Firefox, strongSwan, Kubernetes, Azure Storage updates for SUSE

SUSE 5683 Published by

SUSE has rolled out a comprehensive security patch bundle that resolves dozens of critical vulnerabilities across essential enterprise software. The latest release targets widely deployed tools like MozillaFirefox, strongSwan, Kubernetes modules, and Azure storage utilities while also addressing flaws in Python frameworks and database libraries.

SUSE-SU-2026:2459-1: important: Security update for strongswan
SUSE-SU-2026:2460-1: important: Security update for kubernetes-old
SUSE-SU-2026:2462-1: important: Security update for ldns
openSUSE-SU-2026:11056-1: moderate: inspektor-gadget-0.53.2-1.1 on GA media
openSUSE-SU-2026:11052-1: moderate: MozillaFirefox-152.0-1.1 on GA media
openSUSE-SU-2026:11060-1: moderate: tinyproxy-1.11.3-3.1 on GA media
openSUSE-SU-2026:11057-1: moderate: kubevirt-1.8-container-disk-1.8.3-1.1 on GA media
openSUSE-SU-2026:11054-1: moderate: containerized-data-importer-1.65-api-1.65.0-1.1 on GA media
openSUSE-SU-2026:11059-1: moderate: lemon-3.53.2-2.1 on GA media
openSUSE-SU-2026:11053-1: moderate: alloy-1.17.0-1.1 on GA media
SUSE-SU-2026:2466-1: important: Security update for azure-storage-azcopy
SUSE-SU-2026:2470-1: important: Security update for python-starlette




SUSE-SU-2026:2459-1: important: Security update for strongswan


# Security update for strongswan

Announcement ID: SUSE-SU-2026:2459-1
Release Date: 2026-06-18T16:40:03Z
Rating: important
References:

* bsc#1261705
* bsc#1261706
* bsc#1261708
* bsc#1261712
* bsc#1261717
* bsc#1261718
* bsc#1261720
* bsc#1266360

Cross-References:

* CVE-2026-35328
* CVE-2026-35329
* CVE-2026-35330
* CVE-2026-35331
* CVE-2026-35332
* CVE-2026-35333
* CVE-2026-35334
* CVE-2026-47895

CVSS scores:

* CVE-2026-35328 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-35328 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-35329 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-35329 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-35330 ( SUSE ): 9.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-35330 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-35331 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-35331 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-35332 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-35332 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-35333 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-35333 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-35334 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-35334 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-47895 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-47895 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves eight vulnerabilities can now be installed.

