SUSE-SU-2026:0757-1: important: Security update for govulncheck-vulndb
SUSE-SU-2026:0758-1: important: Security update for busybox
SUSE-SU-2026:0760-1: critical: Security update for go1.25-openssl
SUSE-SU-2026:0761-1: important: Security update for freerdp
SUSE-SU-2026:0767-1: important: Security update for python311
SUSE-SU-2026:0766-1: moderate: Security update for gnome-remote-desktop
SUSE-SU-2026:0771-1: important: Security update for postgresql15
SUSE-SU-2026:0774-1: low: Security update for python
SUSE-SU-2026:0775-1: moderate: Security update for evolution-data-server
SUSE-SU-2026:0777-1: moderate: Security update for cosign
SUSE-SU-2026:0780-1: moderate: Security update for tracker-miners
SUSE-SU-2026:0776-1: moderate: Security update for evolution-data-server
SUSE-SU-2026:0779-1: moderate: Security update for libssh
SUSE-SU-2026:0781-1: low: Security update for patch
SUSE-SU-2026:0786-1: important: Security update for postgresql14
SUSE-SU-2026:0788-1: important: Security update for libsoup
SUSE-SU-2026:0783-1: moderate: Security update for zlib
SUSE-SU-2026:0789-1: critical: Security update for go1.24-openssl
SUSE-SU-2026:0757-1: important: Security update for govulncheck-vulndb
# Security update for govulncheck-vulndb
Announcement ID: SUSE-SU-2026:0757-1
Release Date: 2026-03-03T11:34:10Z
Rating: important
References:
* jsc#PED-11136
Cross-References:
* CVE-2017-18873
* CVE-2017-18903
* CVE-2017-18906
* CVE-2017-18907
* CVE-2017-18908
* CVE-2017-18909
* CVE-2017-18911
* CVE-2017-18912
* CVE-2017-18915
* CVE-2017-18916
* CVE-2017-18917
* CVE-2017-18918
* CVE-2023-43635
* CVE-2023-43636
* CVE-2023-43637
* CVE-2025-13523
* CVE-2025-13767
* CVE-2025-13821
* CVE-2025-14350
* CVE-2025-14435
* CVE-2025-14573
* CVE-2025-14822
* CVE-2025-50180
* CVE-2025-64111
* CVE-2025-64175
* CVE-2025-64641
* CVE-2025-65852
* CVE-2025-66630
* CVE-2025-67860
* CVE-2025-70963
* CVE-2026-0997
* CVE-2026-0998
* CVE-2026-0999
* CVE-2026-20796
* CVE-2026-21434
* CVE-2026-21435
* CVE-2026-21438
* CVE-2026-22592
* CVE-2026-22892
* CVE-2026-23632
* CVE-2026-23633
* CVE-2026-23644
* CVE-2026-23989
* CVE-2026-23991
* CVE-2026-23992
* CVE-2026-24051
* CVE-2026-24122
* CVE-2026-24135
* CVE-2026-24137
* CVE-2026-24686
* CVE-2026-24834
* CVE-2026-24845
* CVE-2026-24851
* CVE-2026-24894
* CVE-2026-24895
* CVE-2026-25120
* CVE-2026-25140
* CVE-2026-25229
* CVE-2026-25232
* CVE-2026-25242
* CVE-2026-25518
* CVE-2026-25591
* CVE-2026-25760
* CVE-2026-25766
* CVE-2026-25791
* CVE-2026-25793
* CVE-2026-25802
* CVE-2026-25804
* CVE-2026-25882
* CVE-2026-25889
* CVE-2026-25890
* CVE-2026-25891
* CVE-2026-25899
* CVE-2026-25934
* CVE-2026-25935
* CVE-2026-25949
* CVE-2026-26014
* CVE-2026-26055
* CVE-2026-26056
* CVE-2026-26187
* CVE-2026-26190
* CVE-2026-26201
* CVE-2026-26205
* CVE-2026-26313
* CVE-2026-26314
* CVE-2026-26315
* CVE-2026-26957
* CVE-2026-26958
* CVE-2026-26963
* CVE-2026-26995
* CVE-2026-27017
* CVE-2026-27111
* CVE-2026-27112
* CVE-2026-27141
* CVE-2026-27571
* CVE-2026-27585
* CVE-2026-27586
* CVE-2026-27587
* CVE-2026-27588
* CVE-2026-27589
* CVE-2026-27590
* CVE-2026-27598
* CVE-2026-27611
* CVE-2026-27626
CVSS scores:
* CVE-2017-18873 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2017-18903 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2017-18906 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2017-18907 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2017-18908 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2017-18909 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2017-18911 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2017-18912 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2017-18915 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2017-18916 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2017-18917 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2017-18918 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-43635 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-43636 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2023-43637 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-13523 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
* CVE-2025-13523 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
* CVE-2025-13767 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-13821 ( NVD ): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-14350 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-14435 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
* CVE-2025-14435 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-14573 ( NVD ): 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-14573 ( NVD ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-14822 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-14822 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-50180 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-50180 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-64111 ( NVD ): 9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-64111 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-64175 ( NVD ): 7.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-64175 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-64641 ( NVD ): 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
* CVE-2025-64641 ( NVD ): 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
* CVE-2025-66630 ( NVD ): 9.2
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-66630 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
* CVE-2025-67860 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
* CVE-2025-70963 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
* CVE-2026-0997 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-0998 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-0999 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-0999 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-20796 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-21434 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-21434 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21435 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-21435 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21438 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-22592 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-22892 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-23632 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-23633 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-23644 ( NVD ): 7.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-23644 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-23989 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
* CVE-2026-23989 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-23991 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23991 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-23991 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23991 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23992 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-23992 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2026-23992 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-23992 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-24051 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-24122 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-24122 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-24122 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-24135 ( NVD ): 7.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-24135 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-24137 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-24137 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2026-24137 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
* CVE-2026-24686 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-24686 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-24686 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-24834 ( NVD ): 9.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-24834 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-24845 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-24845 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-24845 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-24851 ( NVD ): 5.8
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-24851 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-24894 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-24894 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-24895 ( NVD ): 8.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-24895 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-25120 ( NVD ): 5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25120 ( NVD ): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-25140 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25229 ( NVD ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25229 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-25232 ( NVD ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25232 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-25242 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25242 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-25518 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25518 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25591 ( NVD ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25760 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-25766 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-25791 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25793 ( NVD ): 7.6
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25793 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-25802 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L
* CVE-2026-25802 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-25804 ( NVD ): 8.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25804 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-25882 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25882 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25889 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-25890 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-25891 ( NVD ): 7.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25891 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-25899 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25934 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-25934 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2026-25934 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2026-25934 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2026-25935 ( NVD ): 8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-25935 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-25949 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-25949 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-25949 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-26014 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-26014 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-26055 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-26056 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-26187 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-26190 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-26201 ( NVD ): 7.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-26201 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-26205 ( NVD ): 7.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-26313 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-26313 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-26314 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-26314 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-26315 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-26315 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-26957 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-26958 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2026-26958 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
* CVE-2026-26958 ( NVD ): 1.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-26963 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-26963 ( NVD ): 6.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
* CVE-2026-27017 ( NVD ): 2.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27017 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-27111 ( NVD ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27111 ( NVD ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
* CVE-2026-27112 ( NVD ): 9.4
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27112 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-27141 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-27141 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-27141 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-27571 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-27571 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-27585 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27585 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-27586 ( NVD ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27586 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-27587 ( NVD ): 7.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27587 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-27588 ( NVD ): 7.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27588 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-27589 ( NVD ): 6.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27589 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2026-27590 ( NVD ): 8.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27590 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-27598 ( NVD ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27598 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-27611 ( NVD ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-27611 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-27626 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
An update that solves 104 vulnerabilities and contains one feature can now be
installed.
