Go1.25-OpenSSL, Python, PHP, and more updates for SUSE Linux

SUSE 5543 Published by

Security updates have been released for SUSE Linux, addressing various vulnerabilities and issues. These updates include patches for Go 1.25 with OpenSSL, Python 3.11, the Linux Kernel RT, Avahi, PHP 8, and several other packages. Additionally, there are security updates available for Java, Qt-related packages, Google OSConfig Agent, CUPS, and more on openSUSE GA media.

SUSE-SU-2026:0298-1: important: Security update for go1.25-openssl
SUSE-SU-2026:0299-1: moderate: Security update for python311
openSUSE-SU-2026:20112-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 16)
openSUSE-SU-2026:20110-1: moderate: Security update for avahi
openSUSE-SU-2026:20113-1: moderate: Security update for php8
openSUSE-SU-2026:20108-1: important: Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 16)
openSUSE-SU-2026:10089-1: moderate: gio-branding-upstream-2.86.3-2.1 on GA media
openSUSE-SU-2026:10096-1: moderate: python311-urllib3_1-1.26.20-5.1 on GA media
openSUSE-SU-2026:10097-1: moderate: qemu-10.2.0-2.1 on GA media
openSUSE-SU-2026:10092-1: moderate: java-17-openjdk-17.0.18.0-1.1 on GA media
openSUSE-SU-2026:10093-1: moderate: java-21-openjdk-21.0.10.0-1.1 on GA media
openSUSE-SU-2026:10094-1: moderate: libmatio-devel-1.5.30-1.1 on GA media
openSUSE-SU-2026:10090-1: moderate: google-osconfig-agent-20260119.00-1.1 on GA media
openSUSE-SU-2026:10088-1: moderate: cups-2.4.16-1.1 on GA media
openSUSE-SU-2026:10091-1: moderate: java-11-openjdk-11.0.30.0-1.1 on GA media
openSUSE-SU-2026:10095-1: moderate: libopenjp2-7-2.5.4-2.1 on GA media




SUSE-SU-2026:0298-1: important: Security update for go1.25-openssl


# Security update for go1.25-openssl

Announcement ID: SUSE-SU-2026:0298-1
Release Date: 2026-01-26T16:11:13Z
Rating: important
References:

* bsc#1244485
* bsc#1245878
* bsc#1246118
* bsc#1247719
* bsc#1247720
* bsc#1247816
* bsc#1248082
* bsc#1249141
* bsc#1249985
* bsc#1251253
* bsc#1251254
* bsc#1251255
* bsc#1251256
* bsc#1251257
* bsc#1251258
* bsc#1251259
* bsc#1251260
* bsc#1251261
* bsc#1251262
* bsc#1254227
* bsc#1254430
* bsc#1254431
* bsc#1256816
* bsc#1256817
* bsc#1256818
* bsc#1256819
* bsc#1256820
* bsc#1256821
* jsc#SLE-18320

Cross-References:

* CVE-2025-4674
* CVE-2025-47906
* CVE-2025-47907
* CVE-2025-47910
* CVE-2025-47912
* CVE-2025-58183
* CVE-2025-58185
* CVE-2025-58186
* CVE-2025-58187
* CVE-2025-58188
* CVE-2025-58189
* CVE-2025-61723
* CVE-2025-61724
* CVE-2025-61725
* CVE-2025-61726
* CVE-2025-61727
* CVE-2025-61728
* CVE-2025-61729
* CVE-2025-61730
* CVE-2025-61731
* CVE-2025-68119
* CVE-2025-68121

CVSS scores:

* CVE-2025-4674 ( SUSE ): 9.3
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-4674 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-4674 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-47906 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-47906 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-47906 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-47907 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-47907 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
* CVE-2025-47907 ( NVD ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
* CVE-2025-47910 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-47910 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-47912 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-47912 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-47912 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-58183 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58183 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-58183 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-58185 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58185 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58185 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58186 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58186 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58186 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58187 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58187 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58187 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-58188 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-58188 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-58188 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-58189 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N
* CVE-2025-58189 ( SUSE ): 4.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2025-58189 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-61723 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-61723 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-61723 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61724 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-61724 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-61724 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-61725 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61725 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-61725 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61726 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61726 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-61727 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-61728 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61728 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-61729 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61729 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61729 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-61730 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-61730 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-61731 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61731 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-68119 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68119 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-68121 ( SUSE ): 7.6
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-68121 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves 22 vulnerabilities, contains one feature and has six
security fixes can now be installed.

## Description:

This update for go1.25-openssl fixes the following issues:

Update to version 1.25.6 (released 2026-01-15) (jsc#SLE-18320, bsc#1244485):

Security fixes:

* CVE-2025-4674 cmd/go: disable support for multiple vcs in one module
(bsc#1246118).
* CVE-2025-47906 os/exec: LookPath bug: incorrect expansion of "", "." and
".." in some PATH configurations (bsc#1247719).
* CVE-2025-47907 database/sql: incorrect results returned from Rows.Scan
(bsc#1247720).
* CVE-2025-47910 net/http: CrossOriginProtection insecure bypass patterns not
limited to exact matches (bsc#1249141).
* CVE-2025-47912 net/url: insufficient validation of bracketed IPv6 hostnames
(bsc#1251257).
* CVE-2025-58183 archive/tar: unbounded allocation when parsing GNU sparse map
(bsc#1251261).
* CVE-2025-58185 encoding/asn1: pre-allocating memory when parsing DER payload
can cause memory exhaustion (bsc#1251258).
* CVE-2025-58186 net/http: lack of limit when parsing cookies can cause memory
exhaustion (bsc#1251259).
* CVE-2025-58187 crypto/x509: quadratic complexity when checking name
constraints (bsc#1251254).
* CVE-2025-58188 crypto/x509: panic when validating certificates with DSA
public keys (bsc#1251260).
* CVE-2025-58189 crypto/tls: ALPN negotiation error contains attacker
controlled information (bsc#1251255).
* CVE-2025-61723 encoding/pem: quadratic complexity when parsing some invalid
inputs (bsc#1251256).
* CVE-2025-61724 net/textproto: excessive CPU consumption in
Reader.ReadResponse (bsc#1251262).
* CVE-2025-61725 net/mail: excessive CPU consumption in ParseAddress
(bsc#1251253).
* CVE-2025-61726 net/http: memory exhaustion in Request.ParseForm
(bsc#1256817).
* CVE-2025-61727 crypto/x509: excluded subdomain constraint doesn't preclude
wildcard SAN (bsc#1254430).
* CVE-2025-61728 archive/zip: denial of service when parsing arbitrary ZIP
archives (bsc#1256816).
* CVE-2025-61729 crypto/x509: excessive resource consumption in printing error
string for host certificate validation (bsc#1254431).
* CVE-2025-61730 crypto/tls: handshake messages may be processed at the
incorrect encryption level (bsc#1256821).
* CVE-2025-61731 cmd/go: bypass of flag sanitization can lead to arbitrary
code execution (bsc#1256819).
* CVE-2025-68119 cmd/go: unexpected code execution when invoking toolchain
(bsc#1256820).
* CVE-2025-68121 crypto/tls: Config.Clone copies automatically generated
session ticket keys, session resumption does not account for the expiration
of full certificate chain (bsc#1256818).