## Description:

This update for strongswan fixes the following issues

* CVE-2026-35328: infinite loop when handling supported versions TLS extension
(bsc#1261712).
* CVE-2026-35329: null pointer dereference when processing padding in PKCS#7
(bsc#1261717).
* CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes
(bsc#1261705).
* CVE-2026-35331: accepting certificates violating name constraints
(bsc#1261718).
* CVE-2026-35332: null pointer dereference when handling ECDH public value in
TLS (bsc#1261708).
* CVE-2026-35333: integer underflow when handling RADIUS attributes
(bsc#1261706).
* CVE-2026-35334: possible null pointer dereference in RSA decryption
(bsc#1261720).
* CVE-2026-47895: double-free when destroying certain cloned identities
(bsc#1266360).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2459=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2459=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2459=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2459=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2459=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* strongswan-sqlite-5.9.11-150500.5.23.2
* strongswan-debugsource-5.9.11-150500.5.23.2
* strongswan-hmac-5.9.11-150500.5.23.2
* strongswan-ipsec-debuginfo-5.9.11-150500.5.23.2
* strongswan-5.9.11-150500.5.23.2
* strongswan-libs0-debuginfo-5.9.11-150500.5.23.2
* strongswan-mysql-5.9.11-150500.5.23.2
* strongswan-mysql-debuginfo-5.9.11-150500.5.23.2
* strongswan-debuginfo-5.9.11-150500.5.23.2
* strongswan-sqlite-debuginfo-5.9.11-150500.5.23.2
* strongswan-ipsec-5.9.11-150500.5.23.2
* strongswan-nm-5.9.11-150500.5.23.2
* strongswan-libs0-5.9.11-150500.5.23.2
* strongswan-nm-debuginfo-5.9.11-150500.5.23.2
* openSUSE Leap 15.5 (noarch)
* strongswan-doc-5.9.11-150500.5.23.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* strongswan-debugsource-5.9.11-150500.5.23.2
* strongswan-hmac-5.9.11-150500.5.23.2
* strongswan-ipsec-debuginfo-5.9.11-150500.5.23.2
* strongswan-5.9.11-150500.5.23.2
* strongswan-libs0-debuginfo-5.9.11-150500.5.23.2
* strongswan-debuginfo-5.9.11-150500.5.23.2
* strongswan-ipsec-5.9.11-150500.5.23.2
* strongswan-libs0-5.9.11-150500.5.23.2
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* strongswan-doc-5.9.11-150500.5.23.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* strongswan-debugsource-5.9.11-150500.5.23.2
* strongswan-hmac-5.9.11-150500.5.23.2
* strongswan-ipsec-debuginfo-5.9.11-150500.5.23.2
* strongswan-5.9.11-150500.5.23.2
* strongswan-libs0-debuginfo-5.9.11-150500.5.23.2
* strongswan-debuginfo-5.9.11-150500.5.23.2
* strongswan-ipsec-5.9.11-150500.5.23.2
* strongswan-libs0-5.9.11-150500.5.23.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* strongswan-doc-5.9.11-150500.5.23.2
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* strongswan-debugsource-5.9.11-150500.5.23.2
* strongswan-hmac-5.9.11-150500.5.23.2
* strongswan-ipsec-debuginfo-5.9.11-150500.5.23.2
* strongswan-5.9.11-150500.5.23.2
* strongswan-libs0-debuginfo-5.9.11-150500.5.23.2
* strongswan-debuginfo-5.9.11-150500.5.23.2
* strongswan-ipsec-5.9.11-150500.5.23.2
* strongswan-libs0-5.9.11-150500.5.23.2
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* strongswan-doc-5.9.11-150500.5.23.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* strongswan-debugsource-5.9.11-150500.5.23.2
* strongswan-hmac-5.9.11-150500.5.23.2
* strongswan-ipsec-debuginfo-5.9.11-150500.5.23.2
* strongswan-5.9.11-150500.5.23.2
* strongswan-libs0-debuginfo-5.9.11-150500.5.23.2
* strongswan-debuginfo-5.9.11-150500.5.23.2
* strongswan-ipsec-5.9.11-150500.5.23.2
* strongswan-libs0-5.9.11-150500.5.23.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* strongswan-doc-5.9.11-150500.5.23.2

## References:

* https://www.suse.com/security/cve/CVE-2026-35328.html
* https://www.suse.com/security/cve/CVE-2026-35329.html
* https://www.suse.com/security/cve/CVE-2026-35330.html
* https://www.suse.com/security/cve/CVE-2026-35331.html
* https://www.suse.com/security/cve/CVE-2026-35332.html
* https://www.suse.com/security/cve/CVE-2026-35333.html
* https://www.suse.com/security/cve/CVE-2026-35334.html
* https://www.suse.com/security/cve/CVE-2026-47895.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261705
* https://bugzilla.suse.com/show_bug.cgi?id=1261706
* https://bugzilla.suse.com/show_bug.cgi?id=1261708
* https://bugzilla.suse.com/show_bug.cgi?id=1261712
* https://bugzilla.suse.com/show_bug.cgi?id=1261717
* https://bugzilla.suse.com/show_bug.cgi?id=1261718
* https://bugzilla.suse.com/show_bug.cgi?id=1261720
* https://bugzilla.suse.com/show_bug.cgi?id=1266360



SUSE-SU-2026:2460-1: important: Security update for kubernetes-old


# Security update for kubernetes-old

Announcement ID: SUSE-SU-2026:2460-1
Release Date: 2026-06-18T16:40:14Z
Rating: important
References:

* bsc#1262268
* bsc#1265747

Cross-References:

* CVE-2026-33814
* CVE-2026-35469

CVSS scores:

* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-35469 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-35469 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-35469 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* Containers Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for kubernetes-old fixes the following issues:

* CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport
when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265747).
* CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY
frame parsing leads to denial of service (bsc#1262268).

