.24.1
* krb5-32bit-1.19.2-150400.3.24.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* krb5-debugsource-1.19.2-150400.3.24.1
* krb5-1.19.2-150400.3.24.1
* krb5-debuginfo-1.19.2-150400.3.24.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* krb5-debugsource-1.19.2-150400.3.24.1
* krb5-1.19.2-150400.3.24.1
* krb5-debuginfo-1.19.2-150400.3.24.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* krb5-debugsource-1.19.2-150400.3.24.1
* krb5-1.19.2-150400.3.24.1
* krb5-debuginfo-1.19.2-150400.3.24.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* krb5-debugsource-1.19.2-150400.3.24.1
* krb5-1.19.2-150400.3.24.1
* krb5-debuginfo-1.19.2-150400.3.24.1
## References:
* https://www.suse.com/security/cve/CVE-2026-11850.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268131
SUSE-SU-2026:2964-1: important: Security update for buildah
# Security update for buildah
Announcement ID: SUSE-SU-2026:2964-1
Release Date: 2026-07-14T11:09:44Z
Rating: important
References:
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that can now be installed.
## Description:
This update for buildah rebuilds it against the current go security release.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2964=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2964=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2964=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2964=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2964=1
## Package List:
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* buildah-1.35.5-150400.3.70.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* buildah-1.35.5-150400.3.70.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* buildah-1.35.5-150400.3.70.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* buildah-1.35.5-150400.3.70.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* buildah-1.35.5-150400.3.70.1
SUSE-SU-2026:2968-1: moderate: Security update for python-Authlib
# Security update for python-Authlib
Announcement ID: SUSE-SU-2026:2968-1
Release Date: 2026-07-14T11:15:55Z
Rating: moderate
References:
* bsc#1263114
* bsc#1266665
Cross-References:
* CVE-2026-41425
* CVE-2026-44681
CVSS scores:
* CVE-2026-41425 ( SUSE ): 5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-41425 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-41425 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-44681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-44681 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
* openSUSE Leap 15.6
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves two vulnerabilities can now be installed.
## Description:
This update for python-Authlib fixes the following issues
* CVE-2026-41425: no CSRF protection on the cache feature in
`authlib.integrations.starlette_client.OAuth` (bsc#1263114).
* CVE-2026-44681: unauthenticated open redirect in the `OpenIDImplicitGrant`
and `OpenIDHybridGrant` authorization endpoints (bsc#1266665).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2968=1
* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-2968=1
## Package List:
* Python 3 Module 15-SP7 (noarch)
* python311-Authlib-1.3.1-150600.3.22.1
* openSUSE Leap 15.6 (noarch)
* python311-Authlib-1.3.1-150600.3.22.1
## References:
* https://www.suse.com/security/cve/CVE-2026-41425.html
* https://www.suse.com/security/cve/CVE-2026-44681.html
* https://bugzilla.suse.com/show_bug.cgi?id=1263114
* https://bugzilla.suse.com/show_bug.cgi?id=1266665
SUSE-SU-2026:2965-1: important: Security update for kubernetes-old
# Security update for kubernetes-old
Announcement ID: SUSE-SU-2026:2965-1
Release Date: 2026-07-14T11:10:09Z
Rating: important
References:
Affected Products:
* Containers Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that can now be installed.
## Description:
This update for kubernetes-old rebuilds it against the current go security
release.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-2965=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2965=1
## Package List:
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* kubernetes1.33-client-1.33.11-150600.13.34.1
* kubernetes1.33-client-common-1.33.11-150600.13.34.1
* Containers Module 15-SP7 (noarch)
* kubernetes1.33-client-bash-completion-1.33.11-150600.13.34.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* kubernetes1.33-client-1.33.11-150600.13.34.1
* kubernetes1.33-client-common-1.33.11-150600.13.34.1
* openSUSE Leap 15.6 (noarch)
* kubernetes1.33-client-fish-completion-1.33.11-150600.13.34.1
* kubernetes1.33-client-bash-completion-1.33.11-150600.13.34.1
SUSE-SU-2026:2957-1: important: Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6)
# Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise
15 SP6)
Announcement ID: SUSE-SU-2026:2957-1
Release Date: 2026-07-14T10:19:59Z
Rating: important
References:
* bsc#1260524
* bsc#1262759
* bsc#1263094
* bsc#1263118
* bsc#1263177
* bsc#1263670
* bsc#1264094
* bsc#1264252
* bsc#1264253
* bsc#1264567
* bsc#1264849
* bsc#1265117
* bsc#1265127
* bsc#1265197
* bsc#1265945
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023
* bsc#1269495
Cross-References:
* CVE-2026-23393
* CVE-2026-31505
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31685
* CVE-2026-31758
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43120
* CVE-2026-43190
* CVE-2026-43366
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943
* CVE-2026-53362
CVSS scores:
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31505 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43120 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43120 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-43120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43366 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43366 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43366 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53362 ( SUSE ): 9.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-53362 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves 24 vulnerabilities can now be installed.