Other fixes:

* go#74822 cmd/go: "get toolchain@latest" should ignore release candidates
* go#74999 net: WriteMsgUDPAddrPort should accept IPv4-mapped IPv6 destination
addresses on IPv4 UDP sockets
* go#75008 os/exec: TestLookPath fails on plan9 after CL 685755
* go#75021 testing/synctest: bubble not terminating
* go#75083 os: File.Seek doesn't set the correct offset with Windows
overlapped handles
* go#75111 os, syscall: volume handles with FILE_FLAG_OVERLAPPED fail when
calling ReadAt
* go#75116 os: Root.MkdirAll can return "file exists" when called concurrently
on the same path
* go#75139 os: Root.OpenRoot sets incorrect name, losing prefix of original
root
* go#75221 debug/pe: pe.Open fails on object files produced by llvm-mingw 21
* go#75255 cmd/compile: export to DWARF types only referenced through
interfaces
* go#75347 testing/synctest: test timeout with no runnable goroutines
* go#75357 net: new test TestIPv4WriteMsgUDPAddrPortTargetAddrIPVersion fails
on plan9
* go#75480 cmd/link: linker panic and relocation errors with complex generics
inlining
* go#75524 crypto/internal/fips140/rsa: requires a panic if self-tests fail
* go#75537 context: Err can return non-nil before Done channel is closed
* go#75539 net/http: internal error: connCount underflow
* go#75595 cmd/compile: internal compiler error with GOEXPERIMENT=cgocheck2 on
github.com/leodido/go-urn
* go#75610 sync/atomic: comment for Uintptr.Or incorrectly describes return
value
* go#75669 runtime: debug.decoratemappings don't work as expected
* go#75775 runtime: build fails when run via QEMU for linux/amd64 running on
linux/arm64
* go#75777 spec: Go1.25 spec should be dated closer to actual release date
* go#75790 crypto/internal/fips140/subtle: Go 1.25 subtle.xorBytes panic on
MIPS
* go#75832 net/url: ipv4 mapped ipv6 addresses should be valid in square
brackets
* go#75861 crypto/x509: TLS validation fails for FQDNs with trailing dot
* go#75952 encoding/pem: regression when decoding blocks with leading garbage
* go#75989 os: on windows RemoveAll removing directories containing read-only
files errors with unlinkat ... Access is denied
* go#76010 cmd/compile: any(func(){})==any(func(){}) does not panic but should
* go#76029 pem/encoding: malformed line endings can cause panics
* go#76245 mime: FormatMediaType and ParseMediaType not compatible across 1.24
to 1.25
* go#76360 os: on windows RemoveAll removing directories containing read-only
files errors with unlinkat ... Access is denied, ReOpenFile error handling
followup
* go#76392 os: package initialization hangs is Stdin is blocked
* go#76409 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH
enabled
* go#76620 os: on Unix, Readdirnames skips directory entries with zero inodes
* go#76761 runtime: stack split at bad time in os/signal with Go 1.25.4
windows 386
* go#76776 runtime: race detector crash on ppc64le
* go#76967 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while
compiling : runtime error: index out of range
* go#76973 errors: errors.Join behavior changed in 1.25

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-298=1 openSUSE-SLE-15.6-2026-298=1

* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-298=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-298=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-298=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* go1.25-openssl-debuginfo-1.25.6-150600.13.9.1
* go1.25-openssl-1.25.6-150600.13.9.1
* go1.25-openssl-doc-1.25.6-150600.13.9.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.25-openssl-race-1.25.6-150600.13.9.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* go1.25-openssl-debuginfo-1.25.6-150600.13.9.1
* go1.25-openssl-1.25.6-150600.13.9.1
* go1.25-openssl-doc-1.25.6-150600.13.9.1
* go1.25-openssl-race-1.25.6-150600.13.9.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* go1.25-openssl-debuginfo-1.25.6-150600.13.9.1
* go1.25-openssl-1.25.6-150600.13.9.1
* go1.25-openssl-doc-1.25.6-150600.13.9.1
* go1.25-openssl-race-1.25.6-150600.13.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* go1.25-openssl-debuginfo-1.25.6-150600.13.9.1
* go1.25-openssl-1.25.6-150600.13.9.1
* go1.25-openssl-doc-1.25.6-150600.13.9.1
* go1.25-openssl-race-1.25.6-150600.13.9.1