## Description:
This update for govulncheck-vulndb fixes the following issues:
Update to version 0.0.20260226T182644 2026-02-26T18:26:44Z (jsc#PED-11136) Go
CVE Numbering Authority IDs added or updated with aliases:
* GO-2025-4259 CVE-2025-13767 GHSA-fmqf-pmcm-8cx9
* GO-2025-4260 CVE-2025-64641 GHSA-vww6-79rv-3j4x
* GO-2026-4282 CVE-2017-18873 GHSA-x6mw-hf2j-vqpc
* GO-2026-4305 CVE-2017-18903 GHSA-fcwg-45jh-5qhf
* GO-2026-4325 CVE-2025-14822 GHSA-9r42-rhw3-2222
* GO-2026-4326 CVE-2025-14435 GHSA-mx8m-v8qm-xwr8
* GO-2026-4332 CVE-2026-23644 GHSA-2657-3c98-63jq
* GO-2026-4348 CVE-2026-23991 GHSA-846p-jg2w-w324
* GO-2026-4349 CVE-2026-23992 GHSA-fphv-w9fq-2525
* GO-2026-4377 CVE-2026-24686 GHSA-jqc5-w2xx-5vq4
* GO-2026-4410 CVE-2026-25140 GHSA-f4w5-5xv9-85f6
* GO-2026-4502 CVE-2026-25766 GHSA-pgvm-wxw2-hrv9
* GO-2026-4534 CVE-2026-25899 GHSA-2mr3-m5q5-wgp6
* GO-2026-4535 CVE-2026-27585 GHSA-4xrr-hq4w-6vf4
* GO-2026-4536 CVE-2026-27590 GHSA-5r3v-vc8m-m96g
* GO-2026-4537 CVE-2026-27589 GHSA-879p-475x-rqh2
* GO-2026-4538 CVE-2026-27587 GHSA-g7pc-pc7g-h8jh
* GO-2026-4539 CVE-2026-27586 GHSA-hffm-g8v7-wrv7
* GO-2026-4540 CVE-2026-25891 GHSA-m3c2-496v-cw3v
* GO-2026-4541 CVE-2026-27588 GHSA-x76f-jf84-rqj8
* GO-2026-4543 CVE-2026-25882 GHSA-mrq8-rjmw-wpq3
* GO-2026-4559 CVE-2026-27141
Update to version 0.0.20260225T230704 2026-02-25T23:07:04Z.
* GO-2026-4358 CVE-2026-24137 GHSA-fcv2-xgw5-pqxf
* GO-2026-4361 GHSA-c32p-wcqj-j677
* GO-2026-4394 CVE-2026-24051 GHSA-9h8m-3fm2-qjrq
* GO-2026-4399 CVE-2026-25518 GHSA-gx3x-vq4p-mhhv
* GO-2026-4507 CVE-2026-26314 GHSA-2gjw-fg97-vg3r
* GO-2026-4508 CVE-2026-26313 GHSA-689v-6xwf-5jf3
* GO-2026-4509 CVE-2026-27017 GHSA-7m29-f4hw-g2vx
* GO-2026-4511 CVE-2026-26315 GHSA-m6j8-rg6r-7mv8
* GO-2026-4512 CVE-2026-26995 GHSA-rrxv-pmq9-x67r
* GO-2026-4531 CVE-2026-25591 GHSA-w6x6-9fp7-fqm4
* GO-2026-4532 CVE-2026-25802 GHSA-299v-8pq9-5gjq
* GO-2026-4533 CVE-2026-27571 GHSA-qrvq-68c2-7grw
* GO-2026-4542 CVE-2026-27598 GHSA-6v48-fcq6-ff23
* GO-2026-4545 CVE-2025-50180 GHSA-3c9r-837r-qqm4
* GO-2026-4546 CVE-2026-27611 GHSA-8vrh-3pm2-v4v6
* GO-2026-4547 CVE-2026-27626 GHSA-49gm-hh7w-wfvf
* GO-2026-4548 GHSA-2phg-qgmm-r638
Update to version 0.0.20260223T182315 2026-02-23T18:23:15Z.
* GO-2026-4392 CVE-2026-24845 GHSA-9m43-p3cx-w8j5
* GO-2026-4434 CVE-2023-43635 GHSA-4jvr-vj2c-8q37
* GO-2026-4435 CVE-2023-43636 GHSA-5h7v-g49c-h887
* GO-2026-4436 CVE-2023-43637 GHSA-g7vp-j25f-h34p
* GO-2026-4442 GHSA-x9p2-77v6-6vhf
* GO-2026-4444 CVE-2026-23989 GHSA-9j2f-3rj3-wgpg
* GO-2026-4445 CVE-2026-25760 GHSA-2286-hxv5-cmp2
* GO-2026-4446 CVE-2026-24851 GHSA-jq9f-gm9w-rwm9
* GO-2026-4447 GHSA-vf5j-r2hw-2hrw
* GO-2026-4448 CVE-2025-64111 GHSA-gg64-xxr9-qhjp
* GO-2026-4449 CVE-2025-64175 GHSA-p6x6-9mx6-26wj
* GO-2026-4450 CVE-2026-23632 GHSA-5qhx-gwfj-6jqr
* GO-2026-4451 CVE-2026-22592 GHSA-cr88-6mqm-4g57
* GO-2026-4452 CVE-2026-24135 GHSA-jp7c-wj6q-3qf2
* GO-2026-4453 CVE-2026-23633 GHSA-mrph-w4hh-gx3g
* GO-2026-4454 GHSA-26gq-grmh-6xm6
* GO-2026-4455 CVE-2025-70963 GHSA-9f8m-9547-2gqm
* GO-2026-4456 CVE-2025-13523 GHSA-ffx7-34p2-vm3w
* GO-2026-4457 CVE-2025-65852 GHSA-rjv5-9px2-fqw6
* GO-2026-4458 CVE-2026-25793 GHSA-69x3-g4r3-p962
* GO-2026-4459 CVE-2017-18907 GHSA-42x9-rr3c-gr59
* GO-2026-4460 CVE-2017-18918 GHSA-5ghq-28r7-qwfj
* GO-2026-4461 CVE-2026-25804 GHSA-86x4-wp9f-wrr9
* GO-2026-4462 CVE-2017-18915 GHSA-hxxj-8phw-74vw
* GO-2026-4463 CVE-2017-18917 GHSA-jxc4-w54c-qv5r
* GO-2026-4464 CVE-2017-18911 GHSA-m462-mqw4-2c8m
* GO-2026-4465 GHSA-vhvq-fv9f-wh4q
* GO-2026-4466 CVE-2026-25791 GHSA-wxrw-gvg8-fqjp
* GO-2026-4467 CVE-2017-18916 GHSA-x33g-375j-jhf7
* GO-2026-4471 CVE-2025-66630 GHSA-68rr-p4fp-j59v
* GO-2026-4473 CVE-2026-25934 GHSA-37cx-329c-33x3
* GO-2026-4474 CVE-2026-25890 GHSA-4mh3-h929-w968
* GO-2026-4475 CVE-2026-25889 GHSA-hxw8-4h9j-hq2r
* GO-2026-4476 CVE-2017-18908 GHSA-34cx-hvm4-vx7j
* GO-2026-4477 CVE-2017-18906 GHSA-fpcr-4rr5-hpcp
* GO-2026-4478 CVE-2017-18909 GHSA-r6j5-fqx9-7qv9
* GO-2026-4479 CVE-2026-26014 GHSA-9f3f-wv7r-qc8r
* GO-2026-4480 CVE-2026-25935 GHSA-m4g2-2q66-vc9v
* GO-2026-4481 CVE-2026-26190 GHSA-7ppg-37fh-vcr6
* GO-2026-4483 CVE-2026-21438 GHSA-2f2x-8mwp-p2gc
* GO-2026-4484 CVE-2026-25949 GHSA-89p3-4642-cr2w
* GO-2026-4485 CVE-2026-21434 GHSA-g6x7-jq8p-6q9q