## Description:
This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.87 fixes
various security issues
The following security issues were fixed:
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260524).
* CVE-2026-31505: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
(bsc#1263094).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262759).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263118).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263177).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263670).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1264253).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1264252).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43120: RDMA/irdma: Fix double free related to rereg_user_mr
(bsc#1264567).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264849).
* CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy
on recycle (bsc#1265117).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265127).
* CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).
* CVE-2026-53362: ipv6: account for fraggap on the paged allocation path
(bsc#1269495).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2959=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2026-2958=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2026-2957=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2959=1 SUSE-2026-2958=1 SUSE-2026-2957=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_87-default-8-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_23-debugsource-5-150600.2.2
* kernel-livepatch-6_4_0-150600_23_92-default-debuginfo-6-150600.2.2
* kernel-livepatch-6_4_0-150600_23_100-default-5-150600.2.2
* kernel-livepatch-6_4_0-150600_23_92-default-6-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_21-debugsource-6-150600.2.2
* kernel-livepatch-6_4_0-150600_23_100-default-debuginfo-5-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_20-debugsource-8-150600.2.2
* kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-8-150600.2.2
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_87-default-8-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_23-debugsource-5-150600.2.2
* kernel-livepatch-6_4_0-150600_23_92-default-debuginfo-6-150600.2.2
* kernel-livepatch-6_4_0-150600_23_100-default-5-150600.2.2
* kernel-livepatch-6_4_0-150600_23_92-default-6-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_21-debugsource-6-150600.2.2
* kernel-livepatch-6_4_0-150600_23_100-default-debuginfo-5-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_20-debugsource-8-150600.2.2
* kernel-livepatch-6_4_0-150600_23_87-default-debuginfo-8-150600.2.2
## References:
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-31505.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43120.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43366.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://www.suse.com/security/cve/CVE-2026-53362.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260524
* https://bugzilla.suse.com/show_bug.cgi?id=1262759
* https://bugzilla.suse.com/show_bug.cgi?id=1263094
* https://bugzilla.suse.com/show_bug.cgi?id=1263118
* https://bugzilla.suse.com/show_bug.cgi?id=1263177
* https://bugzilla.suse.com/show_bug.cgi?id=1263670
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1264252
* https://bugzilla.suse.com/show_bug.cgi?id=1264253
* https://bugzilla.suse.com/show_bug.cgi?id=1264567
* https://bugzilla.suse.com/show_bug.cgi?id=1264849
* https://bugzilla.suse.com/show_bug.cgi?id=1265117
* https://bugzilla.suse.com/show_bug.cgi?id=1265127
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1265945
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023
* https://bugzilla.suse.com/show_bug.cgi?id=1269495
SUSE-SU-2026:2961-1: important: Security update for the Linux Kernel (Live Patch 39 for SUSE Linux Enterprise 15 SP5)
# Security update for the Linux Kernel (Live Patch 39 for SUSE Linux Enterprise
15 SP5)
Announcement ID: SUSE-SU-2026:2961-1
Release Date: 2026-07-14T10:33:59Z
Rating: important
References:
* bsc#1260524
* bsc#1262759
* bsc#1263094
* bsc#1263118
* bsc#1263177
* bsc#1263670
* bsc#1264094
* bsc#1264252
* bsc#1264253
* bsc#1264849
* bsc#1265117
* bsc#1265127
* bsc#1265197
* bsc#1265945
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023
Cross-References:
* CVE-2026-23393
* CVE-2026-31505
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31685
* CVE-2026-31758
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43190
* CVE-2026-43366
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943
CVSS scores:
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31505 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43366 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43366 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43366 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves 22 vulnerabilities can now be installed.