Changes for kubernetes-old:

* Update to version 1.33.11:

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2460=1

* Containers Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Containers-15-SP7-2026-2460=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* kubernetes1.33-client-common-1.33.11-150600.13.32.1
* kubernetes1.33-client-1.33.11-150600.13.32.1
* openSUSE Leap 15.6 (noarch)
* kubernetes1.33-client-fish-completion-1.33.11-150600.13.32.1
* kubernetes1.33-client-bash-completion-1.33.11-150600.13.32.1
* Containers Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* kubernetes1.33-client-common-1.33.11-150600.13.32.1
* kubernetes1.33-client-1.33.11-150600.13.32.1
* Containers Module 15-SP7 (noarch)
* kubernetes1.33-client-bash-completion-1.33.11-150600.13.32.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-35469.html
* https://bugzilla.suse.com/show_bug.cgi?id=1262268
* https://bugzilla.suse.com/show_bug.cgi?id=1265747



SUSE-SU-2026:2462-1: important: Security update for ldns


# Security update for ldns

Announcement ID: SUSE-SU-2026:2462-1
Release Date: 2026-06-19T07:39:02Z
Rating: important
References:

* bsc#1267670

Cross-References:

* CVE-2026-10846

CVSS scores:

* CVE-2026-10846 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-10846 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-10846 ( NVD ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-10846 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products:

* Basesystem Module 15-SP7
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability can now be installed.

## Description:

This update for ldns fixes the following issue

* CVE-2026-10846: When ldns is used by applications for (stub) resolving, it
does not sufficiently verify that received responses belong to a sent query
(bsc#1267670).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2462=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2462=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2462=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2462=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2462=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2462=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* perl-DNS-LDNS-debuginfo-1.8.3-150600.3.3.1
* perl-DNS-LDNS-1.8.3-150600.3.3.1
* libldns3-1.8.3-150600.3.3.1
* python3-ldns-1.8.3-150600.3.3.1
* ldns-1.8.3-150600.3.3.1
* ldns-debuginfo-1.8.3-150600.3.3.1
* ldns-debugsource-1.8.3-150600.3.3.1
* python3-ldns-debuginfo-1.8.3-150600.3.3.1
* ldns-devel-1.8.3-150600.3.3.1
* libldns3-debuginfo-1.8.3-150600.3.3.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libldns3-1.8.3-150600.3.3.1
* ldns-debuginfo-1.8.3-150600.3.3.1
* ldns-debugsource-1.8.3-150600.3.3.1
* ldns-devel-1.8.3-150600.3.3.1
* libldns3-debuginfo-1.8.3-150600.3.3.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* perl-DNS-LDNS-debuginfo-1.8.3-150600.3.3.1
* perl-DNS-LDNS-1.8.3-150600.3.3.1
* ldns-debugsource-1.8.3-150600.3.3.1
* ldns-debuginfo-1.8.3-150600.3.3.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* ldns-1.8.3-150600.3.3.1
* ldns-debugsource-1.8.3-150600.3.3.1
* ldns-debuginfo-1.8.3-150600.3.3.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* perl-DNS-LDNS-debuginfo-1.8.3-150600.3.3.1
* perl-DNS-LDNS-1.8.3-150600.3.3.1
* libldns3-1.8.3-150600.3.3.1
* ldns-debuginfo-1.8.3-150600.3.3.1
* ldns-debugsource-1.8.3-150600.3.3.1
* ldns-devel-1.8.3-150600.3.3.1
* libldns3-debuginfo-1.8.3-150600.3.3.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* perl-DNS-LDNS-debuginfo-1.8.3-150600.3.3.1
* perl-DNS-LDNS-1.8.3-150600.3.3.1
* libldns3-1.8.3-150600.3.3.1
* ldns-debuginfo-1.8.3-150600.3.3.1
* ldns-debugsource-1.8.3-150600.3.3.1
* ldns-devel-1.8.3-150600.3.3.1
* libldns3-debuginfo-1.8.3-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-10846.html
* https://bugzilla.suse.com/show_bug.cgi?id=1267670



openSUSE-SU-2026:11056-1: moderate: inspektor-gadget-0.53.2-1.1 on GA media


# inspektor-gadget-0.53.2-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11056-1
Rating: moderate

Cross-References:

* CVE-2026-42504

CVSS scores:

* CVE-2026-42504 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-42504 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the inspektor-gadget-0.53.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* inspektor-gadget 0.53.2-1.1
* inspektor-gadget-bash-completion 0.53.2-1.1
* inspektor-gadget-fish-completion 0.53.2-1.1
* inspektor-gadget-zsh-completion 0.53.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-42504.html



openSUSE-SU-2026:11052-1: moderate: MozillaFirefox-152.0-1.1 on GA media


# MozillaFirefox-152.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11052-1
Rating: moderate

Cross-References:

* CVE-2026-12289
* CVE-2026-12290
* CVE-2026-12291
* CVE-2026-12292
* CVE-2026-12293
* CVE-2026-12294
* CVE-2026-12295
* CVE-2026-12296
* CVE-2026-12297
* CVE-2026-12298
* CVE-2026-12299
* CVE-2026-12300
* CVE-2026-12301
* CVE-2026-12302
* CVE-2026-12303
* CVE-2026-12304
* CVE-2026-12305
* CVE-2026-12306
* CVE-2026-12307
* CVE-2026-12308
* CVE-2026-12309
* CVE-2026-12310
* CVE-2026-12311
* CVE-2026-12312
* CVE-2026-12313
* CVE-2026-12314
* CVE-2026-12315
* CVE-2026-12316
* CVE-2026-12317
* CVE-2026-12318
* CVE-2026-12319
* CVE-2026-12320
* CVE-2026-12321
* CVE-2026-12322
* CVE-2026-12323
* CVE-2026-12324
* CVE-2026-12325
* CVE-2026-12326
* CVE-2026-12327
* CVE-2026-12328

CVSS scores:

* CVE-2026-12290 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
* CVE-2026-12291 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-12292 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-12293 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-12294 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-12295 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-12296 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-12297 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-12298 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-12299 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-12300 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-12301 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-12302 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-12303 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-12304 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-12305 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-12306 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-12307 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-12308 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-12309 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-12310 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-12311 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
* CVE-2026-12312 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-12313 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
* CVE-2026-12314 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-12315 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-12316 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-12317 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-12318 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-12319 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-12320 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-12321 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2026-12322 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
* CVE-2026-12323 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
* CVE-2026-12324 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-12325 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-12326 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-12327 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-12328 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 40 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the MozillaFirefox-152.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* MozillaFirefox 152.0-1.1
* MozillaFirefox-branding-upstream 152.0-1.1
* MozillaFirefox-devel 152.0-1.1
* MozillaFirefox-translations-common 152.0-1.1
* MozillaFirefox-translations-other 152.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-12289.html
* https://www.suse.com/security/cve/CVE-2026-12290.html
* https://www.suse.com/security/cve/CVE-2026-12291.html
* https://www.suse.com/security/cve/CVE-2026-12292.html
* https://www.suse.com/security/cve/CVE-2026-12293.html
* https://www.suse.com/security/cve/CVE-2026-12294.html
* https://www.suse.com/security/cve/CVE-2026-12295.html
* https://www.suse.com/security/cve/CVE-2026-12296.html
* https://www.suse.com/security/cve/CVE-2026-12297.html
* https://www.suse.com/security/cve/CVE-2026-12298.html
* https://www.suse.com/security/cve/CVE-2026-12299.html
* https://www.suse.com/security/cve/CVE-2026-12300.html
* https://www.suse.com/security/cve/CVE-2026-12301.html
* https://www.suse.com/security/cve/CVE-2026-12302.html
* https://www.suse.com/security/cve/CVE-2026-12303.html
* https://www.suse.com/security/cve/CVE-2026-12304.html
* https://www.suse.com/security/cve/CVE-2026-12305.html
* https://www.suse.com/security/cve/CVE-2026-12306.html
* https://www.suse.com/security/cve/CVE-2026-12307.html
* https://www.suse.com/security/cve/CVE-2026-12308.html
* https://www.suse.com/security/cve/CVE-2026-12309.html
* https://www.suse.com/security/cve/CVE-2026-12310.html
* https://www.suse.com/security/cve/CVE-2026-12311.html
* https://www.suse.com/security/cve/CVE-2026-12312.html
* https://www.suse.com/security/cve/CVE-2026-12313.html
* https://www.suse.com/security/cve/CVE-2026-12314.html
* https://www.suse.com/security/cve/CVE-2026-12315.html
* https://www.suse.com/security/cve/CVE-2026-12316.html
* https://www.suse.com/security/cve/CVE-2026-12317.html
* https://www.suse.com/security/cve/CVE-2026-12318.html
* https://www.suse.com/security/cve/CVE-2026-12319.html
* https://www.suse.com/security/cve/CVE-2026-12320.html
* https://www.suse.com/security/cve/CVE-2026-12321.html
* https://www.suse.com/security/cve/CVE-2026-12322.html
* https://www.suse.com/security/cve/CVE-2026-12323.html
* https://www.suse.com/security/cve/CVE-2026-12324.html
* https://www.suse.com/security/cve/CVE-2026-12325.html
* https://www.suse.com/security/cve/CVE-2026-12326.html
* https://www.suse.com/security/cve/CVE-2026-12327.html
* https://www.suse.com/security/cve/CVE-2026-12328.html