* GO-2026-4486 CVE-2026-24895 GHSA-g966-83w7-6w38
* GO-2026-4487 CVE-2017-18912 GHSA-m2ch-x2q7-2284
* GO-2026-4488 CVE-2026-21435 GHSA-px4r-g4p3-hhqv
* GO-2026-4489 CVE-2026-24894 GHSA-r3xh-3r3w-47gp
* GO-2026-4490 CVE-2025-67860 GHSA-3c9m-gq32-g4jx
* GO-2026-4491 CVE-2026-26055 GHSA-965m-v4cc-6334
* GO-2026-4493 CVE-2026-26056 GHSA-wj8p-jj64-h7ff
* GO-2026-4494 CVE-2026-26187 GHSA-699m-4v95-rmpm
* GO-2026-4495 CVE-2026-20796 GHSA-2xf7-hmf6-p64j
* GO-2026-4496 CVE-2026-22892 GHSA-9pj7-jh2r-87g8
* GO-2026-4497 GHSA-hr7j-63v7-vj7g
* GO-2026-4498 CVE-2026-25232 GHSA-2c6v-8r3v-gh6p
* GO-2026-4499 CVE-2026-25229 GHSA-cv22-72px-f4gh
* GO-2026-4500 CVE-2026-25242 GHSA-fc3h-92p8-h36f
* GO-2026-4501 CVE-2026-25120 GHSA-jj5m-h57j-5gv7
* GO-2026-4503 CVE-2026-26958
* GO-2026-4504 CVE-2026-26201 GHSA-f5p9-j34q-pwcc
* GO-2026-4505 CVE-2026-26957 GHSA-wgm6-9rvv-3438
* GO-2026-4506 CVE-2026-26205 GHSA-9f29-v6mm-pw6w
* GO-2026-4515 CVE-2026-27111 GHSA-5vvm-67pj-72g4
* GO-2026-4516 CVE-2026-27112 GHSA-7g9x-cp9g-92mr
* GO-2026-4517 CVE-2026-24834 GHSA-wwj6-vghv-5p64
* GO-2026-4519 CVE-2026-0997 GHSA-2phx-frhf-xr55
* GO-2026-4520 CVE-2026-0999 GHSA-3c9r-7f29-qp32
* GO-2026-4521 CVE-2025-14350 GHSA-57cc-2pf4-mhmx
* GO-2026-4522 CVE-2026-26963 GHSA-5r23-prx4-mqg3
* GO-2026-4523 CVE-2025-14573 GHSA-cgjg-p2m2-qm4p
* GO-2026-4524 CVE-2025-13821 GHSA-pp9j-pf5c-659x
* GO-2026-4525 CVE-2026-0998 GHSA-w65c-fvp5-fvc5
* GO-2026-4527 GHSA-6qr9-g2xw-cw92
* GO-2026-4528 GHSA-j9wf-6r2x-hqmx
* GO-2026-4529 CVE-2026-24122 GHSA-wfqv-66vq-46rm
* GO-2026-4530 GHSA-gv8r-9rw9-9697
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-757=1
## Package List:
* openSUSE Leap 15.6 (noarch)
* govulncheck-vulndb-0.0.20260226T182644-150000.1.149.1
## References:
* https://www.suse.com/security/cve/CVE-2017-18873.html
* https://www.suse.com/security/cve/CVE-2017-18903.html
* https://www.suse.com/security/cve/CVE-2017-18906.html
* https://www.suse.com/security/cve/CVE-2017-18907.html
* https://www.suse.com/security/cve/CVE-2017-18908.html
* https://www.suse.com/security/cve/CVE-2017-18909.html
* https://www.suse.com/security/cve/CVE-2017-18911.html
* https://www.suse.com/security/cve/CVE-2017-18912.html
* https://www.suse.com/security/cve/CVE-2017-18915.html
* https://www.suse.com/security/cve/CVE-2017-18916.html
* https://www.suse.com/security/cve/CVE-2017-18917.html
* https://www.suse.com/security/cve/CVE-2017-18918.html
* https://www.suse.com/security/cve/CVE-2023-43635.html
* https://www.suse.com/security/cve/CVE-2023-43636.html
* https://www.suse.com/security/cve/CVE-2023-43637.html
* https://www.suse.com/security/cve/CVE-2025-13523.html
* https://www.suse.com/security/cve/CVE-2025-13767.html
* https://www.suse.com/security/cve/CVE-2025-13821.html
* https://www.suse.com/security/cve/CVE-2025-14350.html
* https://www.suse.com/security/cve/CVE-2025-14435.html
* https://www.suse.com/security/cve/CVE-2025-14573.html
* https://www.suse.com/security/cve/CVE-2025-14822.html
* https://www.suse.com/security/cve/CVE-2025-50180.html
* https://www.suse.com/security/cve/CVE-2025-64111.html
* https://www.suse.com/security/cve/CVE-2025-64175.html
* https://www.suse.com/security/cve/CVE-2025-64641.html
* https://www.suse.com/security/cve/CVE-2025-65852.html
* https://www.suse.com/security/cve/CVE-2025-66630.html
* https://www.suse.com/security/cve/CVE-2025-67860.html
* https://www.suse.com/security/cve/CVE-2025-70963.html
* https://www.suse.com/security/cve/CVE-2026-0997.html
* https://www.suse.com/security/cve/CVE-2026-0998.html
* https://www.suse.com/security/cve/CVE-2026-0999.html
* https://www.suse.com/security/cve/CVE-2026-20796.html
* https://www.suse.com/security/cve/CVE-2026-21434.html
* https://www.suse.com/security/cve/CVE-2026-21435.html
* https://www.suse.com/security/cve/CVE-2026-21438.html
* https://www.suse.com/security/cve/CVE-2026-22592.html
* https://www.suse.com/security/cve/CVE-2026-22892.html
* https://www.suse.com/security/cve/CVE-2026-23632.html
* https://www.suse.com/security/cve/CVE-2026-23633.html
* https://www.suse.com/security/cve/CVE-2026-23644.html
* https://www.suse.com/security/cve/CVE-2026-23989.html
* https://www.suse.com/security/cve/CVE-2026-23991.html
* https://www.suse.com/security/cve/CVE-2026-23992.html
