FreeRDP, ClamAV, Xen, and more updates for SUSE

SUSE 5592 Published by

SUSE released a batch of security advisories on March 17th, 2026 for their Linux ecosystems. Important patches target major vulnerabilities in freerdp and xen software components to prevent potential system exploits. While ClamAV and Chromium also receive updates, Tumbleweed users handle over forty combined flaws across Ruby gem packages.

SUSE-SU-2026:0902-1: important: Security update for freerdp
SUSE-SU-2026:0906-1: moderate: Security update for clamav
SUSE-SU-2026:0908-1: important: Security update for xen
openSUSE-SU-2026:0084-1: important: Security update for chromium
openSUSE-SU-2026:10363-1: moderate: ruby4.0-rubygem-rubyzip-2.3.2-1.19 on GA media
openSUSE-SU-2026:10360-1: moderate: ruby4.0-rubygem-rails-8.0-8.0.3-1.3 on GA media
openSUSE-SU-2026:10362-1: moderate: ruby4.0-rubygem-railties-8.0-8.0.3-1.3 on GA media
openSUSE-SU-2026:10361-1: moderate: ruby4.0-rubygem-rails-html-sanitizer-1.6.0-1.9 on GA media
openSUSE-SU-2026:10357-1: moderate: ruby4.0-rubygem-puma-6.4.3-1.5 on GA media
openSUSE-SU-2026:10359-1: moderate: ruby4.0-rubygem-rack-session-2.1.1-1.3 on GA media
openSUSE-SU-2026:10358-1: moderate: ruby4.0-rubygem-rack-3.1.18-1.3 on GA media
openSUSE-SU-2026:10356-1: moderate: ruby4.0-rubygem-nokogiri-1.18.9-1.4 on GA media
openSUSE-SU-2026:10354-1: moderate: ruby4.0-rubygem-minitar-0.9-1.21 on GA media
openSUSE-SU-2026:10355-1: moderate: ruby4.0-rubygem-multi_xml-0.6.0-1.31 on GA media




SUSE-SU-2026:0902-1: important: Security update for freerdp


# Security update for freerdp

Announcement ID: SUSE-SU-2026:0902-1
Release Date: 2026-03-17T09:38:11Z
Rating: important
References:

* bsc#1257981
* bsc#1259251

Cross-References:

* CVE-2026-24491

CVSS scores:

* CVE-2026-24491 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-24491 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-24491 ( NVD ): 7.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-24491 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for freerdp fixes the following issue:

* CVE-2026-24491: Heap-use-after-free in video_timer additional fix
(bsc#1257981).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-902=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-902=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libuwac0-0-debuginfo-2.4.0-150400.3.44.1
* freerdp-wayland-2.4.0-150400.3.44.1
* libwinpr2-2.4.0-150400.3.44.1
* winpr2-devel-2.4.0-150400.3.44.1
* freerdp-server-debuginfo-2.4.0-150400.3.44.1
* freerdp-server-2.4.0-150400.3.44.1
* libfreerdp2-2.4.0-150400.3.44.1
* freerdp-2.4.0-150400.3.44.1
* freerdp-debugsource-2.4.0-150400.3.44.1
* freerdp-proxy-debuginfo-2.4.0-150400.3.44.1
* libwinpr2-debuginfo-2.4.0-150400.3.44.1
* freerdp-devel-2.4.0-150400.3.44.1
* freerdp-debuginfo-2.4.0-150400.3.44.1
* libuwac0-0-2.4.0-150400.3.44.1
* freerdp-wayland-debuginfo-2.4.0-150400.3.44.1
* uwac0-0-devel-2.4.0-150400.3.44.1
* libfreerdp2-debuginfo-2.4.0-150400.3.44.1
* freerdp-proxy-2.4.0-150400.3.44.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x)
* libfreerdp2-2.4.0-150400.3.44.1
* freerdp-debugsource-2.4.0-150400.3.44.1
* libwinpr2-debuginfo-2.4.0-150400.3.44.1
* freerdp-debuginfo-2.4.0-150400.3.44.1
* libwinpr2-2.4.0-150400.3.44.1
* libfreerdp2-debuginfo-2.4.0-150400.3.44.1

## References:

* https://www.suse.com/security/cve/CVE-2026-24491.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257981
* https://bugzilla.suse.com/show_bug.cgi?id=1259251



SUSE-SU-2026:0906-1: moderate: Security update for clamav


# Security update for clamav

Announcement ID: SUSE-SU-2026:0906-1
Release Date: 2026-03-17T16:32:20Z
Rating: moderate
References:

* bsc#1221954
* bsc#1258072
* bsc#1259207
* jsc#PED-14819

Cross-References:

* CVE-2026-20031

CVSS scores:

* CVE-2026-20031 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-20031 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-20031 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.4

An update that solves one vulnerability, contains one feature and has two
security fixes can now be installed.

