Go, openCryptoki, Python, and more updates for SUSE

SUSE 5562 Published by

openSUSE has released several security updates to address vulnerabilities in various packages. The most critical update is for go1.24, which fixes three vulnerabilities and has four bug fixes. Other updates include patches for python314, openjfx, chromedriver, and himmelblau, each addressing one or more vulnerabilities with moderate severity ratings. These updates can be installed using the recommended installation methods such as YaST online_update or "zypper patch".

openSUSE-SU-2026:20233-1: moderate: Security update for openCryptoki
openSUSE-SU-2026:20220-1: critical: Security update for go1.24
openSUSE-SU-2026:10206-1: moderate: python314-3.14.3-1.1 on GA media
openSUSE-SU-2026:10204-1: moderate: openjfx-17.0.18.0-1.1 on GA media
openSUSE-SU-2026:10201-1: moderate: chromedriver-145.0.7632.45-1.1 on GA media
openSUSE-SU-2026:10205-1: moderate: python311-cryptography-46.0.5-1.1 on GA media
openSUSE-SU-2026:10202-1: moderate: himmelblau-2.3.5+git0.9dd526c-1.1 on GA media




openSUSE-SU-2026:20233-1: moderate: Security update for openCryptoki


openSUSE security update: security update for opencryptoki
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20233-1
Rating: moderate
References:

* bsc#1256673
* bsc#1257116

Cross-References:

* CVE-2026-22791
* CVE-2026-23893

CVSS scores:

* CVE-2026-22791 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-22791 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23893 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for openCryptoki fixes the following issues:

Upgrade openCryptoki to 3.26 (jsc#PED-14609)

Security fixes:

- CVE-2026-22791: supplying malformed compressed EC public key can lead to heap corruption or denial-of-service (bsc#1256673).
- CVE-2026-23893: Privilege Escalation or Data Exposure via Symlink Following (bsc#1257116).

Other fixes:

* Soft: Add support for RSA keys up to 16K bits.
* CCA: Add support for RSA keys up to 8K bits (requires CCA v8.4 or v7.6 or later).
* p11sak: Add support for generating RSA keys up to 16K bits.
* Soft/ICA: Add support for SHA512/224 and SHA512/256 key derivation mechanism (CKM_SHA512_224_KEY_DERIVATION and CKM_SHA512_256_KEY_DERIVATION).
* Soft/ICA/CCA/EP11: Add support for SHA-HMAC key types CKK_SHAxxx_HMAC and key gen mechanisms CKM_SHAxxx_KEY_GEN.
* p11sak: Add support for SHA-HMAC key types and key generation.
* p11sak: Add support for key wrap and unwrap commands to export and import private and secret keys by means of key wrapping/unwrapping
with various key wrapping mechanism.
* p11kmip: Add support for using an HSM-protected TLS client key via a PKCS#11 provider.
* p11sak: Add support for exporting non-sensitive private keys to password protected PEM files.
* Add support for canceling an operation via NULL mechanism pointer at C_XxxInit() call as an alternative to C_SessionCancel() (PKCS#11 v3.0).
* EP11: Add support for pairing friendly BLS12-381 EC curve for sign/verify using CKM_IBM_ECDSA_OTHER and signature/public key aggregation using CKM_IBM_EC_AGGREGATE.
* p11sak: Add support for generating BLS12-381 EC keys.
* EP11: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires an EP11 host library v4.2 or later, and
a CEX8P crypto card with firmware v9.6 or later on IBM z17, and v8.39 or later on IBM z16).
* CCA: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires CCA v8.4 or later).
* Soft: Add support for IBM-specific ML-DSA and ML-KEM key types and mechanisms (requires OpenSSL 3.5 or later, or the OQS-provider must be configured).
* p11sak: Add support for IBM-specific ML-DSA and ML-KEM key types.
* Bug fixes.

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-284=1

Package List:

- openSUSE Leap 16.0:

openCryptoki-3.26.0-160000.1.1
openCryptoki-64bit-3.26.0-160000.1.1
openCryptoki-devel-3.26.0-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-22791.html
* https://www.suse.com/security/cve/CVE-2026-23893.html



openSUSE-SU-2026:20220-1: critical: Security update for go1.24


openSUSE security update: security update for go1.24
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20220-1
Rating: critical
References:

* bsc#1236217
* bsc#1256818
* bsc#1256820
* bsc#1257692

Cross-References:

* CVE-2025-61732
* CVE-2025-68119
* CVE-2025-68121

CVSS scores:

* CVE-2025-61732 ( SUSE ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-61732 ( SUSE ): 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-68119 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-68119 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68121 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-68121 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has 4 bug fixes can now be installed.

Description:

This update for go1.24 fixes the following issues:

Update to version 1.24.13.

Security issues fixed:

- CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692).
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does
not account for the expiration of full certificate chain (bsc#1256818).
- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc1256820).