* https://www.suse.com/security/cve/CVE-2026-24051.html
* https://www.suse.com/security/cve/CVE-2026-24122.html
* https://www.suse.com/security/cve/CVE-2026-24135.html
* https://www.suse.com/security/cve/CVE-2026-24137.html
* https://www.suse.com/security/cve/CVE-2026-24686.html
* https://www.suse.com/security/cve/CVE-2026-24834.html
* https://www.suse.com/security/cve/CVE-2026-24845.html
* https://www.suse.com/security/cve/CVE-2026-24851.html
* https://www.suse.com/security/cve/CVE-2026-24894.html
* https://www.suse.com/security/cve/CVE-2026-24895.html
* https://www.suse.com/security/cve/CVE-2026-25120.html
* https://www.suse.com/security/cve/CVE-2026-25140.html
* https://www.suse.com/security/cve/CVE-2026-25229.html
* https://www.suse.com/security/cve/CVE-2026-25232.html
* https://www.suse.com/security/cve/CVE-2026-25242.html
* https://www.suse.com/security/cve/CVE-2026-25518.html
* https://www.suse.com/security/cve/CVE-2026-25591.html
* https://www.suse.com/security/cve/CVE-2026-25760.html
* https://www.suse.com/security/cve/CVE-2026-25766.html
* https://www.suse.com/security/cve/CVE-2026-25791.html
* https://www.suse.com/security/cve/CVE-2026-25793.html
* https://www.suse.com/security/cve/CVE-2026-25802.html
* https://www.suse.com/security/cve/CVE-2026-25804.html
* https://www.suse.com/security/cve/CVE-2026-25882.html
* https://www.suse.com/security/cve/CVE-2026-25889.html
* https://www.suse.com/security/cve/CVE-2026-25890.html
* https://www.suse.com/security/cve/CVE-2026-25891.html
* https://www.suse.com/security/cve/CVE-2026-25899.html
* https://www.suse.com/security/cve/CVE-2026-25934.html
* https://www.suse.com/security/cve/CVE-2026-25935.html
* https://www.suse.com/security/cve/CVE-2026-25949.html
* https://www.suse.com/security/cve/CVE-2026-26014.html
* https://www.suse.com/security/cve/CVE-2026-26055.html
* https://www.suse.com/security/cve/CVE-2026-26056.html
* https://www.suse.com/security/cve/CVE-2026-26187.html
* https://www.suse.com/security/cve/CVE-2026-26190.html
* https://www.suse.com/security/cve/CVE-2026-26201.html
* https://www.suse.com/security/cve/CVE-2026-26205.html
* https://www.suse.com/security/cve/CVE-2026-26313.html
* https://www.suse.com/security/cve/CVE-2026-26314.html
* https://www.suse.com/security/cve/CVE-2026-26315.html
* https://www.suse.com/security/cve/CVE-2026-26957.html
* https://www.suse.com/security/cve/CVE-2026-26958.html
* https://www.suse.com/security/cve/CVE-2026-26963.html
* https://www.suse.com/security/cve/CVE-2026-26995.html
* https://www.suse.com/security/cve/CVE-2026-27017.html
* https://www.suse.com/security/cve/CVE-2026-27111.html
* https://www.suse.com/security/cve/CVE-2026-27112.html
* https://www.suse.com/security/cve/CVE-2026-27141.html
* https://www.suse.com/security/cve/CVE-2026-27571.html
* https://www.suse.com/security/cve/CVE-2026-27585.html
* https://www.suse.com/security/cve/CVE-2026-27586.html
* https://www.suse.com/security/cve/CVE-2026-27587.html
* https://www.suse.com/security/cve/CVE-2026-27588.html
* https://www.suse.com/security/cve/CVE-2026-27589.html
* https://www.suse.com/security/cve/CVE-2026-27590.html
* https://www.suse.com/security/cve/CVE-2026-27598.html
* https://www.suse.com/security/cve/CVE-2026-27611.html
* https://www.suse.com/security/cve/CVE-2026-27626.html
* https://jira.suse.com/browse/PED-11136
SUSE-SU-2026:0758-1: important: Security update for busybox
# Security update for busybox
Announcement ID: SUSE-SU-2026:0758-1
Release Date: 2026-03-03T12:16:21Z
Rating: important
References:
* bsc#1258163
* bsc#1258167
Cross-References:
* CVE-2026-26157
* CVE-2026-26158
CVSS scores:
* CVE-2026-26157 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-26157 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-26157 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-26158 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-26158 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-26158 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves two vulnerabilities can now be installed.
## Description:
This update for busybox fixes the following issues:
* CVE-2026-26157: Arbitrary file overwrite and potential code execution via
incomplete path sanitization (bsc#1258163).