## Description:

This update for clamav fixes the following issues:

Update to clamav 1.5.2:

Security issue:

* CVE-2026-20031: improper error handling in the HTML CSS module when
splitting UTF-8 strings can lead to denial of service conditions via a
crafted HTML file (bsc#1259207).

Non security issue:

* Support transactional updates (jsc#PED-14819).

Changelog:

* Fixed a possible infinite loop when scanning some JPEG files by upgrading
affected ClamAV dependency, a Rust image library.
* The CVD verification process will now ignore certificate files in the CVD
certs directory when the user lacks read permissions.
* Freshclam: Fix CLD verification bug with PrivateMirror option.
* Upgraded the Rust bytes dependency to a newer version to resolve
RUSTSEC-2026-0007 advisory.
* Fixed a possible crash caused by invalid pointer alignment on some
platforms.
* Minimal required Rust version is now 1.87.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-906=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* libclammspack0-1.5.2-150400.13.5.1
* clamav-debuginfo-1.5.2-150400.13.5.1
* libclamav12-debuginfo-1.5.2-150400.13.5.1
* libfreshclam4-debuginfo-1.5.2-150400.13.5.1
* clamav-milter-1.5.2-150400.13.5.1
* libclamav12-1.5.2-150400.13.5.1
* libfreshclam4-1.5.2-150400.13.5.1
* clamav-debugsource-1.5.2-150400.13.5.1
* libclammspack0-debuginfo-1.5.2-150400.13.5.1
* clamav-milter-debuginfo-1.5.2-150400.13.5.1
* clamav-1.5.2-150400.13.5.1
* clamav-devel-1.5.2-150400.13.5.1
* openSUSE Leap 15.4 (noarch)
* clamav-docs-html-1.5.2-150400.13.5.1

## References:

* https://www.suse.com/security/cve/CVE-2026-20031.html
* https://bugzilla.suse.com/show_bug.cgi?id=1221954
* https://bugzilla.suse.com/show_bug.cgi?id=1258072
* https://bugzilla.suse.com/show_bug.cgi?id=1259207
* https://jira.suse.com/browse/PED-14819



SUSE-SU-2026:0908-1: important: Security update for xen


# Security update for xen

Announcement ID: SUSE-SU-2026:0908-1
Release Date: 2026-03-17T16:32:42Z
Rating: important
References:

* bsc#1259247
* bsc#1259248

Cross-References:

* CVE-2026-23554
* CVE-2026-23555

CVSS scores:

* CVE-2026-23554 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23554 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-23555 ( SUSE ): 8.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
* CVE-2026-23555 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for xen fixes the following issues:

* CVE-2026-23554: xen: Use after free of paging structures in EPT
(bsc#1259247, XSA-480)
* CVE-2026-23555: xen: Xenstored DoS by unprivileged domain (bsc#1259248,
XSA-481)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-908=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-908=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-908=1