## Description:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.163 fixes
various security issues
The following security issues were fixed:
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260524).
* CVE-2026-31505: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
(bsc#1263094).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262759).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263118).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263177).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263670).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1264253).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1264252).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264849).
* CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy
on recycle (bsc#1265117).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265127).
* CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-2961=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2961=1
## Package List:
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_163-default-4-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_39-debugsource-4-150500.2.2
* kernel-livepatch-5_14_21-150500_55_163-default-debuginfo-4-150500.2.2
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_163-default-4-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_39-debugsource-4-150500.2.2
* kernel-livepatch-5_14_21-150500_55_163-default-debuginfo-4-150500.2.2
## References:
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-31505.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43366.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260524
* https://bugzilla.suse.com/show_bug.cgi?id=1262759
* https://bugzilla.suse.com/show_bug.cgi?id=1263094
* https://bugzilla.suse.com/show_bug.cgi?id=1263118
* https://bugzilla.suse.com/show_bug.cgi?id=1263177
* https://bugzilla.suse.com/show_bug.cgi?id=1263670
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1264252
* https://bugzilla.suse.com/show_bug.cgi?id=1264253
* https://bugzilla.suse.com/show_bug.cgi?id=1264849
* https://bugzilla.suse.com/show_bug.cgi?id=1265117
* https://bugzilla.suse.com/show_bug.cgi?id=1265127
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1265945
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023
openSUSE-SU-2026:11262-1: moderate: sdbootutil-1+git20260713.d869cf8-1.1 on GA media
# sdbootutil-1+git20260713.d869cf8-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11262-1
Rating: moderate
Cross-References:
* CVE-2026-41677
* CVE-2026-41678
* CVE-2026-41681
* CVE-2026-41898
* CVE-2026-42327
* CVE-2026-44662
* CVE-2026-45784
CVSS scores:
* CVE-2026-41677 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-41677 ( SUSE ): 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
* CVE-2026-41678 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-41678 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41681 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-41681 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-41898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-41898 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-42327 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-42327 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-44662 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-44662 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45784 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-45784 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 7 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the sdbootutil-1+git20260713.d869cf8-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* sdbootutil 1+git20260713.d869cf8-1.1
* sdbootutil-bash-completion 1+git20260713.d869cf8-1.1
* sdbootutil-dracut-measure-pcr 1+git20260713.d869cf8-1.1
* sdbootutil-enroll 1+git20260713.d869cf8-1.1
* sdbootutil-jeos-firstboot-enroll 1+git20260713.d869cf8-1.1
* sdbootutil-kernel-install 1+git20260713.d869cf8-1.1
* sdbootutil-snapper 1+git20260713.d869cf8-1.1
* sdbootutil-tukit 1+git20260713.d869cf8-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-41677.html
* https://www.suse.com/security/cve/CVE-2026-41678.html
* https://www.suse.com/security/cve/CVE-2026-41681.html
* https://www.suse.com/security/cve/CVE-2026-41898.html
* https://www.suse.com/security/cve/CVE-2026-42327.html
* https://www.suse.com/security/cve/CVE-2026-44662.html
* https://www.suse.com/security/cve/CVE-2026-45784.html
openSUSE-SU-2026:11256-1: moderate: busybox-1.38.0-1.1 on GA media
# busybox-1.38.0-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11256-1
Rating: moderate
Cross-References:
* CVE-2023-39810
CVSS scores:
* CVE-2023-39810 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the busybox-1.38.0-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* busybox 1.38.0-1.1
* busybox-static 1.38.0-1.1
* busybox-testsuite 1.38.0-1.1
* busybox-warewulf3 1.38.0-1.1
## References:
* https://www.suse.com/security/cve/CVE-2023-39810.html
openSUSE-SU-2026:11260-1: moderate: patch-2.8-3.1 on GA media
# patch-2.8-3.1 on GA media
Announcement ID: openSUSE-SU-2026:11260-1
Rating: moderate
Cross-References:
* CVE-2026-56288
* CVE-2026-56289
CVSS scores:
* CVE-2026-56288 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56288 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-56289 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56289 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
Affected Products:
* openSUSE Tumbleweed
An update that solves 2 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the patch-2.8-3.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* patch 2.8-3.1
## References:
* https://www.suse.com/security/cve/CVE-2026-56288.html
* https://www.suse.com/security/cve/CVE-2026-56289.html
openSUSE-SU-2026:11259-1: moderate: libopenbabel8-3.2.1-1.1 on GA media
# libopenbabel8-3.2.1-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11259-1
Rating: moderate
Cross-References:
* CVE-2025-10994
CVSS scores:
* CVE-2025-10994 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the libopenbabel8-3.2.1-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* libopenbabel8 3.2.1-1.1
* openbabel 3.2.1-1.1
* openbabel-devel 3.2.1-1.1
* openbabel-gui 3.2.1-1.1
* python3-openbabel 3.2.1-1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-10994.html
openSUSE-SU-2026:11258-1: moderate: libxml2-16-2.15.3-2.1 on GA media
# libxml2-16-2.15.3-2.1 on GA media
Announcement ID: openSUSE-SU-2026:11258-1
Rating: moderate
Cross-References:
* CVE-2026-11979
CVSS scores:
* CVE-2026-11979 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-11979 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the libxml2-16-2.15.3-2.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* libxml2-16 2.15.3-2.1
* libxml2-16-32bit 2.15.3-2.1
* libxml2-devel 2.15.3-2.1
* libxml2-devel-32bit 2.15.3-2.1
* libxml2-tools 2.15.3-2.1
## References:
* https://www.suse.com/security/cve/CVE-2026-11979.html
openSUSE-SU-2026:11261-1: moderate: python313-Pillow-12.3.0-1.1 on GA media
# python313-Pillow-12.3.0-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11261-1
Rating: moderate
Cross-References:
* CVE-2014-3589
* CVE-2014-3598
* CVE-2016-0740
* CVE-2016-0775
* CVE-2016-3076
* CVE-2020-15999
* CVE-2020-35653
* CVE-2020-35654
* CVE-2020-35655
* CVE-2021-23437
* CVE-2021-25289
* CVE-2021-25290
* CVE-2021-25291
* CVE-2021-25292
* CVE-2021-25293
* CVE-2021-27921
* CVE-2021-34552
* CVE-2023-44271
* CVE-2023-50447
* CVE-2024-28219
* CVE-2026-42311
* CVE-2026-4775
* CVE-2026-54059
* CVE-2026-55379
CVSS scores:
* CVE-2020-15999 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2020-35653 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2020-35654 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2020-35655 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2021-23437 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-25289 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2021-25290 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-25291 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-25292 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-25293 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-27921 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-34552 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-44271 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-50447 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-28219 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-42311 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-42311 ( SUSE ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-4775 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-4775 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-54059 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-55379 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Tumbleweed
An update that solves 24 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the python313-Pillow-12.3.0-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* python313-Pillow 12.3.0-1.1
* python313-Pillow-tk 12.3.0-1.1
* python314-Pillow 12.3.0-1.1
* python314-Pillow-tk 12.3.0-1.1
## References:
* https://www.suse.com/security/cve/CVE-2014-3589.html
* https://www.suse.com/security/cve/CVE-2014-3598.html
* https://www.suse.com/security/cve/CVE-2016-0740.html
* https://www.suse.com/security/cve/CVE-2016-0775.html
* https://www.suse.com/security/cve/CVE-2016-3076.html
* https://www.suse.com/security/cve/CVE-2020-15999.html
* https://www.suse.com/security/cve/CVE-2020-35653.html
* https://www.suse.com/security/cve/CVE-2020-35654.html
* https://www.suse.com/security/cve/CVE-2020-35655.html
* https://www.suse.com/security/cve/CVE-2021-23437.html
* https://www.suse.com/security/cve/CVE-2021-25289.html
* https://www.suse.com/security/cve/CVE-2021-25290.html
* https://www.suse.com/security/cve/CVE-2021-25291.html
* https://www.suse.com/security/cve/CVE-2021-25292.html
* https://www.suse.com/security/cve/CVE-2021-25293.html
* https://www.suse.com/security/cve/CVE-2021-27921.html
* https://www.suse.com/security/cve/CVE-2021-34552.html
* https://www.suse.com/security/cve/CVE-2023-44271.html
* https://www.suse.com/security/cve/CVE-2023-50447.html
* https://www.suse.com/security/cve/CVE-2024-28219.html