* CVE-2026-26158: Arbitrary file modification and privilege escalation via
unvalidated tar archive entries (bsc#1258167).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-758=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-758=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-758=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-758=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-758=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-758=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-758=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-758=1
## Package List:
* openSUSE Leap 15.5 (noarch)
* busybox-policycoreutils-1.37.0-150500.7.11.1
* busybox-vi-1.37.0-150500.7.11.1
* busybox-psmisc-1.37.0-150500.7.11.1
* busybox-attr-1.37.0-150500.7.11.1
* busybox-telnet-1.37.0-150500.7.11.1
* busybox-cpio-1.37.0-150500.7.11.1
* busybox-dos2unix-1.37.0-150500.7.11.1
* busybox-ed-1.37.0-150500.7.11.1
* busybox-sendmail-1.37.0-150500.7.11.1
* busybox-vlan-1.37.0-150500.7.11.1
* busybox-misc-1.37.0-150500.7.11.1
* busybox-coreutils-1.37.0-150500.7.11.1
* busybox-sed-1.37.0-150500.7.11.1
* busybox-traceroute-1.37.0-150500.7.11.1
* busybox-diffutils-1.37.0-150500.7.11.1
* busybox-unzip-1.37.0-150500.7.11.1
* busybox-bzip2-1.37.0-150500.7.11.1
* busybox-sharutils-1.37.0-150500.7.11.1
* busybox-links-1.37.0-150500.7.11.1
* busybox-syslogd-1.37.0-150500.7.11.1
* busybox-kbd-1.37.0-150500.7.11.1
* busybox-util-linux-1.37.0-150500.7.11.1
* busybox-tftp-1.37.0-150500.7.11.1
* busybox-wget-1.37.0-150500.7.11.1
* busybox-patch-1.37.0-150500.7.11.1
* busybox-tunctl-1.37.0-150500.7.11.1
* busybox-less-1.37.0-150500.7.11.1
* busybox-hexedit-1.37.0-150500.7.11.1
* busybox-time-1.37.0-150500.7.11.1
* busybox-sha3sum-1.37.0-150500.7.11.1
* busybox-net-tools-1.37.0-150500.7.11.1
* busybox-kmod-1.37.0-150500.7.11.1
* busybox-sh-1.37.0-150500.7.11.1
* busybox-ncurses-utils-1.37.0-150500.7.11.1
* busybox-netcat-1.37.0-150500.7.11.1
* busybox-which-1.37.0-150500.7.11.1
* busybox-tar-1.37.0-150500.7.11.1
* busybox-selinux-tools-1.37.0-150500.7.11.1
* busybox-bc-1.37.0-150500.7.11.1
* busybox-gzip-1.37.0-150500.7.11.1
* busybox-iproute2-1.37.0-150500.7.11.1
* busybox-man-1.37.0-150500.7.11.1
* busybox-whois-1.37.0-150500.7.11.1
* busybox-procps-1.37.0-150500.7.11.1
* busybox-adduser-1.37.0-150500.7.11.1
* busybox-udhcpc-1.37.0-150500.7.11.1
* busybox-hostname-1.37.0-150500.7.11.1
* busybox-xz-1.37.0-150500.7.11.1
* busybox-findutils-1.37.0-150500.7.11.1
* busybox-gawk-1.37.0-150500.7.11.1
* busybox-bind-utils-1.37.0-150500.7.11.1
* busybox-grep-1.37.0-150500.7.11.1
* busybox-iputils-1.37.0-150500.7.11.1
* busybox-sysvinit-tools-1.37.0-150500.7.11.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* busybox-debugsource-1.37.0-150500.10.17.1
* busybox-debuginfo-1.37.0-150500.10.17.1
* busybox-static-1.37.0-150500.10.17.1
* busybox-1.37.0-150500.10.17.1
* busybox-static-debuginfo-1.37.0-150500.10.17.1
* busybox-testsuite-1.37.0-150500.10.17.1
* openSUSE Leap 15.5 (aarch64 x86_64 i586)
* busybox-warewulf3-1.37.0-150500.10.17.1
* busybox-warewulf3-debuginfo-1.37.0-150500.10.17.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* busybox-testsuite-1.37.0-150500.10.17.1
* busybox-static-1.37.0-150500.10.17.1
* busybox-1.37.0-150500.10.17.1
* openSUSE Leap 15.6 (noarch)
* busybox-policycoreutils-1.37.0-150500.7.11.1
* busybox-vi-1.37.0-150500.7.11.1
* busybox-psmisc-1.37.0-150500.7.11.1
* busybox-attr-1.37.0-150500.7.11.1
* busybox-telnet-1.37.0-150500.7.11.1
* busybox-cpio-1.37.0-150500.7.11.1
* busybox-dos2unix-1.37.0-150500.7.11.1
* busybox-ed-1.37.0-150500.7.11.1
* busybox-sendmail-1.37.0-150500.7.11.1
* busybox-vlan-1.37.0-150500.7.11.1
* busybox-misc-1.37.0-150500.7.11.1
* busybox-coreutils-1.37.0-150500.7.11.1
* busybox-sed-1.37.0-150500.7.11.1
* busybox-traceroute-1.37.0-150500.7.11.1
* busybox-diffutils-1.37.0-150500.7.11.1
* busybox-unzip-1.37.0-150500.7.11.1
* busybox-bzip2-1.37.0-150500.7.11.1
* busybox-sharutils-1.37.0-150500.7.11.1
* busybox-links-1.37.0-150500.7.11.1
* busybox-syslogd-1.37.0-150500.7.11.1
* busybox-kbd-1.37.0-150500.7.11.1
* busybox-util-linux-1.37.0-150500.7.11.1
* busybox-tftp-1.37.0-150500.7.11.1
* busybox-wget-1.37.0-150500.7.11.1
* busybox-patch-1.37.0-150500.7.11.1
* busybox-tunctl-1.37.0-150500.7.11.1
* busybox-less-1.37.0-150500.7.11.1
* busybox-hexedit-1.37.0-150500.7.11.1
* busybox-time-1.37.0-150500.7.11.1
* busybox-sha3sum-1.37.0-150500.7.11.1
* busybox-net-tools-1.37.0-150500.7.11.1
* busybox-kmod-1.37.0-150500.7.11.1
* busybox-sh-1.37.0-150500.7.11.1
* busybox-ncurses-utils-1.37.0-150500.7.11.1
* busybox-netcat-1.37.0-150500.7.11.1
* busybox-which-1.37.0-150500.7.11.1
* busybox-tar-1.37.0-150500.7.11.1
* busybox-selinux-tools-1.37.0-150500.7.11.1
* busybox-bc-1.37.0-150500.7.11.1
* busybox-gzip-1.37.0-150500.7.11.1
* busybox-iproute2-1.37.0-150500.7.11.1
* busybox-man-1.37.0-150500.7.11.1
* busybox-whois-1.37.0-150500.7.11.1
* busybox-procps-1.37.0-150500.7.11.1
* busybox-adduser-1.37.0-150500.7.11.1
* busybox-udhcpc-1.37.0-150500.7.11.1
* busybox-hostname-1.37.0-150500.7.11.1
* busybox-xz-1.37.0-150500.7.11.1
* busybox-findutils-1.37.0-150500.7.11.1
* busybox-gawk-1.37.0-150500.7.11.1
* busybox-bind-utils-1.37.0-150500.7.11.1
* busybox-grep-1.37.0-150500.7.11.1
* busybox-iputils-1.37.0-150500.7.11.1
* busybox-sysvinit-tools-1.37.0-150500.7.11.1
* openSUSE Leap 15.6 (aarch64 x86_64)
* busybox-warewulf3-1.37.0-150500.10.17.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* busybox-static-1.37.0-150500.10.17.1
* busybox-1.37.0-150500.10.17.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* busybox-static-1.37.0-150500.10.17.1
* busybox-1.37.0-150500.10.17.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* busybox-static-1.37.0-150500.10.17.1
* busybox-1.37.0-150500.10.17.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* busybox-static-1.37.0-150500.10.17.1
* busybox-1.37.0-150500.10.17.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* busybox-static-1.37.0-150500.10.17.1
* busybox-1.37.0-150500.10.17.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* busybox-static-1.37.0-150500.10.17.1
* busybox-1.37.0-150500.10.17.1
## References:
* https://www.suse.com/security/cve/CVE-2026-26157.html
* https://www.suse.com/security/cve/CVE-2026-26158.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258163
* https://bugzilla.suse.com/show_bug.cgi?id=1258167
SUSE-SU-2026:0760-1: critical: Security update for go1.25-openssl
# Security update for go1.25-openssl
Announcement ID: SUSE-SU-2026:0760-1
Release Date: 2026-03-03T12:38:14Z
Rating: critical
References:
* bsc#1256818
* bsc#1257692
* jsc#SLE-18320
Cross-References:
* CVE-2025-61732
* CVE-2025-68121
CVSS scores:
* CVE-2025-61732 ( SUSE ): 9.4
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-61732 ( SUSE ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-61732 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-68121 ( SUSE ): 7.6
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-68121 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-68121 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-68121 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves two vulnerabilities and contains one feature can now be
installed.