## Package List:

* openSUSE Leap 15.6 (aarch64 x86_64)
* xen-libs-4.18.5_12-150600.3.40.1
* xen-doc-html-4.18.5_12-150600.3.40.1
* xen-devel-4.18.5_12-150600.3.40.1
* xen-tools-domU-4.18.5_12-150600.3.40.1
* xen-tools-debuginfo-4.18.5_12-150600.3.40.1
* xen-debugsource-4.18.5_12-150600.3.40.1
* xen-4.18.5_12-150600.3.40.1
* xen-tools-domU-debuginfo-4.18.5_12-150600.3.40.1
* xen-libs-debuginfo-4.18.5_12-150600.3.40.1
* xen-tools-4.18.5_12-150600.3.40.1
* openSUSE Leap 15.6 (x86_64)
* xen-libs-32bit-4.18.5_12-150600.3.40.1
* xen-libs-32bit-debuginfo-4.18.5_12-150600.3.40.1
* openSUSE Leap 15.6 (noarch)
* xen-tools-xendomains-wait-disk-4.18.5_12-150600.3.40.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
* xen-libs-4.18.5_12-150600.3.40.1
* xen-devel-4.18.5_12-150600.3.40.1
* xen-tools-domU-4.18.5_12-150600.3.40.1
* xen-tools-debuginfo-4.18.5_12-150600.3.40.1
* xen-debugsource-4.18.5_12-150600.3.40.1
* xen-4.18.5_12-150600.3.40.1
* xen-tools-domU-debuginfo-4.18.5_12-150600.3.40.1
* xen-libs-debuginfo-4.18.5_12-150600.3.40.1
* xen-tools-4.18.5_12-150600.3.40.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* xen-tools-xendomains-wait-disk-4.18.5_12-150600.3.40.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* xen-libs-4.18.5_12-150600.3.40.1
* xen-devel-4.18.5_12-150600.3.40.1
* xen-tools-domU-4.18.5_12-150600.3.40.1
* xen-tools-debuginfo-4.18.5_12-150600.3.40.1
* xen-debugsource-4.18.5_12-150600.3.40.1
* xen-4.18.5_12-150600.3.40.1
* xen-tools-domU-debuginfo-4.18.5_12-150600.3.40.1
* xen-libs-debuginfo-4.18.5_12-150600.3.40.1
* xen-tools-4.18.5_12-150600.3.40.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* xen-tools-xendomains-wait-disk-4.18.5_12-150600.3.40.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23554.html
* https://www.suse.com/security/cve/CVE-2026-23555.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259247
* https://bugzilla.suse.com/show_bug.cgi?id=1259248



openSUSE-SU-2026:0084-1: important: Security update for chromium


openSUSE Security Update: Security update for chromium
_______________________________

Announcement ID: openSUSE-SU-2026:0084-1
Rating: important
References: #1259530 #1259648 #1259659
Cross-References: CVE-2026-3909 CVE-2026-3910 CVE-2026-3913
CVE-2026-3914 CVE-2026-3915 CVE-2026-3916
CVE-2026-3917 CVE-2026-3918 CVE-2026-3919
CVE-2026-3920 CVE-2026-3921 CVE-2026-3922
CVE-2026-3923 CVE-2026-3924 CVE-2026-3925
CVE-2026-3926 CVE-2026-3927 CVE-2026-3928
CVE-2026-3929 CVE-2026-3930 CVE-2026-3931
CVE-2026-3932 CVE-2026-3934 CVE-2026-3935
CVE-2026-3936 CVE-2026-3937 CVE-2026-3938
CVE-2026-3939 CVE-2026-3940 CVE-2026-3941
CVE-2026-3942
Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes 31 vulnerabilities is now available.

Description:

This update for chromium fixes the following issues:

- Chromium 146.0.7680.80:
* CVE-2026-3909: Out of bounds write in Skia (boo#1259659)

- Chromium 146.0.7680.75:
* CVE-2026-3910: Inappropriate implementation in V8 (boo#1259648)

- Chromium 146.0.7680.71 (released 2026-03-11) (boo#1259530)
* CVE-2026-3913: Heap buffer overflow in WebML
* CVE-2026-3914: Integer overflow in WebML
* CVE-2026-3915: Heap buffer overflow in WebML
* CVE-2026-3916: Out of bounds read in Web Speech
* CVE-2026-3917: Use after free in Agents
* CVE-2026-3918: Use after free in WebMCP
* CVE-2026-3919: Use after free in Extensions
* CVE-2026-3920: Out of bounds memory access in WebML
* CVE-2026-3921: Use after free in TextEncoding
* CVE-2026-3922: Use after free in MediaStream
* CVE-2026-3923: Use after free in WebMIDI
* CVE-2026-3924: Use after free in WindowDialog
* CVE-2026-3925: Incorrect security UI in LookalikeChecks
* CVE-2026-3926: Out of bounds read in V8
* CVE-2026-3927: Incorrect security UI in PictureInPicture
* CVE-2026-3928: Insufficient policy enforcement in Extensions
* CVE-2026-3929: Side-channel information leakage in ResourceTiming
* CVE-2026-3930: Unsafe navigation in Navigation
* CVE-2026-3931: Heap buffer overflow in Skia
* CVE-2026-3932: Insufficient policy enforcement in PDF
* CVE-2026-3934: Insufficient policy enforcement in ChromeDriver
* CVE-2026-3935: Incorrect security UI in WebAppInstalls
* CVE-2026-3936: Use after free in WebView
* CVE-2026-3937: Incorrect security UI in Downloads
* CVE-2026-3938: Insufficient policy enforcement in Clipboard
* CVE-2026-3939: Insufficient policy enforcement in PDF
* CVE-2026-3940: Insufficient policy enforcement in DevTools
* CVE-2026-3941: Insufficient policy enforcement in DevTools
* CVE-2026-3942: Incorrect security UI in PictureInPicture