## References:

* https://www.suse.com/security/cve/CVE-2025-4674.html
* https://www.suse.com/security/cve/CVE-2025-47906.html
* https://www.suse.com/security/cve/CVE-2025-47907.html
* https://www.suse.com/security/cve/CVE-2025-47910.html
* https://www.suse.com/security/cve/CVE-2025-47912.html
* https://www.suse.com/security/cve/CVE-2025-58183.html
* https://www.suse.com/security/cve/CVE-2025-58185.html
* https://www.suse.com/security/cve/CVE-2025-58186.html
* https://www.suse.com/security/cve/CVE-2025-58187.html
* https://www.suse.com/security/cve/CVE-2025-58188.html
* https://www.suse.com/security/cve/CVE-2025-58189.html
* https://www.suse.com/security/cve/CVE-2025-61723.html
* https://www.suse.com/security/cve/CVE-2025-61724.html
* https://www.suse.com/security/cve/CVE-2025-61725.html
* https://www.suse.com/security/cve/CVE-2025-61726.html
* https://www.suse.com/security/cve/CVE-2025-61727.html
* https://www.suse.com/security/cve/CVE-2025-61728.html
* https://www.suse.com/security/cve/CVE-2025-61729.html
* https://www.suse.com/security/cve/CVE-2025-61730.html
* https://www.suse.com/security/cve/CVE-2025-61731.html
* https://www.suse.com/security/cve/CVE-2025-68119.html
* https://www.suse.com/security/cve/CVE-2025-68121.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244485
* https://bugzilla.suse.com/show_bug.cgi?id=1245878
* https://bugzilla.suse.com/show_bug.cgi?id=1246118
* https://bugzilla.suse.com/show_bug.cgi?id=1247719
* https://bugzilla.suse.com/show_bug.cgi?id=1247720
* https://bugzilla.suse.com/show_bug.cgi?id=1247816
* https://bugzilla.suse.com/show_bug.cgi?id=1248082
* https://bugzilla.suse.com/show_bug.cgi?id=1249141
* https://bugzilla.suse.com/show_bug.cgi?id=1249985
* https://bugzilla.suse.com/show_bug.cgi?id=1251253
* https://bugzilla.suse.com/show_bug.cgi?id=1251254
* https://bugzilla.suse.com/show_bug.cgi?id=1251255
* https://bugzilla.suse.com/show_bug.cgi?id=1251256
* https://bugzilla.suse.com/show_bug.cgi?id=1251257
* https://bugzilla.suse.com/show_bug.cgi?id=1251258
* https://bugzilla.suse.com/show_bug.cgi?id=1251259
* https://bugzilla.suse.com/show_bug.cgi?id=1251260
* https://bugzilla.suse.com/show_bug.cgi?id=1251261
* https://bugzilla.suse.com/show_bug.cgi?id=1251262
* https://bugzilla.suse.com/show_bug.cgi?id=1254227
* https://bugzilla.suse.com/show_bug.cgi?id=1254430
* https://bugzilla.suse.com/show_bug.cgi?id=1254431
* https://bugzilla.suse.com/show_bug.cgi?id=1256816
* https://bugzilla.suse.com/show_bug.cgi?id=1256817
* https://bugzilla.suse.com/show_bug.cgi?id=1256818
* https://bugzilla.suse.com/show_bug.cgi?id=1256819
* https://bugzilla.suse.com/show_bug.cgi?id=1256820
* https://bugzilla.suse.com/show_bug.cgi?id=1256821
* https://jira.suse.com/browse/SLE-18320



SUSE-SU-2026:0299-1: moderate: Security update for python311


# Security update for python311

Announcement ID: SUSE-SU-2026:0299-1
Release Date: 2026-01-26T16:39:25Z
Rating: moderate
References:

* bsc#1254400
* bsc#1254401
* bsc#1254997

Cross-References:

* CVE-2025-12084
* CVE-2025-13836
* CVE-2025-13837

CVSS scores:

* CVE-2025-12084 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12084 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-12084 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12084 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-13836 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13836 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-13836 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13836 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-13837 ( SUSE ): 2.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13837 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-13837 ( NVD ): 2.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-13837 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* Public Cloud Module 15-SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3

An update that solves three vulnerabilities can now be installed.

## Description:

This update for python311 fixes the following issues:

* CVE-2025-12084: prevent quadratic behavior in node ID cache clearing
(bsc#1254997).
* CVE-2025-13836: prevent reading an HTTP response from a server, if no read
amount is specified, with using Content-Length per default as the length
(bsc#1254400).
* CVE-2025-13837: protect against OOM when loading malicious content
(bsc#1254401).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-299=1

* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2026-299=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-299=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-299=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-299=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-299=1

* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-299=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-299=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-299=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-299=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python311-tools-3.11.14-150400.9.72.1
* python311-idle-3.11.14-150400.9.72.1
* python311-testsuite-3.11.14-150400.9.72.1
* python311-base-3.11.14-150400.9.72.1
* python311-tk-3.11.14-150400.9.72.1
* python311-tk-debuginfo-3.11.14-150400.9.72.1
* python311-3.11.14-150400.9.72.1
* python311-testsuite-debuginfo-3.11.14-150400.9.72.1
* python311-base-debuginfo-3.11.14-150400.9.72.1
* python311-core-debugsource-3.11.14-150400.9.72.1
* python311-debuginfo-3.11.14-150400.9.72.1
* python311-curses-3.11.14-150400.9.72.1
* python311-doc-devhelp-3.11.14-150400.9.72.1
* libpython3_11-1_0-3.11.14-150400.9.72.1
* python311-curses-debuginfo-3.11.14-150400.9.72.1
* python311-devel-3.11.14-150400.9.72.1
* python311-dbm-debuginfo-3.11.14-150400.9.72.1
* python311-debugsource-3.11.14-150400.9.72.1
* python311-doc-3.11.14-150400.9.72.1
* python311-dbm-3.11.14-150400.9.72.1
* libpython3_11-1_0-debuginfo-3.11.14-150400.9.72.1
* openSUSE Leap 15.4 (x86_64)
* python311-base-32bit-3.11.14-150400.9.72.1
* python311-32bit-3.11.14-150400.9.72.1
* libpython3_11-1_0-32bit-3.11.14-150400.9.72.1
* libpython3_11-1_0-32bit-debuginfo-3.11.14-150400.9.72.1
* python311-32bit-debuginfo-3.11.14-150400.9.72.1
* python311-base-32bit-debuginfo-3.11.14-150400.9.72.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* python311-64bit-3.11.14-150400.9.72.1
* libpython3_11-1_0-64bit-debuginfo-3.11.14-150400.9.72.1
* libpython3_11-1_0-64bit-3.11.14-150400.9.72.1
* python311-base-64bit-3.11.14-150400.9.72.1
* python311-base-64bit-debuginfo-3.11.14-150400.9.72.1
* python311-64bit-debuginfo-3.11.14-150400.9.72.1
* Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* libpython3_11-1_0-3.11.14-150400.9.72.1
* python311-3.11.14-150400.9.72.1
* python311-base-3.11.14-150400.9.72.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* python311-tools-3.11.14-150400.9.72.1
* python311-doc-3.11.14-150400.9.72.1
* python311-dbm-3.11.14-150400.9.72.1
* python311-debuginfo-3.11.14-150400.9.72.1
* python311-idle-3.11.14-150400.9.72.1
* python311-tk-debuginfo-3.11.14-150400.9.72.1
* libpython3_11-1_0-debuginfo-3.11.14-150400.9.72.1
* python311-3.11.14-150400.9.72.1
* python311-curses-3.11.14-150400.9.72.1
* python311-doc-devhelp-3.11.14-150400.9.72.1
* libpython3_11-1_0-3.11.14-150400.9.72.1
* python311-base-3.11.14-150400.9.72.1
* python311-dbm-debuginfo-3.11.14-150400.9.72.1
* python311-curses-debuginfo-3.11.14-150400.9.72.1
* python311-base-debuginfo-3.11.14-150400.9.72.1
* python311-tk-3.11.14-150400.9.72.1
* python311-devel-3.11.14-150400.9.72.1
* python311-core-debugsource-3.11.14-150400.9.72.1
* python311-debugsource-3.11.14-150400.9.72.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* python311-tools-3.11.14-150400.9.72.1
* python311-doc-3.11.14-150400.9.72.1
* python311-dbm-3.11.14-150400.9.72.1
* python311-debuginfo-3.11.14-150400.9.72.1
* python311-idle-3.11.14-150400.9.72.1
* python311-tk-debuginfo-3.11.14-150400.9.72.1
* libpython3_11-1_0-debuginfo-3.11.14-150400.9.72.1
* python311-3.11.14-150400.9.72.1
* python311-curses-3.11.14-150400.9.72.1
* python311-doc-devhelp-3.11.14-150400.9.72.1
* libpython3_11-1_0-3.11.14-150400.9.72.1
* python311-base-3.11.14-150400.9.72.1
* python311-dbm-debuginfo-3.11.14-150400.9.72.1
* python311-curses-debuginfo-3.11.14-150400.9.72.1
* python311-base-debuginfo-3.11.14-150400.9.72.1
* python311-tk-3.11.14-150400.9.72.1
* python311-devel-3.11.14-150400.9.72.1
* python311-core-debugsource-3.11.14-150400.9.72.1
* python311-debugsource-3.11.14-150400.9.72.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* python311-tools-3.11.14-150400.9.72.1
* python311-doc-3.11.14-150400.9.72.1
* python311-dbm-3.11.14-150400.9.72.1
* python311-debuginfo-3.11.14-150400.9.72.1
* python311-idle-3.11.14-150400.9.72.1
* python311-tk-debuginfo-3.11.14-150400.9.72.1
* libpython3_11-1_0-debuginfo-3.11.14-150400.9.72.1
* python311-3.11.14-150400.9.72.1
* python311-curses-3.11.14-150400.9.72.1
* python311-doc-devhelp-3.11.14-150400.9.72.1
* libpython3_11-1_0-3.11.14-150400.9.72.1
* python311-base-3.11.14-150400.9.72.1
* python311-dbm-debuginfo-3.11.14-150400.9.72.1
* python311-curses-debuginfo-3.11.14-150400.9.72.1
* python311-base-debuginfo-3.11.14-150400.9.72.1
* python311-tk-3.11.14-150400.9.72.1
* python311-devel-3.11.14-150400.9.72.1
* python311-core-debugsource-3.11.14-150400.9.72.1
* python311-debugsource-3.11.14-150400.9.72.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* python311-tools-3.11.14-150400.9.72.1
* python311-doc-3.11.14-150400.9.72.1
* python311-dbm-3.11.14-150400.9.72.1
* python311-debuginfo-3.11.14-150400.9.72.1
* python311-idle-3.11.14-150400.9.72.1
* python311-tk-debuginfo-3.11.14-150400.9.72.1
* libpython3_11-1_0-debuginfo-3.11.14-150400.9.72.1
* python311-3.11.14-150400.9.72.1
* python311-curses-3.11.14-150400.9.72.1
* python311-doc-devhelp-3.11.14-150400.9.72.1
* libpython3_11-1_0-3.11.14-150400.9.72.1
* python311-base-3.11.14-150400.9.72.1
* python311-dbm-debuginfo-3.11.14-150400.9.72.1
* python311-curses-debuginfo-3.11.14-150400.9.72.1
* python311-base-debuginfo-3.11.14-150400.9.72.1
* python311-tk-3.11.14-150400.9.72.1
* python311-devel-3.11.14-150400.9.72.1
* python311-core-debugsource-3.11.14-150400.9.72.1
* python311-debugsource-3.11.14-150400.9.72.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* python311-tools-3.11.14-150400.9.72.1
* python311-doc-3.11.14-150400.9.72.1
* python311-dbm-3.11.14-150400.9.72.1
* python311-debuginfo-3.11.14-150400.9.72.1
* python311-idle-3.11.14-150400.9.72.1
* python311-tk-debuginfo-3.11.14-150400.9.72.1
* libpython3_11-1_0-debuginfo-3.11.14-150400.9.72.1
* python311-3.11.14-150400.9.72.1
* python311-curses-3.11.14-150400.9.72.1
* python311-doc-devhelp-3.11.14-150400.9.72.1
* libpython3_11-1_0-3.11.14-150400.9.72.1
* python311-base-3.11.14-150400.9.72.1
* python311-dbm-debuginfo-3.11.14-150400.9.72.1
* python311-curses-debuginfo-3.11.14-150400.9.72.1
* python311-base-debuginfo-3.11.14-150400.9.72.1
* python311-tk-3.11.14-150400.9.72.1
* python311-devel-3.11.14-150400.9.72.1
* python311-core-debugsource-3.11.14-150400.9.72.1
* python311-debugsource-3.11.14-150400.9.72.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* python311-tools-3.11.14-150400.9.72.1
* python311-doc-3.11.14-150400.9.72.1
* python311-dbm-3.11.14-150400.9.72.1
* python311-debuginfo-3.11.14-150400.9.72.1
* python311-idle-3.11.14-150400.9.72.1
* python311-tk-debuginfo-3.11.14-150400.9.72.1
* libpython3_11-1_0-debuginfo-3.11.14-150400.9.72.1
* python311-3.11.14-150400.9.72.1
* python311-curses-3.11.14-150400.9.72.1
* python311-doc-devhelp-3.11.14-150400.9.72.1
* libpython3_11-1_0-3.11.14-150400.9.72.1
* python311-base-3.11.14-150400.9.72.1
* python311-dbm-debuginfo-3.11.14-150400.9.72.1
* python311-curses-debuginfo-3.11.14-150400.9.72.1
* python311-base-debuginfo-3.11.14-150400.9.72.1
* python311-tk-3.11.14-150400.9.72.1
* python311-devel-3.11.14-150400.9.72.1
* python311-core-debugsource-3.11.14-150400.9.72.1
* python311-debugsource-3.11.14-150400.9.72.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* python311-tools-3.11.14-150400.9.72.1
* python311-doc-3.11.14-150400.9.72.1
* python311-dbm-3.11.14-150400.9.72.1
* python311-debuginfo-3.11.14-150400.9.72.1
* python311-idle-3.11.14-150400.9.72.1
* python311-tk-debuginfo-3.11.14-150400.9.72.1
* libpython3_11-1_0-debuginfo-3.11.14-150400.9.72.1
* python311-3.11.14-150400.9.72.1
* python311-curses-3.11.14-150400.9.72.1
* python311-doc-devhelp-3.11.14-150400.9.72.1
* libpython3_11-1_0-3.11.14-150400.9.72.1
* python311-base-3.11.14-150400.9.72.1
* python311-dbm-debuginfo-3.11.14-150400.9.72.1
* python311-curses-debuginfo-3.11.14-150400.9.72.1
* python311-base-debuginfo-3.11.14-150400.9.72.1
* python311-tk-3.11.14-150400.9.72.1
* python311-devel-3.11.14-150400.9.72.1
* python311-core-debugsource-3.11.14-150400.9.72.1
* python311-debugsource-3.11.14-150400.9.72.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* python311-tools-3.11.14-150400.9.72.1
* python311-doc-3.11.14-150400.9.72.1
* python311-dbm-3.11.14-150400.9.72.1
* python311-debuginfo-3.11.14-150400.9.72.1
* python311-idle-3.11.14-150400.9.72.1
* python311-tk-debuginfo-3.11.14-150400.9.72.1
* libpython3_11-1_0-debuginfo-3.11.14-150400.9.72.1
* python311-3.11.14-150400.9.72.1
* python311-curses-3.11.14-150400.9.72.1
* python311-doc-devhelp-3.11.14-150400.9.72.1
* libpython3_11-1_0-3.11.14-150400.9.72.1
* python311-base-3.11.14-150400.9.72.1
* python311-dbm-debuginfo-3.11.14-150400.9.72.1
* python311-curses-debuginfo-3.11.14-150400.9.72.1
* python311-base-debuginfo-3.11.14-150400.9.72.1
* python311-tk-3.11.14-150400.9.72.1
* python311-devel-3.11.14-150400.9.72.1
* python311-core-debugsource-3.11.14-150400.9.72.1
* python311-debugsource-3.11.14-150400.9.72.1