## Description:
This update for go1.25-openssl fixes the following issues:
Update to version 1.25.7.
Security issues fixed:
* CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing
allows for C code smuggling (bsc#1257692).
* CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated
session ticket keys, session resumption does not account for the expiration
of full certificate chain (bsc#1256818).
Other updates and bugfixes:
* version update to 1.25.7:
* go#75844 cmd/compile: OOM killed on linux/arm64
* go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly
match all wildcard SANs
* go#77425 crypto/tls: CL 737700 broke session resumption on macOS
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-760=1 openSUSE-SLE-15.6-2026-760=1
* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-760=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-760=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-760=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* go1.25-openssl-doc-1.25.7-150600.13.12.1
* go1.25-openssl-debuginfo-1.25.7-150600.13.12.1
* go1.25-openssl-1.25.7-150600.13.12.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.25-openssl-race-1.25.7-150600.13.12.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* go1.25-openssl-doc-1.25.7-150600.13.12.1
* go1.25-openssl-debuginfo-1.25.7-150600.13.12.1
* go1.25-openssl-1.25.7-150600.13.12.1
* go1.25-openssl-race-1.25.7-150600.13.12.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* go1.25-openssl-doc-1.25.7-150600.13.12.1
* go1.25-openssl-debuginfo-1.25.7-150600.13.12.1
* go1.25-openssl-1.25.7-150600.13.12.1
* go1.25-openssl-race-1.25.7-150600.13.12.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* go1.25-openssl-doc-1.25.7-150600.13.12.1
* go1.25-openssl-debuginfo-1.25.7-150600.13.12.1
* go1.25-openssl-1.25.7-150600.13.12.1
* go1.25-openssl-race-1.25.7-150600.13.12.1
## References:
* https://www.suse.com/security/cve/CVE-2025-61732.html
* https://www.suse.com/security/cve/CVE-2025-68121.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256818
* https://bugzilla.suse.com/show_bug.cgi?id=1257692
* https://jira.suse.com/browse/SLE-18320
SUSE-SU-2026:0761-1: important: Security update for freerdp
# Security update for freerdp
Announcement ID: SUSE-SU-2026:0761-1
Release Date: 2026-03-03T12:40:27Z
Rating: important
References:
* bsc#1256721
* bsc#1256723
* bsc#1256943
* bsc#1256945
* bsc#1256946
* bsc#1256947
Cross-References:
* CVE-2026-22855
* CVE-2026-22857
* CVE-2026-23533
* CVE-2026-23732
* CVE-2026-23883
* CVE-2026-23884
CVSS scores:
* CVE-2026-22855 ( SUSE ): 6.1
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22855 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2026-22855 ( NVD ): 5.6
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-22855 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-22857 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-22857 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-22857 ( NVD ): 6.8
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-22857 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23533 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23533 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-23533 ( NVD ): 7.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-23533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23732 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-23732 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-23732 ( NVD ): 5.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-23732 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23883 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23883 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-23883 ( NVD ): 7.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-23883 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23884 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23884 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-23884 ( NVD ): 7.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-23884 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7
An update that solves six vulnerabilities can now be installed.
## Description:
This update for freerdp fixes the following issues:
* CVE-2026-22855: heap-buffer-overflow in smartcard_unpack_set_attrib_call
(bsc#1256721).
* CVE-2026-22857: heap-use-after-free in irp_thread_func (bsc#1256723).
* CVE-2026-23533: improper validation can lead to heap buffer overflow in
`clear_decompress_residual_data` (bsc#1256943).
* CVE-2026-23732: improper validation can lead to heap buffer overflow in
`Glyph_Alloc` (bsc#1256945).
* CVE-2026-23883: use-after-free when `update_pointer_color` and
`freerdp_image_copy_from_pointer_data` fail (bsc#1256946).
* CVE-2026-23884: use-after-free in `gdi_set_bounds` (bsc#1256947).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-761=1 SUSE-2026-761=1
* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-761=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libfreerdp2-2-2.11.2-150600.4.12.1
* freerdp-devel-2.11.2-150600.4.12.1
* freerdp-proxy-debuginfo-2.11.2-150600.4.12.1
* libuwac0-0-debuginfo-2.11.2-150600.4.12.1
* freerdp-proxy-2.11.2-150600.4.12.1
* libwinpr2-2-debuginfo-2.11.2-150600.4.12.1
* freerdp-2.11.2-150600.4.12.1
* uwac0-0-devel-2.11.2-150600.4.12.1
* freerdp-wayland-debuginfo-2.11.2-150600.4.12.1
* winpr-devel-2.11.2-150600.4.12.1
* freerdp-debuginfo-2.11.2-150600.4.12.1
* freerdp-server-2.11.2-150600.4.12.1
* libuwac0-0-2.11.2-150600.4.12.1
* libfreerdp2-2-debuginfo-2.11.2-150600.4.12.1
* freerdp-wayland-2.11.2-150600.4.12.1
* libwinpr2-2-2.11.2-150600.4.12.1
* freerdp-debugsource-2.11.2-150600.4.12.1
* freerdp-server-debuginfo-2.11.2-150600.4.12.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x)
* uwac0-0-devel-2.11.2-150600.4.12.1
* freerdp-debuginfo-2.11.2-150600.4.12.1
* freerdp-debugsource-2.11.2-150600.4.12.1
## References:
* https://www.suse.com/security/cve/CVE-2026-22855.html
* https://www.suse.com/security/cve/CVE-2026-22857.html
* https://www.suse.com/security/cve/CVE-2026-23533.html
* https://www.suse.com/security/cve/CVE-2026-23732.html
* https://www.suse.com/security/cve/CVE-2026-23883.html
* https://www.suse.com/security/cve/CVE-2026-23884.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256721
* https://bugzilla.suse.com/show_bug.cgi?id=1256723
* https://bugzilla.suse.com/show_bug.cgi?id=1256943
* https://bugzilla.suse.com/show_bug.cgi?id=1256945
* https://bugzilla.suse.com/show_bug.cgi?id=1256946
* https://bugzilla.suse.com/show_bug.cgi?id=1256947
SUSE-SU-2026:0767-1: important: Security update for python311
# Security update for python311
Announcement ID: SUSE-SU-2026:0767-1
Release Date: 2026-03-03T13:05:58Z
Rating: important
References:
* bsc#1257029
* bsc#1257031
* bsc#1257041
* bsc#1257042
* bsc#1257044
* bsc#1257046
* bsc#1257108
Cross-References:
* CVE-2025-11468
* CVE-2025-12781
* CVE-2025-15282
* CVE-2025-15366
* CVE-2025-15367
* CVE-2026-0672
* CVE-2026-0865
CVSS scores:
* CVE-2025-11468 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-11468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-11468 ( NVD ): 5.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12781 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-12781 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2025-12781 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-12781 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-15282 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-15282 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-15282 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-15366 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-15366 ( SUSE ): 6.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
* CVE-2025-15366 ( NVD ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-15367 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-15367 ( SUSE ): 6.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
* CVE-2025-15367 ( NVD ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-0672 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-0672 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-0672 ( NVD ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-0865 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-0865 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-0865 ( NVD ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products:
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* Python 3 Module 15-SP7
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves seven vulnerabilities can now be installed.