openSUSE-SU-2026:11060-1: moderate: tinyproxy-1.11.3-3.1 on GA media


# tinyproxy-1.11.3-3.1 on GA media

Announcement ID: openSUSE-SU-2026:11060-1
Rating: moderate

Cross-References:

* CVE-2026-54387
* CVE-2026-54388
* CVE-2026-55202

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the tinyproxy-1.11.3-3.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* tinyproxy 1.11.3-3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-54387.html
* https://www.suse.com/security/cve/CVE-2026-54388.html
* https://www.suse.com/security/cve/CVE-2026-55202.html



openSUSE-SU-2026:11057-1: moderate: kubevirt-1.8-container-disk-1.8.3-1.1 on GA media


# kubevirt-1.8-container-disk-1.8.3-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11057-1
Rating: moderate

Cross-References:

* CVE-2021-43565
* CVE-2023-26484
* CVE-2023-44487
* CVE-2024-33394
* CVE-2025-22872
* CVE-2025-64433
* CVE-2025-64437
* CVE-2026-33186
* CVE-2026-9804

CVSS scores:

* CVE-2021-43565 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-26484 ( SUSE ): 8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-33394 ( SUSE ): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
* CVE-2025-22872 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
* CVE-2025-64433 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-64433 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-64437 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-64437 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-9804 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 9 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the kubevirt-1.8-container-disk-1.8.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* kubevirt-1.8-container-disk 1.8.3-1.1
* kubevirt-1.8-manifests 1.8.3-1.1
* kubevirt-1.8-pr-helper-conf 1.8.3-1.1
* kubevirt-1.8-sidecar-shim 1.8.3-1.1
* kubevirt-1.8-tests 1.8.3-1.1
* kubevirt-1.8-virt-api 1.8.3-1.1
* kubevirt-1.8-virt-controller 1.8.3-1.1
* kubevirt-1.8-virt-exportproxy 1.8.3-1.1
* kubevirt-1.8-virt-exportserver 1.8.3-1.1
* kubevirt-1.8-virt-handler 1.8.3-1.1
* kubevirt-1.8-virt-launcher 1.8.3-1.1
* kubevirt-1.8-virt-operator 1.8.3-1.1
* kubevirt-1.8-virt-synchronization-controller 1.8.3-1.1
* kubevirt-1.8-virtctl 1.8.3-1.1
* obs-service-kubevirt-1.8_containers_meta 1.8.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2021-43565.html
* https://www.suse.com/security/cve/CVE-2023-26484.html
* https://www.suse.com/security/cve/CVE-2023-44487.html
* https://www.suse.com/security/cve/CVE-2024-33394.html
* https://www.suse.com/security/cve/CVE-2025-22872.html
* https://www.suse.com/security/cve/CVE-2025-64433.html
* https://www.suse.com/security/cve/CVE-2025-64437.html
* https://www.suse.com/security/cve/CVE-2026-33186.html
* https://www.suse.com/security/cve/CVE-2026-9804.html



openSUSE-SU-2026:11054-1: moderate: containerized-data-importer-1.65-api-1.65.0-1.1 on GA media


# containerized-data-importer-1.65-api-1.65.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11054-1
Rating: moderate

Cross-References:

* CVE-2024-3727

CVSS scores:

* CVE-2024-3727 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the containerized-data-importer-1.65-api-1.65.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* containerized-data-importer-1.65-api 1.65.0-1.1
* containerized-data-importer-1.65-cloner 1.65.0-1.1
* containerized-data-importer-1.65-controller 1.65.0-1.1
* containerized-data-importer-1.65-importer 1.65.0-1.1
* containerized-data-importer-1.65-manifests 1.65.0-1.1
* containerized-data-importer-1.65-operator 1.65.0-1.1
* containerized-data-importer-1.65-uploadproxy 1.65.0-1.1
* containerized-data-importer-1.65-uploadserver 1.65.0-1.1
* obs-service-cdi-1.65_containers_meta 1.65.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-3727.html



openSUSE-SU-2026:11059-1: moderate: lemon-3.53.2-2.1 on GA media


# lemon-3.53.2-2.1 on GA media

Announcement ID: openSUSE-SU-2026:11059-1
Rating: moderate

Cross-References:

* CVE-2026-11822
* CVE-2026-11824

CVSS scores:

* CVE-2026-11822 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-11824 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the lemon-3.53.2-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* lemon 3.53.2-2.1
* libsqlite3-0 3.53.2-2.1
* libsqlite3-0-32bit 3.53.2-2.1
* libsqlite3-0-x86-64-v3 3.53.2-2.1
* sqlite3 3.53.2-2.1
* sqlite3-devel 3.53.2-2.1
* sqlite3-doc 3.53.2-2.1
* sqlite3-tcl 3.53.2-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-11822.html
* https://www.suse.com/security/cve/CVE-2026-11824.html



openSUSE-SU-2026:11053-1: moderate: alloy-1.17.0-1.1 on GA media


# alloy-1.17.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11053-1
Rating: moderate

Cross-References:

* CVE-2026-25680
* CVE-2026-25681
* CVE-2026-33532
* CVE-2026-39821
* CVE-2026-39827
* CVE-2026-39830
* CVE-2026-39831
* CVE-2026-39834
* CVE-2026-44740
* CVE-2026-45678
* CVE-2026-45682
* CVE-2026-45685
* CVE-2026-45686
* CVE-2026-46598

CVSS scores:

* CVE-2026-25680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25680 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-25681 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-25681 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
* CVE-2026-33532 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-33532 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39827 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39827 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39830 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39830 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-39831 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39831 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39834 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39834 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-44740 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-44740 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45678 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-45678 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45682 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-45682 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45685 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-45685 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45686 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-45686 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46598 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-46598 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 14 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the alloy-1.17.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* alloy 1.17.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25680.html
* https://www.suse.com/security/cve/CVE-2026-25681.html
* https://www.suse.com/security/cve/CVE-2026-33532.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39830.html
* https://www.suse.com/security/cve/CVE-2026-39831.html
* https://www.suse.com/security/cve/CVE-2026-39834.html
* https://www.suse.com/security/cve/CVE-2026-44740.html
* https://www.suse.com/security/cve/CVE-2026-45678.html
* https://www.suse.com/security/cve/CVE-2026-45682.html
* https://www.suse.com/security/cve/CVE-2026-45685.html
* https://www.suse.com/security/cve/CVE-2026-45686.html
* https://www.suse.com/security/cve/CVE-2026-46598.html



SUSE-SU-2026:2466-1: important: Security update for azure-storage-azcopy


# Security update for azure-storage-azcopy

Announcement ID: SUSE-SU-2026:2466-1
Release Date: 2026-06-19T11:02:49Z
Rating: important
References:

* bsc#1247720
* bsc#1260307
* bsc#1262962
* bsc#1265841
* bsc#1266311
* bsc#1266657

Cross-References:

* CVE-2025-47907
* CVE-2026-33186
* CVE-2026-33814
* CVE-2026-34986
* CVE-2026-39821

CVSS scores:

* CVE-2025-47907 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-47907 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
* CVE-2025-47907 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
* CVE-2026-33186 ( SUSE ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-33186 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33186 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-33814 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-33814 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34986 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34986 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34986 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39821 ( SUSE ): 9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-39821 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-39821 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Affected Products:

* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* Public Cloud Module 15-SP5
* Public Cloud Module 15-SP6
* Public Cloud Module 15-SP7
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves five vulnerabilities and has one security fix can now be
installed.

## Description:

This update for azure-storage-azcopy fixes the following issues

Update to 10.32.4:

* CVE-2025-47907: database/sql: incorrect results returned from Rows.Scan
(bsc#1247720).
* CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper
validation of the HTTP/2: path pseudo- header (bsc#1260307).
* CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport
when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265841).
* CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a
missing encrypted key can lead to a denial of service (bsc#1262962).
* CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only
Punycode-encoded labels allows for validation bypass and privilege
escalation (bsc#1266657).