## References:

* https://www.suse.com/security/cve/CVE-2025-12084.html
* https://www.suse.com/security/cve/CVE-2025-13836.html
* https://www.suse.com/security/cve/CVE-2025-13837.html
* https://bugzilla.suse.com/show_bug.cgi?id=1254400
* https://bugzilla.suse.com/show_bug.cgi?id=1254401
* https://bugzilla.suse.com/show_bug.cgi?id=1254997



openSUSE-SU-2026:20112-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 16)


openSUSE security update: security update for the linux kernel rt (live patch 1 for suse linux enterprise 16)
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20112-1
Rating: important
References:

* bsc#1251982
* bsc#1253437
* bsc#1254196

Cross-References:

* CVE-2025-39963
* CVE-2025-40204
* CVE-2025-40212

CVSS scores:

* CVE-2025-39963 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-39963 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-40204 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-40212 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40212 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.

Description:

This update for the SUSE Linux Enterprise kernel 6.12.0-160000.6.1 fixes various security issues

The following security issues were fixed:

- CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251982).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).
- CVE-2025-40212: nfsd: fix refcount leak in nfsd_set_fh_dentry() (bsc#1254196).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-195=1

Package List:

- openSUSE Leap 16.0:

kernel-livepatch-6_12_0-160000_6-rt-3-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-39963.html
* https://www.suse.com/security/cve/CVE-2025-40204.html
* https://www.suse.com/security/cve/CVE-2025-40212.html



openSUSE-SU-2026:20110-1: moderate: Security update for avahi


openSUSE security update: security update for avahi
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20110-1
Rating: moderate
References:

* bsc#1256498
* bsc#1256499
* bsc#1256500

Cross-References:

* CVE-2025-68276
* CVE-2025-68468
* CVE-2025-68471

CVSS scores:

* CVE-2025-68276 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68276 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68468 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-68468 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68471 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-68471 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.