## Description:
This update for python311 fixes the following issues:
* CVE-2025-11468: header injection when folding a long comment in an email
header containing exclusively unfoldable characters (bsc#1257029).
* CVE-2025-12781: inadequate parameter check can cause data integrity issues
(bsc#1257108).
* CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers
(bsc#1257046).
* CVE-2025-15366: user-controlled command can allow additional commands
injected using newlines (bsc#1257044).
* CVE-2025-15367: control characters may allow the injection of additional
commands (bsc#1257041).
* CVE-2026-0672: HTTP header injection via user-controlled cookie values and
parameters when using http.cookies.Morsel (bsc#1257031).
* CVE-2026-0865: user-controlled header containing newlines can allow
injecting HTTP headers (bsc#1257042).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-767=1 openSUSE-SLE-15.6-2026-767=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-767=1
* Python 3 Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Python3-15-SP7-2026-767=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-767=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-767=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* python311-testsuite-3.11.14-150600.3.44.1
* libpython3_11-1_0-3.11.14-150600.3.44.1
* python311-doc-3.11.14-150600.3.44.1
* python311-testsuite-debuginfo-3.11.14-150600.3.44.1
* python311-dbm-3.11.14-150600.3.44.1
* python311-debugsource-3.11.14-150600.3.44.1
* libpython3_11-1_0-debuginfo-3.11.14-150600.3.44.1
* python311-base-debuginfo-3.11.14-150600.3.44.1
* python311-debuginfo-3.11.14-150600.3.44.1
* python311-tk-3.11.14-150600.3.44.1
* python311-doc-devhelp-3.11.14-150600.3.44.1
* python311-tk-debuginfo-3.11.14-150600.3.44.1
* python311-core-debugsource-3.11.14-150600.3.44.1
* python311-3.11.14-150600.3.44.1
* python311-idle-3.11.14-150600.3.44.1
* python311-base-3.11.14-150600.3.44.1
* python311-curses-3.11.14-150600.3.44.1
* python311-curses-debuginfo-3.11.14-150600.3.44.1
* python311-dbm-debuginfo-3.11.14-150600.3.44.1
* python311-tools-3.11.14-150600.3.44.1
* python311-devel-3.11.14-150600.3.44.1
* openSUSE Leap 15.6 (x86_64)
* python311-32bit-3.11.14-150600.3.44.1
* python311-base-32bit-debuginfo-3.11.14-150600.3.44.1
* python311-base-32bit-3.11.14-150600.3.44.1
* python311-32bit-debuginfo-3.11.14-150600.3.44.1
* libpython3_11-1_0-32bit-debuginfo-3.11.14-150600.3.44.1
* libpython3_11-1_0-32bit-3.11.14-150600.3.44.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* python311-base-64bit-3.11.14-150600.3.44.1
* python311-base-64bit-debuginfo-3.11.14-150600.3.44.1
* libpython3_11-1_0-64bit-debuginfo-3.11.14-150600.3.44.1
* libpython3_11-1_0-64bit-3.11.14-150600.3.44.1
* python311-64bit-3.11.14-150600.3.44.1
* python311-64bit-debuginfo-3.11.14-150600.3.44.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libpython3_11-1_0-debuginfo-3.11.14-150600.3.44.1
* python311-base-debuginfo-3.11.14-150600.3.44.1
* python311-base-3.11.14-150600.3.44.1
* libpython3_11-1_0-3.11.14-150600.3.44.1
* python311-core-debugsource-3.11.14-150600.3.44.1
* Python 3 Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* python311-3.11.14-150600.3.44.1
* python311-tk-debuginfo-3.11.14-150600.3.44.1
* python311-idle-3.11.14-150600.3.44.1
* python311-dbm-3.11.14-150600.3.44.1
* python311-debugsource-3.11.14-150600.3.44.1
* python311-curses-3.11.14-150600.3.44.1
* python311-debuginfo-3.11.14-150600.3.44.1
* python311-curses-debuginfo-3.11.14-150600.3.44.1
* python311-core-debugsource-3.11.14-150600.3.44.1
* python311-dbm-debuginfo-3.11.14-150600.3.44.1
* python311-tools-3.11.14-150600.3.44.1
* python311-tk-3.11.14-150600.3.44.1
* python311-devel-3.11.14-150600.3.44.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* python311-3.11.14-150600.3.44.1
* python311-tk-debuginfo-3.11.14-150600.3.44.1
* python311-idle-3.11.14-150600.3.44.1
* python311-dbm-3.11.14-150600.3.44.1
* python311-debugsource-3.11.14-150600.3.44.1
* libpython3_11-1_0-debuginfo-3.11.14-150600.3.44.1
* python311-base-debuginfo-3.11.14-150600.3.44.1
* python311-base-3.11.14-150600.3.44.1
* libpython3_11-1_0-3.11.14-150600.3.44.1
* python311-curses-3.11.14-150600.3.44.1
* python311-debuginfo-3.11.14-150600.3.44.1
* python311-curses-debuginfo-3.11.14-150600.3.44.1
* python311-core-debugsource-3.11.14-150600.3.44.1
* python311-dbm-debuginfo-3.11.14-150600.3.44.1
* python311-tools-3.11.14-150600.3.44.1
* python311-tk-3.11.14-150600.3.44.1
* python311-devel-3.11.14-150600.3.44.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* python311-3.11.14-150600.3.44.1
* python311-tk-debuginfo-3.11.14-150600.3.44.1
* python311-idle-3.11.14-150600.3.44.1
* python311-dbm-3.11.14-150600.3.44.1
* python311-debugsource-3.11.14-150600.3.44.1
* libpython3_11-1_0-debuginfo-3.11.14-150600.3.44.1
* python311-base-debuginfo-3.11.14-150600.3.44.1
* python311-base-3.11.14-150600.3.44.1
* libpython3_11-1_0-3.11.14-150600.3.44.1
* python311-curses-3.11.14-150600.3.44.1
* python311-debuginfo-3.11.14-150600.3.44.1
* python311-curses-debuginfo-3.11.14-150600.3.44.1
* python311-core-debugsource-3.11.14-150600.3.44.1
* python311-dbm-debuginfo-3.11.14-150600.3.44.1
* python311-tools-3.11.14-150600.3.44.1
* python311-tk-3.11.14-150600.3.44.1
* python311-devel-3.11.14-150600.3.44.1
## References:
* https://www.suse.com/security/cve/CVE-2025-11468.html
* https://www.suse.com/security/cve/CVE-2025-12781.html
* https://www.suse.com/security/cve/CVE-2025-15282.html
* https://www.suse.com/security/cve/CVE-2025-15366.html
* https://www.suse.com/security/cve/CVE-2025-15367.html
* https://www.suse.com/security/cve/CVE-2026-0672.html
* https://www.suse.com/security/cve/CVE-2026-0865.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257029
* https://bugzilla.suse.com/show_bug.cgi?id=1257031
* https://bugzilla.suse.com/show_bug.cgi?id=1257041
* https://bugzilla.suse.com/show_bug.cgi?id=1257042
* https://bugzilla.suse.com/show_bug.cgi?id=1257044
* https://bugzilla.suse.com/show_bug.cgi?id=1257046
* https://bugzilla.suse.com/show_bug.cgi?id=1257108
SUSE-SU-2026:0766-1: moderate: Security update for gnome-remote-desktop
# Security update for gnome-remote-desktop
Announcement ID: SUSE-SU-2026:0766-1
Release Date: 2026-03-03T13:02:48Z
Rating: moderate
References:
* bsc#1244053
Cross-References:
* CVE-2025-5024
CVSS scores:
* CVE-2025-5024 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
* CVE-2025-5024 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H
* CVE-2025-5024 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.6
An update that solves one vulnerability can now be installed.