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2026-84=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64):

chromedriver-146.0.7680.80-bp156.2.248.1
chromium-146.0.7680.80-bp156.2.248.1

References:

https://www.suse.com/security/cve/CVE-2026-3909.html
https://www.suse.com/security/cve/CVE-2026-3910.html
https://www.suse.com/security/cve/CVE-2026-3913.html
https://www.suse.com/security/cve/CVE-2026-3914.html
https://www.suse.com/security/cve/CVE-2026-3915.html
https://www.suse.com/security/cve/CVE-2026-3916.html
https://www.suse.com/security/cve/CVE-2026-3917.html
https://www.suse.com/security/cve/CVE-2026-3918.html
https://www.suse.com/security/cve/CVE-2026-3919.html
https://www.suse.com/security/cve/CVE-2026-3920.html
https://www.suse.com/security/cve/CVE-2026-3921.html
https://www.suse.com/security/cve/CVE-2026-3922.html
https://www.suse.com/security/cve/CVE-2026-3923.html
https://www.suse.com/security/cve/CVE-2026-3924.html
https://www.suse.com/security/cve/CVE-2026-3925.html
https://www.suse.com/security/cve/CVE-2026-3926.html
https://www.suse.com/security/cve/CVE-2026-3927.html
https://www.suse.com/security/cve/CVE-2026-3928.html
https://www.suse.com/security/cve/CVE-2026-3929.html
https://www.suse.com/security/cve/CVE-2026-3930.html
https://www.suse.com/security/cve/CVE-2026-3931.html
https://www.suse.com/security/cve/CVE-2026-3932.html
https://www.suse.com/security/cve/CVE-2026-3934.html
https://www.suse.com/security/cve/CVE-2026-3935.html
https://www.suse.com/security/cve/CVE-2026-3936.html
https://www.suse.com/security/cve/CVE-2026-3937.html
https://www.suse.com/security/cve/CVE-2026-3938.html
https://www.suse.com/security/cve/CVE-2026-3939.html
https://www.suse.com/security/cve/CVE-2026-3940.html
https://www.suse.com/security/cve/CVE-2026-3941.html
https://www.suse.com/security/cve/CVE-2026-3942.html
https://bugzilla.suse.com/1259530
https://bugzilla.suse.com/1259648
https://bugzilla.suse.com/1259659



openSUSE-SU-2026:10363-1: moderate: ruby4.0-rubygem-rubyzip-2.3.2-1.19 on GA media


# ruby4.0-rubygem-rubyzip-2.3.2-1.19 on GA media

Announcement ID: openSUSE-SU-2026:10363-1
Rating: moderate

Cross-References:

* CVE-2017-5946
* CVE-2018-1000544

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ruby4.0-rubygem-rubyzip-2.3.2-1.19 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby4.0-rubygem-rubyzip 2.3.2-1.19

## References:

* https://www.suse.com/security/cve/CVE-2017-5946.html
* https://www.suse.com/security/cve/CVE-2018-1000544.html



openSUSE-SU-2026:10360-1: moderate: ruby4.0-rubygem-rails-8.0-8.0.3-1.3 on GA media


# ruby4.0-rubygem-rails-8.0-8.0.3-1.3 on GA media

Announcement ID: openSUSE-SU-2026:10360-1
Rating: moderate

Cross-References:

* CVE-2024-54133

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ruby4.0-rubygem-rails-8.0-8.0.3-1.3 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby4.0-rubygem-rails-8.0 8.0.3-1.3