Description:

This update for avahi fixes the following issues:

- CVE-2025-68276: Fixed refuse to create wide-area record browsers when
wide-area is off (bsc#1256498)
- CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500)
- CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-193=1

Package List:

- openSUSE Leap 16.0:

avahi-0.8-160000.4.1
avahi-autoipd-0.8-160000.4.1
avahi-compat-howl-devel-0.8-160000.4.1
avahi-compat-mDNSResponder-devel-0.8-160000.4.1
avahi-lang-0.8-160000.4.1
avahi-utils-0.8-160000.4.1
avahi-utils-gtk-0.8-160000.4.1
libavahi-client3-0.8-160000.4.1
libavahi-common3-0.8-160000.4.1
libavahi-core7-0.8-160000.4.1
libavahi-devel-0.8-160000.4.1
libavahi-glib-devel-0.8-160000.4.1
libavahi-glib1-0.8-160000.4.1
libavahi-gobject-devel-0.8-160000.4.1
libavahi-gobject0-0.8-160000.4.1
libavahi-libevent1-0.8-160000.4.1
libavahi-qt6-1-0.8-160000.4.1
libavahi-qt6-devel-0.8-160000.4.1
libavahi-ui-gtk3-0-0.8-160000.4.1
libdns_sd-0.8-160000.4.1
libhowl0-0.8-160000.4.1
python3-avahi-gtk-0.8-160000.4.1
python313-avahi-0.8-160000.4.1
typelib-1_0-Avahi-0_6-0.8-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2025-68276.html
* https://www.suse.com/security/cve/CVE-2025-68468.html
* https://www.suse.com/security/cve/CVE-2025-68471.html



openSUSE-SU-2026:20113-1: moderate: Security update for php8


openSUSE security update: security update for php8
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20113-1
Rating: moderate
References:

* bsc#1255043
* bsc#1255710
* bsc#1255711
* bsc#1255712

Cross-References:

* CVE-2025-14177
* CVE-2025-14178
* CVE-2025-14180

CVSS scores:

* CVE-2025-14177 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-14177 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
* CVE-2025-14178 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-14178 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-14180 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-14180 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has 4 bug fixes can now be installed.

Description:

This update for php8 fixes the following issues:

Version update to 8.4.16:

Security fixes:

- CVE-2025-14177: getimagesize() function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode (bsc#1255710).
- CVE-2025-14178: heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE (bsc#1255711).
- CVE-2025-14180: null pointer dereference in pdo_parse_params() function when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled (bsc#1255712).

Other fixes:

- php8 contains Directories owned by wwwrun but does not require User. (bsc#1255043)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-198=1

Package List:

- openSUSE Leap 16.0:

apache2-mod_php8-8.4.16-160000.1.1
php8-8.4.16-160000.1.1
php8-bcmath-8.4.16-160000.1.1
php8-bz2-8.4.16-160000.1.1
php8-calendar-8.4.16-160000.1.1
php8-cli-8.4.16-160000.1.1
php8-ctype-8.4.16-160000.1.1
php8-curl-8.4.16-160000.1.1
php8-dba-8.4.16-160000.1.1
php8-devel-8.4.16-160000.1.1
php8-dom-8.4.16-160000.1.1
php8-embed-8.4.16-160000.1.1
php8-enchant-8.4.16-160000.1.1
php8-exif-8.4.16-160000.1.1
php8-fastcgi-8.4.16-160000.1.1
php8-ffi-8.4.16-160000.1.1
php8-fileinfo-8.4.16-160000.1.1
php8-fpm-8.4.16-160000.1.1
php8-fpm-apache-8.4.16-160000.1.1
php8-ftp-8.4.16-160000.1.1
php8-gd-8.4.16-160000.1.1
php8-gettext-8.4.16-160000.1.1
php8-gmp-8.4.16-160000.1.1
php8-iconv-8.4.16-160000.1.1
php8-intl-8.4.16-160000.1.1
php8-ldap-8.4.16-160000.1.1
php8-mbstring-8.4.16-160000.1.1
php8-mysql-8.4.16-160000.1.1
php8-odbc-8.4.16-160000.1.1
php8-opcache-8.4.16-160000.1.1
php8-openssl-8.4.16-160000.1.1
php8-pcntl-8.4.16-160000.1.1
php8-pdo-8.4.16-160000.1.1
php8-pgsql-8.4.16-160000.1.1
php8-phar-8.4.16-160000.1.1
php8-posix-8.4.16-160000.1.1
php8-readline-8.4.16-160000.1.1
php8-shmop-8.4.16-160000.1.1
php8-snmp-8.4.16-160000.1.1
php8-soap-8.4.16-160000.1.1
php8-sockets-8.4.16-160000.1.1
php8-sodium-8.4.16-160000.1.1
php8-sqlite-8.4.16-160000.1.1
php8-sysvmsg-8.4.16-160000.1.1
php8-sysvsem-8.4.16-160000.1.1
php8-sysvshm-8.4.16-160000.1.1
php8-test-8.4.16-160000.1.1
php8-tidy-8.4.16-160000.1.1
php8-tokenizer-8.4.16-160000.1.1
php8-xmlreader-8.4.16-160000.1.1
php8-xmlwriter-8.4.16-160000.1.1
php8-xsl-8.4.16-160000.1.1
php8-zip-8.4.16-160000.1.1
php8-zlib-8.4.16-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-14177.html
* https://www.suse.com/security/cve/CVE-2025-14178.html
* https://www.suse.com/security/cve/CVE-2025-14180.html



openSUSE-SU-2026:20108-1: important: Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 16)


openSUSE security update: security update for the linux kernel rt (live patch 2 for suse linux enterprise 16)
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20108-1
Rating: important
References:

* bsc#1254196

Cross-References:

* CVE-2025-40212

CVSS scores:

* CVE-2025-40212 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-40212 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for the SUSE Linux Enterprise kernel 6.12.0-160000.7.1 fixes one security issue

The following security issue was fixed:

- CVE-2025-40212: nfsd: fix refcount leak in nfsd_set_fh_dentry() (bsc#1254196).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-191=1

Package List:

- openSUSE Leap 16.0:

kernel-livepatch-6_12_0-160000_7-rt-2-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-40212.html



openSUSE-SU-2026:10089-1: moderate: gio-branding-upstream-2.86.3-2.1 on GA media


# gio-branding-upstream-2.86.3-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10089-1
Rating: moderate

Cross-References:

* CVE-2026-0988

CVSS scores:

* CVE-2026-0988 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-0988 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the gio-branding-upstream-2.86.3-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* gio-branding-upstream 2.86.3-2.1
* glib2-devel 2.86.3-2.1
* glib2-devel-32bit 2.86.3-2.1
* glib2-devel-static 2.86.3-2.1
* glib2-lang 2.86.3-2.1
* glib2-tests-devel 2.86.3-2.1
* glib2-tools 2.86.3-2.1
* glib2-tools-32bit 2.86.3-2.1
* libgio-2_0-0 2.86.3-2.1
* libgio-2_0-0-32bit 2.86.3-2.1
* libgirepository-2_0-0 2.86.3-2.1
* libglib-2_0-0 2.86.3-2.1
* libglib-2_0-0-32bit 2.86.3-2.1
* libgmodule-2_0-0 2.86.3-2.1
* libgmodule-2_0-0-32bit 2.86.3-2.1
* libgobject-2_0-0 2.86.3-2.1
* libgobject-2_0-0-32bit 2.86.3-2.1
* libgthread-2_0-0 2.86.3-2.1
* libgthread-2_0-0-32bit 2.86.3-2.1
* typelib-1_0-GIRepository-3_0 2.86.3-2.1
* typelib-1_0-GLib-2_0 2.86.3-2.1
* typelib-1_0-GLibUnix-2_0 2.86.3-2.1
* typelib-1_0-GModule-2_0 2.86.3-2.1
* typelib-1_0-GObject-2_0 2.86.3-2.1
* typelib-1_0-Gio-2_0 2.86.3-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-0988.html



openSUSE-SU-2026:10096-1: moderate: python311-urllib3_1-1.26.20-5.1 on GA media


# python311-urllib3_1-1.26.20-5.1 on GA media

Announcement ID: openSUSE-SU-2026:10096-1
Rating: moderate

Cross-References:

* CVE-2025-66418
* CVE-2025-66471
* CVE-2026-21441

CVSS scores:

* CVE-2025-66418 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-66418 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-66471 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-66471 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-21441 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-21441 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the python311-urllib3_1-1.26.20-5.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-urllib3_1 1.26.20-5.1
* python312-urllib3_1 1.26.20-5.1
* python313-urllib3_1 1.26.20-5.1

## References:

* https://www.suse.com/security/cve/CVE-2025-66418.html
* https://www.suse.com/security/cve/CVE-2025-66471.html
* https://www.suse.com/security/cve/CVE-2026-21441.html



openSUSE-SU-2026:10097-1: moderate: qemu-10.2.0-2.1 on GA media


# qemu-10.2.0-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10097-1
Rating: moderate

Cross-References:

* CVE-2026-0665

CVSS scores:

* CVE-2026-0665 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-0665 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the qemu-10.2.0-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* qemu 10.2.0-2.1
* qemu-SLOF 10.2.0-2.1
* qemu-accel-qtest 10.2.0-2.1
* qemu-arm 10.2.0-2.1
* qemu-audio-alsa 10.2.0-2.1
* qemu-audio-dbus 10.2.0-2.1
* qemu-audio-jack 10.2.0-2.1
* qemu-audio-oss 10.2.0-2.1
* qemu-audio-pa 10.2.0-2.1
* qemu-audio-pipewire 10.2.0-2.1
* qemu-audio-sdl 10.2.0-2.1
* qemu-audio-spice 10.2.0-2.1
* qemu-block-curl 10.2.0-2.1
* qemu-block-dmg 10.2.0-2.1
* qemu-block-iscsi 10.2.0-2.1
* qemu-block-nfs 10.2.0-2.1
* qemu-block-rbd 10.2.0-2.1
* qemu-block-ssh 10.2.0-2.1
* qemu-chardev-baum 10.2.0-2.1
* qemu-chardev-spice 10.2.0-2.1
* qemu-doc 10.2.0-2.1
* qemu-extra 10.2.0-2.1
* qemu-guest-agent 10.2.0-2.1
* qemu-headless 10.2.0-2.1
* qemu-hw-display-qxl 10.2.0-2.1
* qemu-hw-display-virtio-gpu 10.2.0-2.1
* qemu-hw-display-virtio-gpu-pci 10.2.0-2.1
* qemu-hw-display-virtio-vga 10.2.0-2.1
* qemu-hw-s390x-virtio-gpu-ccw 10.2.0-2.1
* qemu-hw-usb-host 10.2.0-2.1
* qemu-hw-usb-redirect 10.2.0-2.1
* qemu-hw-usb-smartcard 10.2.0-2.1
* qemu-img 10.2.0-2.1
* qemu-ipxe 10.2.0-2.1
* qemu-ivshmem-tools 10.2.0-2.1
* qemu-ksm 10.2.0-2.1
* qemu-lang 10.2.0-2.1
* qemu-microvm 10.2.0-2.1
* qemu-ppc 10.2.0-2.1
* qemu-pr-helper 10.2.0-2.1
* qemu-s390x 10.2.0-2.1
* qemu-seabios 10.2.01.17.0_1_g4f253b9b-2.1
* qemu-skiboot 10.2.0-2.1
* qemu-spice 10.2.0-2.1
* qemu-tools 10.2.0-2.1
* qemu-ui-curses 10.2.0-2.1
* qemu-ui-dbus 10.2.0-2.1
* qemu-ui-gtk 10.2.0-2.1
* qemu-ui-opengl 10.2.0-2.1
* qemu-ui-sdl 10.2.0-2.1
* qemu-ui-spice-app 10.2.0-2.1
* qemu-ui-spice-core 10.2.0-2.1
* qemu-vgabios 10.2.01.17.0_1_g4f253b9b-2.1
* qemu-vhost-user-gpu 10.2.0-2.1
* qemu-vmsr-helper 10.2.0-2.1
* qemu-x86 10.2.0-2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-0665.html



openSUSE-SU-2026:10092-1: moderate: java-17-openjdk-17.0.18.0-1.1 on GA media


# java-17-openjdk-17.0.18.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10092-1
Rating: moderate

Cross-References:

* CVE-2026-21925
* CVE-2026-21932
* CVE-2026-21933
* CVE-2026-21945

CVSS scores:

* CVE-2026-21925 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-21932 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
* CVE-2026-21933 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-21945 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the java-17-openjdk-17.0.18.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* java-17-openjdk 17.0.18.0-1.1
* java-17-openjdk-demo 17.0.18.0-1.1
* java-17-openjdk-devel 17.0.18.0-1.1
* java-17-openjdk-headless 17.0.18.0-1.1
* java-17-openjdk-javadoc 17.0.18.0-1.1
* java-17-openjdk-jmods 17.0.18.0-1.1
* java-17-openjdk-src 17.0.18.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-21925.html
* https://www.suse.com/security/cve/CVE-2026-21932.html
* https://www.suse.com/security/cve/CVE-2026-21933.html
* https://www.suse.com/security/cve/CVE-2026-21945.html



openSUSE-SU-2026:10093-1: moderate: java-21-openjdk-21.0.10.0-1.1 on GA media


# java-21-openjdk-21.0.10.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10093-1
Rating: moderate

Cross-References:

* CVE-2026-21925
* CVE-2026-21932
* CVE-2026-21933
* CVE-2026-21945

CVSS scores:

* CVE-2026-21925 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-21932 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
* CVE-2026-21933 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-21945 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the java-21-openjdk-21.0.10.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* java-21-openjdk 21.0.10.0-1.1
* java-21-openjdk-demo 21.0.10.0-1.1
* java-21-openjdk-devel 21.0.10.0-1.1
* java-21-openjdk-headless 21.0.10.0-1.1
* java-21-openjdk-javadoc 21.0.10.0-1.1
* java-21-openjdk-jmods 21.0.10.0-1.1
* java-21-openjdk-src 21.0.10.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-21925.html
* https://www.suse.com/security/cve/CVE-2026-21932.html
* https://www.suse.com/security/cve/CVE-2026-21933.html
* https://www.suse.com/security/cve/CVE-2026-21945.html



openSUSE-SU-2026:10094-1: moderate: libmatio-devel-1.5.30-1.1 on GA media


# libmatio-devel-1.5.30-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10094-1
Rating: moderate

Cross-References:

* CVE-2025-50343

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libmatio-devel-1.5.30-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libmatio-devel 1.5.30-1.1
* libmatio14 1.5.30-1.1
* matio-tools 1.5.30-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-50343.html



openSUSE-SU-2026:10090-1: moderate: google-osconfig-agent-20260119.00-1.1 on GA media


# google-osconfig-agent-20260119.00-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10090-1
Rating: moderate

Cross-References:

* CVE-2023-45288

CVSS scores:

* CVE-2023-45288 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-45288 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the google-osconfig-agent-20260119.00-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* google-osconfig-agent 20260119.00-1.1

## References:

* https://www.suse.com/security/cve/CVE-2023-45288.html



openSUSE-SU-2026:10088-1: moderate: cups-2.4.16-1.1 on GA media


# cups-2.4.16-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10088-1
Rating: moderate

Cross-References:

* CVE-2025-58436
* CVE-2025-61915

CVSS scores:

* CVE-2025-58436 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-58436 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-61915 ( SUSE ): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
* CVE-2025-61915 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the cups-2.4.16-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* cups 2.4.16-1.1
* cups-client 2.4.16-1.1
* cups-config 2.4.16-1.1
* cups-ddk 2.4.16-1.1
* cups-devel 2.4.16-1.1
* cups-devel-32bit 2.4.16-1.1
* libcups2 2.4.16-1.1
* libcups2-32bit 2.4.16-1.1
* libcupsimage2 2.4.16-1.1
* libcupsimage2-32bit 2.4.16-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-58436.html
* https://www.suse.com/security/cve/CVE-2025-61915.html



openSUSE-SU-2026:10091-1: moderate: java-11-openjdk-11.0.30.0-1.1 on GA media


# java-11-openjdk-11.0.30.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10091-1
Rating: moderate

Cross-References:

* CVE-2026-21925
* CVE-2026-21932
* CVE-2026-21933
* CVE-2026-21945

CVSS scores:

* CVE-2026-21925 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-21932 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
* CVE-2026-21933 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-21945 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the java-11-openjdk-11.0.30.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* java-11-openjdk 11.0.30.0-1.1
* java-11-openjdk-demo 11.0.30.0-1.1
* java-11-openjdk-devel 11.0.30.0-1.1
* java-11-openjdk-headless 11.0.30.0-1.1
* java-11-openjdk-javadoc 11.0.30.0-1.1
* java-11-openjdk-jmods 11.0.30.0-1.1
* java-11-openjdk-src 11.0.30.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-21925.html
* https://www.suse.com/security/cve/CVE-2026-21932.html
* https://www.suse.com/security/cve/CVE-2026-21933.html
* https://www.suse.com/security/cve/CVE-2026-21945.html



openSUSE-SU-2026:10095-1: moderate: libopenjp2-7-2.5.4-2.1 on GA media


# libopenjp2-7-2.5.4-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10095-1
Rating: moderate

Cross-References:

* CVE-2023-39327

CVSS scores:

* CVE-2023-39327 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2023-39327 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libopenjp2-7-2.5.4-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libopenjp2-7 2.5.4-2.1
* libopenjp2-7-32bit 2.5.4-2.1
* libopenjp2-7-x86-64-v3 2.5.4-2.1
* openjpeg2 2.5.4-2.1
* openjpeg2-devel 2.5.4-2.1
* openjpeg2-devel-doc 2.5.4-2.1

## References:

* https://www.suse.com/security/cve/CVE-2023-39327.html


OpenSSL security update for Debian 12 and 13

Windows Package Manager 1.28.110 Preview released

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...