* https://www.suse.com/security/cve/CVE-2026-42311.html
* https://www.suse.com/security/cve/CVE-2026-4775.html
* https://www.suse.com/security/cve/CVE-2026-54059.html
* https://www.suse.com/security/cve/CVE-2026-55379.html
openSUSE-SU-2026:11257-1: moderate: freetype2-devel-2.14.3-1.1 on GA media
# freetype2-devel-2.14.3-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11257-1
Rating: moderate
Cross-References:
* CVE-2026-50811
CVSS scores:
* CVE-2026-50811 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-50811 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the freetype2-devel-2.14.3-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* freetype2-devel 2.14.3-1.1
* freetype2-devel-32bit 2.14.3-1.1
* freetype2-profile-tti35 2.14.3-1.1
* ftdump 2.14.3-1.1
* libfreetype6 2.14.3-1.1
* libfreetype6-32bit 2.14.3-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-50811.html
openSUSE-SU-2026:11255-1: moderate: afterburn-5.10.0.git73.b97f772-1.1 on GA media
# afterburn-5.10.0.git73.b97f772-1.1 on GA media
Announcement ID: openSUSE-SU-2026:11255-1
Rating: moderate
Cross-References:
* CVE-2026-25541
* CVE-2026-41676
* CVE-2026-41677
* CVE-2026-41898
* CVE-2026-42327
* CVE-2026-45784
CVSS scores:
* CVE-2026-25541 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41677 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-41677 ( SUSE ): 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
* CVE-2026-41898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-41898 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-42327 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-42327 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-45784 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-45784 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 6 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the afterburn-5.10.0.git73.b97f772-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* afterburn 5.10.0.git73.b97f772-1.1
* afterburn-dracut 5.10.0.git73.b97f772-1.1
## References:
* https://www.suse.com/security/cve/CVE-2026-25541.html
* https://www.suse.com/security/cve/CVE-2026-41676.html
* https://www.suse.com/security/cve/CVE-2026-41677.html
* https://www.suse.com/security/cve/CVE-2026-41898.html
* https://www.suse.com/security/cve/CVE-2026-42327.html
* https://www.suse.com/security/cve/CVE-2026-45784.html
openSUSE-SU-2026:0244-1: important: Security update for gosec
openSUSE Security Update: Security update for gosec
_______________________________
Announcement ID: openSUSE-SU-2026:0244-1
Rating: important
References: #1265919 #1266209 #1266793 #1267195
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that contains security fixes can now be installed.
Description:
This update for gosec fixes the following issues:
- Fixing multiple vulnerabilities in the following embedded dependencies:
golang.org/x/crypto/ssh (bsc#1266209), golang.org/x/net/html
(bsc#1267195), golang.org/x/net/idna (bsc#1266793),
golang.org/x/net/http2 (bsc#1265919).
- Update to version 2.27.1:
* Downgrade google lib to avoid min Go version bump (#1687)
* Downgrade the jsonschema dep to v0.13.0 due to incompatibility with
anthropick-sdk-go (#1686)
* Update all dependencies (#1685)
* Downgrade the github.com/invopop/jsonschema v0.13.0 to solve
incopatibility with anthropic-sdk (#1683)
* Update all dependencies (#1682)
* Update vulnerabilities alerts for indirect dependencies
* Pin dependencies (#1681)
* Skip pining for my repos
* Update renovate configuration
* Fix typo
* Update branch config in renovate config
* Migrate config renovate.json (#1678)
* Update renovate to refresh the branch creation
* Update the renovate branch prefix
* Update renovate config to pin the actions dependencies by digests
(#1676)
* Migrate the html remport to react v19. (#1675)
* Manually update version to fix renovate (#1674)
* feat: integrate Atlas Cloud provider (#1672)
* Refactor error position parsing to support path with colon. (#1673)
* Add two options to require rule ID and justificaiton for inline
annotations (#1671)
* Fix false positive in G118 when cancel is stored in a slice/map (#1670)
* chore(go): update supported Go versions to 1.25.10 and 1.26.3 (#1669)
* Harden the github workflows and action (#1665)
* Fix justification delimiter in annotation format doc (#1661)
* Update all dependencies (#1664)
* Update action to use gosec version v2.26.1 (#1660)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-244=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):
gosec-2.27.1-bp157.2.9.1
References:
https://bugzilla.suse.com/1265919
https://bugzilla.suse.com/1266209
https://bugzilla.suse.com/1266793
https://bugzilla.suse.com/1267195
openSUSE-SU-2026:0245-1: important: Security update for enc
openSUSE Security Update: Security update for enc
_______________________________
Announcement ID: openSUSE-SU-2026:0245-1
Rating: important
References: #1265533
Cross-References: CVE-2026-1229
CVSS scores:
CVE-2026-1229 (SUSE): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
Affected Products:
openSUSE Backports SLE-15-SP7
_______________________________
An update that fixes one vulnerability is now available.