## References:

* https://www.suse.com/security/cve/CVE-2024-54133.html



openSUSE-SU-2026:10362-1: moderate: ruby4.0-rubygem-railties-8.0-8.0.3-1.3 on GA media


# ruby4.0-rubygem-railties-8.0-8.0.3-1.3 on GA media

Announcement ID: openSUSE-SU-2026:10362-1
Rating: moderate

Cross-References:

* CVE-2024-54133

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ruby4.0-rubygem-railties-8.0-8.0.3-1.3 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby4.0-rubygem-railties-8.0 8.0.3-1.3

## References:

* https://www.suse.com/security/cve/CVE-2024-54133.html



openSUSE-SU-2026:10361-1: moderate: ruby4.0-rubygem-rails-html-sanitizer-1.6.0-1.9 on GA media


# ruby4.0-rubygem-rails-html-sanitizer-1.6.0-1.9 on GA media

Announcement ID: openSUSE-SU-2026:10361-1
Rating: moderate

Cross-References:

* CVE-2015-7578
* CVE-2015-7579
* CVE-2015-7580
* CVE-2018-3741
* CVE-2022-23517
* CVE-2022-23518
* CVE-2022-23519
* CVE-2022-23520
* CVE-2022-32209

CVSS scores:

* CVE-2018-3741 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2022-23517 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2022-23518 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
* CVE-2022-23519 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
* CVE-2022-23520 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2022-32209 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 9 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ruby4.0-rubygem-rails-html-sanitizer-1.6.0-1.9 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby4.0-rubygem-rails-html-sanitizer 1.6.0-1.9

## References:

* https://www.suse.com/security/cve/CVE-2015-7578.html
* https://www.suse.com/security/cve/CVE-2015-7579.html
* https://www.suse.com/security/cve/CVE-2015-7580.html
* https://www.suse.com/security/cve/CVE-2018-3741.html
* https://www.suse.com/security/cve/CVE-2022-23517.html
* https://www.suse.com/security/cve/CVE-2022-23518.html
* https://www.suse.com/security/cve/CVE-2022-23519.html
* https://www.suse.com/security/cve/CVE-2022-23520.html
* https://www.suse.com/security/cve/CVE-2022-32209.html



openSUSE-SU-2026:10357-1: moderate: ruby4.0-rubygem-puma-6.4.3-1.5 on GA media


# ruby4.0-rubygem-puma-6.4.3-1.5 on GA media

Announcement ID: openSUSE-SU-2026:10357-1
Rating: moderate

Cross-References:

* CVE-2019-16770
* CVE-2020-11076
* CVE-2022-23634
* CVE-2024-45614

CVSS scores:

* CVE-2019-16770 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2020-11076 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
* CVE-2022-23634 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
* CVE-2024-45614 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
* CVE-2024-45614 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ruby4.0-rubygem-puma-6.4.3-1.5 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby4.0-rubygem-puma 6.4.3-1.5

## References:

* https://www.suse.com/security/cve/CVE-2019-16770.html
* https://www.suse.com/security/cve/CVE-2020-11076.html
* https://www.suse.com/security/cve/CVE-2022-23634.html
* https://www.suse.com/security/cve/CVE-2024-45614.html



openSUSE-SU-2026:10359-1: moderate: ruby4.0-rubygem-rack-session-2.1.1-1.3 on GA media


# ruby4.0-rubygem-rack-session-2.1.1-1.3 on GA media

Announcement ID: openSUSE-SU-2026:10359-1
Rating: moderate

Cross-References:

* CVE-2025-46336

CVSS scores:

* CVE-2025-46336 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ruby4.0-rubygem-rack-session-2.1.1-1.3 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby4.0-rubygem-rack-session 2.1.1-1.3

## References:

* https://www.suse.com/security/cve/CVE-2025-46336.html



openSUSE-SU-2026:10358-1: moderate: ruby4.0-rubygem-rack-3.1.18-1.3 on GA media


# ruby4.0-rubygem-rack-3.1.18-1.3 on GA media

Announcement ID: openSUSE-SU-2026:10358-1
Rating: moderate

Cross-References:

* CVE-2013-0262
* CVE-2013-0263
* CVE-2015-3225
* CVE-2018-16471
* CVE-2019-16782
* CVE-2020-8184
* CVE-2022-30122
* CVE-2022-30123
* CVE-2022-44570
* CVE-2022-44571
* CVE-2022-44572
* CVE-2023-27530
* CVE-2023-27539
* CVE-2024-25126
* CVE-2024-26141
* CVE-2024-26146
* CVE-2025-25184
* CVE-2025-27111

CVSS scores:

* CVE-2018-16471 ( SUSE ): 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2019-16782 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2020-8184 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2022-30122 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2022-30123 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-44570 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-44571 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-44572 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-27530 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-27539 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-25126 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26141 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-26146 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-25184 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-25184 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-27111 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-27111 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 18 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ruby4.0-rubygem-rack-3.1.18-1.3 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby4.0-rubygem-rack 3.1.18-1.3

## References:

* https://www.suse.com/security/cve/CVE-2013-0262.html
* https://www.suse.com/security/cve/CVE-2013-0263.html
* https://www.suse.com/security/cve/CVE-2015-3225.html
* https://www.suse.com/security/cve/CVE-2018-16471.html
* https://www.suse.com/security/cve/CVE-2019-16782.html
* https://www.suse.com/security/cve/CVE-2020-8184.html
* https://www.suse.com/security/cve/CVE-2022-30122.html
* https://www.suse.com/security/cve/CVE-2022-30123.html
* https://www.suse.com/security/cve/CVE-2022-44570.html
* https://www.suse.com/security/cve/CVE-2022-44571.html
* https://www.suse.com/security/cve/CVE-2022-44572.html
* https://www.suse.com/security/cve/CVE-2023-27530.html
* https://www.suse.com/security/cve/CVE-2023-27539.html
* https://www.suse.com/security/cve/CVE-2024-25126.html
* https://www.suse.com/security/cve/CVE-2024-26141.html
* https://www.suse.com/security/cve/CVE-2024-26146.html
* https://www.suse.com/security/cve/CVE-2025-25184.html
* https://www.suse.com/security/cve/CVE-2025-27111.html



openSUSE-SU-2026:10356-1: moderate: ruby4.0-rubygem-nokogiri-1.18.9-1.4 on GA media


# ruby4.0-rubygem-nokogiri-1.18.9-1.4 on GA media

Announcement ID: openSUSE-SU-2026:10356-1
Rating: moderate

Cross-References:

* CVE-2013-2877
* CVE-2014-0191
* CVE-2015-1819
* CVE-2015-5312
* CVE-2015-7497
* CVE-2015-7498
* CVE-2015-7499
* CVE-2015-7500
* CVE-2015-7941
* CVE-2015-7942
* CVE-2015-7995
* CVE-2015-8035
* CVE-2015-8241
* CVE-2015-8242
* CVE-2015-8317
* CVE-2016-4658
* CVE-2016-4738
* CVE-2016-5131
* CVE-2017-15412
* CVE-2017-5029
* CVE-2018-14404
* CVE-2018-25032
* CVE-2018-8048
* CVE-2019-11068
* CVE-2019-20388
* CVE-2019-5477
* CVE-2020-24977
* CVE-2020-7595
* CVE-2021-30560
* CVE-2021-3516
* CVE-2021-3517
* CVE-2021-3518
* CVE-2021-3537
* CVE-2021-3541
* CVE-2021-41098
* CVE-2022-23308
* CVE-2022-23437
* CVE-2022-23476
* CVE-2022-24836
* CVE-2022-24839
* CVE-2022-29181
* CVE-2022-29824
* CVE-2022-34169
* CVE-2023-29469

CVSS scores:

* CVE-2016-5131 ( SUSE ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2017-15412 ( SUSE ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2018-14404 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2018-25032 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2018-8048 ( SUSE ): 5.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2019-11068 ( SUSE ): 6.6 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
* CVE-2019-20388 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2019-5477 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2020-24977 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2020-7595 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2021-30560 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2021-3516 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-3517 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2021-3518 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-3537 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2021-3541 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-23308 ( SUSE ): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2022-23437 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-24836 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-24839 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2022-29181 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2022-29824 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2022-34169 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-29469 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 44 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the ruby4.0-rubygem-nokogiri-1.18.9-1.4 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby4.0-rubygem-nokogiri 1.18.9-1.4