Changes:

* Remove 32-bit Windows ARM7 build
* Cover other open CVEs (bsc#1266657, CVE-2026-39821)
* Update otel sdk
* Update packages and add patch version
* Update version.go
* Error formatting
* Add test to validate changes
* Update Changelog
* Alter intentional panics to return errors
* Correct issues re: MSRC case #110341
* Update offending packages
* cloud.google.com/go/storage v1.45.0 -> v1.50.0
* Golang 1.24.13 -> 1.25.8
* Golangci-lint v1.64.8 -> v2.11.3
* Fixed a regression where the folder tracker would panic with pre-existing
folders and --overwrite=ifSourceNewer. (#3403)
* Fixed a regression where cancellation was not working via stdin (#3373)
* Fixed a regression where we hit segfaults from logging to a nil logger in
the process checker. (#3384)
* Fixed a race condition panic from concurrent access to a shared metadata
resource by introducing thread safety. (#3341)
* Fixed a bug where --posix-properties-style was not being chained through the
copy flow correctly. (#3401)
* Fixed a regression where in tandem use of --list-of-files and --include-
pattern no longer worked. (#3389)
* Golang 1.24.11 -> 1.24.13
* Added support for AMLFS style posix metadata. (#3317)
* Fixed a bug where hdi_isfolder metadata key would sometimes not be sent in
all lowercase, resulting in unexpected behavior on the service side when
fetching properties. (#3312)
* Fixed a typo in the benchmark command, to allow the --put-md5 flag to work.
(#3324)
* Fixed a bug where network errors would not be retried on. (#3338)
* Fixed a bug where unexpected requests would be logged in syslog. (#3339)
* Fixed a bug where pre-existing folders would be recreated. (#3295)
* Updated README to clarify supported source-destination pairs and
authorization mechanisms. (#3213)
* Updated format of wiki generated docs to improve readability. (#3311)
* AzCopy download URLs starting with https://azcopyvnext-
awgzd8g7aagqhzhe.b02.azurefd.net/ are no longer supported.
* Fixed a bug where throughput was not being displayed for copy and resume.
(#3271)
* Fixed a bug where S3 and GCP transfers would panic. (#3273)
* Refactored copy, sync, resume, login, logout, login status business logic
into the azcopy package.
* Golang 1.24.4 -> 1.24.11
* golang.org/x/crypto 0.40.0 -> 0.45.0
* Azure Files SMB -> Azure Files NFS transfers.
* Symlink support for Azure Files NFS shares.
* Introduced support for symbolic links in Azure Files NFS shares.
* Symlinks can be preserved, skipped, or followed based on command-line flags.
* Added a --check-version flag to make version checking an opt in feature.
(#3173)
* \--include-root flag now allows customers to preserve root properties when
used in conjunction with --preserve-XXXX flags. (#3163)
* Golang 1.24.4 -> 1.24.6 (#3154)
* Fixed a bug to retry on various network errors. (#3237) (#3252)
(bsc#1266311)
* Fixed a bug where remove would not work on paths with encoded characters.
(#2977)
* Fixed a bug where jobs resume would not produce any output for previously
failed jobs. (#3103)
* Fixed a bug where FileBlob transfers with EntraID on the source would pass
the wrong service version. (#3242)
* Fixed a bug to retry on WSAETIMEDOUT on Windows. (#3195)
* Fixed a bug with the folder creation tracker which caused folder creation
calls to happen more often than necessary. (#3151)
* Fixed a bug to redact x-ams-credential from logs. (#3206)
* Fixed a bug where powershell login would fail with older versions of
Az.Accounts. (#3191)
* Fixed a bug where symlink direct targets would be handled as a file instead
of a symlink. (#3222)
* Refactored traverser related code into its own package. (#3251)
* Refactored OAuth token manager access to use a client-based pattern instead
of global singleton access. (#3260)
* Removed unused code related to credential management. (#3260)
* Refactored Lifecycle UI code into the cmd package (#3262).
* Error handling code is now injected into JobMgr, or appropriately bubbled
upwards instead of using global LCM error handling. (#3262)
* AzCopy no longer checks version by default. (#3173)
* Fixed --exclude-path flag not available in remove operations. (#3165)
(#3159)
* Fixed regression where AzCopy was not honoring concurrency value in copy
operations (#3192)
* Fixed the incorrect JSON output format of the warning message when there are
multiple AzCopy processes running. (#3188) (#3182)
* Fixed latest_version.txt from being wrongly created in users current
directory. (#3179)(#3176)
* Fixed AzCopy crashing during sync operation from a nil pointer deref in the
destination authentication policy. (#3186) (#3109) (#3156) (#3175)
* Golang 1.24.2 -> 1.24.6 (CVE-2025-47907) (#3154)
* For transfers involving Azure Files (NFS or SMB), AzCopy will not auto
create file shares.
* AzCopy binaries and latest version information will now be distributed from
Github releases instead of the static website. (#3014)
* Azure Files NFS Support via REST.
* Added support to retry on copy source error code and status code for service
to service copies. (#3105)
* Added support for service to service copies from Azure Files to Blob Storage
using EntraID. (#3053)
* Fixed a bug where when copying a file that has already been deleted with
\--trailing-dot=Disable resulted in the wrong error instead of a 404.
(#3092)
* Removed the warning message when failing to create a container. This message
can be misleading when there is insufficient permissions to create a
container and the container already exists. (#3045)
* Improved the error message returned when block size is larger than bandwidth
limit. (#3051)
* Warn user if transfer is going to exceed 10M objects. (#3111)
* Warn user if multiple AzCopy processes are running. (#3128)
* Golang 1.24.2 -> 1.24.4 (#3085)
* Azure Files NFS Support via REST API