Description:
This update for enc fixes the following issues:
- CVE-2026-1229: Fix incorrect value produced by CombinedMult() in
ecc/p384 (boo#1265533) Bump circl to 1.6.3
- Update to 1.1.5:
* Update dependencies #10
- Update to 1.1.4:
* Update all dependencies #9
- Update to 1.1.3:
* Fix typo in README #7
* Update all dependencies #8
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-245=1
Package List:
- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):
enc-1.1.5-bp157.2.3.1
References:
https://www.suse.com/security/cve/CVE-2026-1229.html
https://bugzilla.suse.com/1265533
SUSE-SU-2026:2984-1: moderate: Security update for python3-dulwich
# Security update for python3-dulwich
Announcement ID: SUSE-SU-2026:2984-1
Release Date: 2026-07-14T13:21:03Z
Rating: moderate
References:
* bsc#1268138
Cross-References:
* CVE-2026-47734
CVSS scores:
* CVE-2026-47734 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-47734 ( NVD ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP7
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for python3-dulwich fixes the following issues:
* CVE-2026-47734: Do not honour receive.maxInputSize to bound received packs
(bsc#1268138)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2984=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2984=1
## Package List:
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* python3-dulwich-debugsource-0.20.24-150400.8.1
* python3-dulwich-debuginfo-0.20.24-150400.8.1
* python3-dulwich-0.20.24-150400.8.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* python3-dulwich-debugsource-0.20.24-150400.8.1
* python3-dulwich-debuginfo-0.20.24-150400.8.1
* python3-dulwich-0.20.24-150400.8.1
## References:
* https://www.suse.com/security/cve/CVE-2026-47734.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268138
SUSE-SU-2026:2989-1: important: Security update for the Linux Kernel (Live Patch 40 for SUSE Linux Enterprise 15 SP5)
# Security update for the Linux Kernel (Live Patch 40 for SUSE Linux Enterprise
15 SP5)
Announcement ID: SUSE-SU-2026:2989-1
Release Date: 2026-07-14T15:46:16Z
Rating: important
References:
* bsc#1264094
* bsc#1265117
* bsc#1265197
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023
Cross-References:
* CVE-2026-31758
* CVE-2026-43037
* CVE-2026-43366
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943
CVSS scores:
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43366 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43366 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43366 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves 11 vulnerabilities can now be installed.
## Description:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.166 fixes
various security issues
The following security issues were fixed:
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy
on recycle (bsc#1265117).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-2989=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2989=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_166-default-2-150500.2.2
* kernel-livepatch-5_14_21-150500_55_166-default-debuginfo-2-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_40-debugsource-2-150500.2.2
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_166-default-2-150500.2.2
* kernel-livepatch-5_14_21-150500_55_166-default-debuginfo-2-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_40-debugsource-2-150500.2.2
## References:
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43366.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1265117
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023
SUSE-SU-2026:2991-1: important: Security update for the Linux Kernel (Live Patch 54 for SUSE Linux Enterprise 15 SP4)
# Security update for the Linux Kernel (Live Patch 54 for SUSE Linux Enterprise
15 SP4)
Announcement ID: SUSE-SU-2026:2991-1
Release Date: 2026-07-14T16:05:09Z
Rating: important
References:
* bsc#1264094
* bsc#1265197
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023
Cross-References:
* CVE-2026-31758
* CVE-2026-43037
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943
CVSS scores:
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
An update that solves 10 vulnerabilities can now be installed.
## Description:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.219 fixes
various security issues
The following security issues were fixed:
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2991=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2991=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_219-default-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_54-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_219-default-debuginfo-2-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_219-default-2-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_54-debugsource-2-150400.2.1
* kernel-livepatch-5_14_21-150400_24_219-default-debuginfo-2-150400.2.1
## References:
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023