## References:

* https://www.suse.com/security/cve/CVE-2013-2877.html
* https://www.suse.com/security/cve/CVE-2014-0191.html
* https://www.suse.com/security/cve/CVE-2015-1819.html
* https://www.suse.com/security/cve/CVE-2015-5312.html
* https://www.suse.com/security/cve/CVE-2015-7497.html
* https://www.suse.com/security/cve/CVE-2015-7498.html
* https://www.suse.com/security/cve/CVE-2015-7499.html
* https://www.suse.com/security/cve/CVE-2015-7500.html
* https://www.suse.com/security/cve/CVE-2015-7941.html
* https://www.suse.com/security/cve/CVE-2015-7942.html
* https://www.suse.com/security/cve/CVE-2015-7995.html
* https://www.suse.com/security/cve/CVE-2015-8035.html
* https://www.suse.com/security/cve/CVE-2015-8241.html
* https://www.suse.com/security/cve/CVE-2015-8242.html
* https://www.suse.com/security/cve/CVE-2015-8317.html
* https://www.suse.com/security/cve/CVE-2016-4658.html
* https://www.suse.com/security/cve/CVE-2016-4738.html
* https://www.suse.com/security/cve/CVE-2016-5131.html
* https://www.suse.com/security/cve/CVE-2017-15412.html
* https://www.suse.com/security/cve/CVE-2017-5029.html
* https://www.suse.com/security/cve/CVE-2018-14404.html
* https://www.suse.com/security/cve/CVE-2018-25032.html
* https://www.suse.com/security/cve/CVE-2018-8048.html
* https://www.suse.com/security/cve/CVE-2019-11068.html
* https://www.suse.com/security/cve/CVE-2019-20388.html
* https://www.suse.com/security/cve/CVE-2019-5477.html
* https://www.suse.com/security/cve/CVE-2020-24977.html
* https://www.suse.com/security/cve/CVE-2020-7595.html
* https://www.suse.com/security/cve/CVE-2021-30560.html
* https://www.suse.com/security/cve/CVE-2021-3516.html
* https://www.suse.com/security/cve/CVE-2021-3517.html
* https://www.suse.com/security/cve/CVE-2021-3518.html
* https://www.suse.com/security/cve/CVE-2021-3537.html
* https://www.suse.com/security/cve/CVE-2021-3541.html
* https://www.suse.com/security/cve/CVE-2021-41098.html
* https://www.suse.com/security/cve/CVE-2022-23308.html
* https://www.suse.com/security/cve/CVE-2022-23437.html
* https://www.suse.com/security/cve/CVE-2022-23476.html
* https://www.suse.com/security/cve/CVE-2022-24836.html
* https://www.suse.com/security/cve/CVE-2022-24839.html
* https://www.suse.com/security/cve/CVE-2022-29181.html
* https://www.suse.com/security/cve/CVE-2022-29824.html
* https://www.suse.com/security/cve/CVE-2022-34169.html
* https://www.suse.com/security/cve/CVE-2023-29469.html



openSUSE-SU-2026:10354-1: moderate: ruby4.0-rubygem-minitar-0.9-1.21 on GA media


# ruby4.0-rubygem-minitar-0.9-1.21 on GA media

Announcement ID: openSUSE-SU-2026:10354-1
Rating: moderate

Cross-References:

* CVE-2016-10173

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ruby4.0-rubygem-minitar-0.9-1.21 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby4.0-rubygem-minitar 0.9-1.21

## References:

* https://www.suse.com/security/cve/CVE-2016-10173.html



openSUSE-SU-2026:10355-1: moderate: ruby4.0-rubygem-multi_xml-0.6.0-1.31 on GA media


# ruby4.0-rubygem-multi_xml-0.6.0-1.31 on GA media

Announcement ID: openSUSE-SU-2026:10355-1
Rating: moderate

Cross-References:

* CVE-2013-0175

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the ruby4.0-rubygem-multi_xml-0.6.0-1.31 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* ruby4.0-rubygem-multi_xml 0.6.0-1.31

## References:

* https://www.suse.com/security/cve/CVE-2013-0175.html


Container-Tools, Libvpx, MySQL, and more updates for Rocky Linux

Linux Kernel, LibSSH, VIM, Snapd updates for Ubuntu

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...