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2466=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-2466=1

* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2026-2466=1

* Public Cloud Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2026-2466=1

* Public Cloud Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2026-2466=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
* azure-storage-azcopy-10.32.4-150400.9.11.1
* Public Cloud Module 15-SP4 (aarch64 ppc64le x86_64)
* azure-storage-azcopy-10.32.4-150400.9.11.1
* Public Cloud Module 15-SP5 (aarch64 ppc64le x86_64)
* azure-storage-azcopy-10.32.4-150400.9.11.1
* Public Cloud Module 15-SP6 (aarch64 ppc64le x86_64)
* azure-storage-azcopy-10.32.4-150400.9.11.1
* Public Cloud Module 15-SP7 (aarch64 ppc64le x86_64)
* azure-storage-azcopy-10.32.4-150400.9.11.1

## References:

* https://www.suse.com/security/cve/CVE-2025-47907.html
* https://www.suse.com/security/cve/CVE-2026-33186.html
* https://www.suse.com/security/cve/CVE-2026-33814.html
* https://www.suse.com/security/cve/CVE-2026-34986.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://bugzilla.suse.com/show_bug.cgi?id=1247720
* https://bugzilla.suse.com/show_bug.cgi?id=1260307
* https://bugzilla.suse.com/show_bug.cgi?id=1262962
* https://bugzilla.suse.com/show_bug.cgi?id=1265841
* https://bugzilla.suse.com/show_bug.cgi?id=1266311
* https://bugzilla.suse.com/show_bug.cgi?id=1266657



SUSE-SU-2026:2470-1: important: Security update for python-starlette


# Security update for python-starlette

Announcement ID: SUSE-SU-2026:2470-1
Release Date: 2026-06-19T13:37:51Z
Rating: important
References:

* bsc#1268517
* bsc#1268520

Cross-References:

* CVE-2026-54282
* CVE-2026-54283

CVSS scores:

* CVE-2026-54282 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-54282 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-54283 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-54283 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for python-starlette fixes the following issues

* CVE-2026-54282: request path that lacks a leading forward slash can lead to
request.url.hostname manipulation (bsc#1268520).
* CVE-2026-54283: urlencoded request body with an oversized data can lead to a
denial of service (bsc#1268517).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2470=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* python311-starlette-0.35.1-150600.3.9.1

## References:

* https://www.suse.com/security/cve/CVE-2026-54282.html
* https://www.suse.com/security/cve/CVE-2026-54283.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268517
* https://bugzilla.suse.com/show_bug.cgi?id=1268520


Dracut, hplip, rsync, and Postfix updates for Rocky Linux

Windows 11 Insider Beta Preview Build 26220.8690 Patches Hypervisor Crashes and UI Glitches

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...