Other updates and bugfixes:

- version update to 1.24.13:

* go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs
* go#77424 crypto/tls: CL 737700 broke session resumption on macOS

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-270=1

Package List:

- openSUSE Leap 16.0:

go1.24-1.24.13-160000.1.1
go1.24-doc-1.24.13-160000.1.1
go1.24-libstd-1.24.13-160000.1.1
go1.24-race-1.24.13-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-61732.html
* https://www.suse.com/security/cve/CVE-2025-68119.html
* https://www.suse.com/security/cve/CVE-2025-68121.html



openSUSE-SU-2026:10206-1: moderate: python314-3.14.3-1.1 on GA media


# python314-3.14.3-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10206-1
Rating: moderate

Cross-References:

* CVE-2025-12781
* CVE-2025-15282
* CVE-2025-15366
* CVE-2025-15367
* CVE-2026-0672
* CVE-2026-0865
* CVE-2026-1299

CVSS scores:

* CVE-2025-12781 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-12781 ( SUSE ): 2 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-15282 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-15282 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-15366 ( SUSE ): 6.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
* CVE-2025-15366 ( SUSE ): 6 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-15367 ( SUSE ): 6.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
* CVE-2025-15367 ( SUSE ): 6 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-0672 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-0672 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-0865 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-0865 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
* CVE-2026-1299 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 7 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the python314-3.14.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python314 3.14.3-1.1
* python314-curses 3.14.3-1.1
* python314-dbm 3.14.3-1.1
* python314-idle 3.14.3-1.1
* python314-tk 3.14.3-1.1
* python314-x86-64-v3 3.14.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-12781.html
* https://www.suse.com/security/cve/CVE-2025-15282.html
* https://www.suse.com/security/cve/CVE-2025-15366.html
* https://www.suse.com/security/cve/CVE-2025-15367.html
* https://www.suse.com/security/cve/CVE-2026-0672.html
* https://www.suse.com/security/cve/CVE-2026-0865.html
* https://www.suse.com/security/cve/CVE-2026-1299.html



openSUSE-SU-2026:10204-1: moderate: openjfx-17.0.18.0-1.1 on GA media


# openjfx-17.0.18.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10204-1
Rating: moderate

Cross-References:

* CVE-2026-21947

CVSS scores:

* CVE-2026-21947 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the openjfx-17.0.18.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* openjfx 17.0.18.0-1.1
* openjfx-devel 17.0.18.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-21947.html



openSUSE-SU-2026:10201-1: moderate: chromedriver-145.0.7632.45-1.1 on GA media


# chromedriver-145.0.7632.45-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10201-1
Rating: moderate

Cross-References:

* CVE-2026-2313
* CVE-2026-2314
* CVE-2026-2315
* CVE-2026-2316
* CVE-2026-2317
* CVE-2026-2318
* CVE-2026-2319
* CVE-2026-2320
* CVE-2026-2321
* CVE-2026-2322
* CVE-2026-2323
* CVE-2026-2441

Affected Products:

* openSUSE Tumbleweed

An update that solves 12 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the chromedriver-145.0.7632.45-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* chromedriver 145.0.7632.45-1.1
* chromium 145.0.7632.45-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-2313.html
* https://www.suse.com/security/cve/CVE-2026-2314.html
* https://www.suse.com/security/cve/CVE-2026-2315.html
* https://www.suse.com/security/cve/CVE-2026-2316.html
* https://www.suse.com/security/cve/CVE-2026-2317.html
* https://www.suse.com/security/cve/CVE-2026-2318.html
* https://www.suse.com/security/cve/CVE-2026-2319.html
* https://www.suse.com/security/cve/CVE-2026-2320.html
* https://www.suse.com/security/cve/CVE-2026-2321.html
* https://www.suse.com/security/cve/CVE-2026-2322.html
* https://www.suse.com/security/cve/CVE-2026-2323.html
* https://www.suse.com/security/cve/CVE-2026-2441.html



openSUSE-SU-2026:10205-1: moderate: python311-cryptography-46.0.5-1.1 on GA media


# python311-cryptography-46.0.5-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10205-1
Rating: moderate

Cross-References:

* CVE-2026-26007

CVSS scores:

* CVE-2026-26007 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-26007 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-cryptography-46.0.5-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-cryptography 46.0.5-1.1
* python312-cryptography 46.0.5-1.1
* python313-cryptography 46.0.5-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-26007.html



openSUSE-SU-2026:10202-1: moderate: himmelblau-2.3.5+git0.9dd526c-1.1 on GA media


# himmelblau-2.3.5+git0.9dd526c-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10202-1
Rating: moderate

Cross-References:

* CVE-2026-25727

CVSS scores:

* CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the himmelblau-2.3.5+git0.9dd526c-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* himmelblau 2.3.5+git0.9dd526c-1.1
* himmelblau-qr-greeter 2.3.5+git0.9dd526c-1.1
* himmelblau-sshd-config 2.3.5+git0.9dd526c-1.1
* himmelblau-sso 2.3.5+git0.9dd526c-1.1
* libnss_himmelblau2 2.3.5+git0.9dd526c-1.1
* pam-himmelblau 2.3.5+git0.9dd526c-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-25727.html


Kernel updates for Rocky Linux

AIOHTTP security update for Ubuntu Linux

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...