## Description:
This update for gnome-remote-desktop fixes the following issue:
* CVE-2025-5024: an unauthenticated attacker can exhaust system resources
(bsc#1244053).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-766=1 openSUSE-SLE-15.6-2026-766=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* gnome-remote-desktop-debugsource-45.1-150600.3.6.1
* gnome-remote-desktop-debuginfo-45.1-150600.3.6.1
* gnome-remote-desktop-45.1-150600.3.6.1
* openSUSE Leap 15.6 (noarch)
* gnome-remote-desktop-lang-45.1-150600.3.6.1
## References:
* https://www.suse.com/security/cve/CVE-2025-5024.html
* https://bugzilla.suse.com/show_bug.cgi?id=1244053
SUSE-SU-2026:0771-1: important: Security update for postgresql15
# Security update for postgresql15
Announcement ID: SUSE-SU-2026:0771-1
Release Date: 2026-03-03T13:13:57Z
Rating: important
References:
* bsc#1258008
* bsc#1258009
* bsc#1258010
* bsc#1258011
* bsc#1258754
Cross-References:
* CVE-2026-2003
* CVE-2026-2004
* CVE-2026-2005
* CVE-2026-2006
CVSS scores:
* CVE-2026-2003 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-2003 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-2004 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-2004 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-2005 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-2005 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-2006 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-2006 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Legacy Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves four vulnerabilities and has one security fix can now be
installed.
## Description:
This update for postgresql15 fixes the following issues:
Update to version 15.17 (bsc#1258754).
Security issues fixed:
* CVE-2026-2003: improper validation of type "oidvector" may allow disclose a
few bytes of server memory (bsc#1258008).
* CVE-2026-2004: intarray missing validation of type of input to selectivity
estimator could lead to arbitrary code execution (bsc#1258009).
* CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions
could lead to arbitrary code execution (bsc#1258010).
* CVE-2026-2006: inadequate validation of multibyte character lengths could
lead to arbitrary code execution (bsc#1258011).
Regression fixes:
* the substring() function raises an error "invalid byte sequence for
encoding" on non-ASCII text values if the source of that value is a database
column (caused by CVE-2026-2006 fix).
* a standby may halt and return an error "could not access status of
transaction".
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-771=1 SUSE-2026-771=1
* Legacy Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2026-771=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-771=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-771=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* postgresql15-debuginfo-15.17-150600.16.28.1
* postgresql15-server-debuginfo-15.17-150600.16.28.1
* postgresql15-15.17-150600.16.28.1
* postgresql15-contrib-15.17-150600.16.28.1
* postgresql15-contrib-debuginfo-15.17-150600.16.28.1
* postgresql15-llvmjit-debuginfo-15.17-150600.16.28.1
* postgresql15-debugsource-15.17-150600.16.28.1
* postgresql15-plpython-15.17-150600.16.28.1
* postgresql15-plperl-debuginfo-15.17-150600.16.28.1
* postgresql15-pltcl-15.17-150600.16.28.1
* postgresql15-devel-debuginfo-15.17-150600.16.28.1
* postgresql15-pltcl-debuginfo-15.17-150600.16.28.1
* postgresql15-plpython-debuginfo-15.17-150600.16.28.1
* postgresql15-devel-15.17-150600.16.28.1
* postgresql15-plperl-15.17-150600.16.28.1
* postgresql15-test-15.17-150600.16.28.1
* postgresql15-server-devel-15.17-150600.16.28.1
* postgresql15-server-devel-debuginfo-15.17-150600.16.28.1
* postgresql15-llvmjit-devel-15.17-150600.16.28.1
* postgresql15-server-15.17-150600.16.28.1
* postgresql15-llvmjit-15.17-150600.16.28.1
* openSUSE Leap 15.6 (noarch)
* postgresql15-docs-15.17-150600.16.28.1
* Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* postgresql15-contrib-15.17-150600.16.28.1
* postgresql15-plpython-debuginfo-15.17-150600.16.28.1
* postgresql15-contrib-debuginfo-15.17-150600.16.28.1
* postgresql15-debuginfo-15.17-150600.16.28.1
* postgresql15-debugsource-15.17-150600.16.28.1
* postgresql15-server-15.17-150600.16.28.1
* postgresql15-devel-debuginfo-15.17-150600.16.28.1
* postgresql15-pltcl-debuginfo-15.17-150600.16.28.1
* postgresql15-server-debuginfo-15.17-150600.16.28.1
* postgresql15-plpython-15.17-150600.16.28.1
* postgresql15-plperl-debuginfo-15.17-150600.16.28.1
* postgresql15-server-devel-15.17-150600.16.28.1
* postgresql15-server-devel-debuginfo-15.17-150600.16.28.1
* postgresql15-pltcl-15.17-150600.16.28.1
* postgresql15-15.17-150600.16.28.1
* postgresql15-devel-15.17-150600.16.28.1
* postgresql15-plperl-15.17-150600.16.28.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* postgresql15-contrib-15.17-150600.16.28.1
* postgresql15-plpython-debuginfo-15.17-150600.16.28.1
* postgresql15-contrib-debuginfo-15.17-150600.16.28.1
* postgresql15-debuginfo-15.17-150600.16.28.1
* postgresql15-debugsource-15.17-150600.16.28.1
* postgresql15-server-15.17-150600.16.28.1
* postgresql15-devel-debuginfo-15.17-150600.16.28.1
* postgresql15-pltcl-debuginfo-15.17-150600.16.28.1
* postgresql15-server-debuginfo-15.17-150600.16.28.1
* postgresql15-plpython-15.17-150600.16.28.1
* postgresql15-plperl-debuginfo-15.17-150600.16.28.1
* postgresql15-server-devel-15.17-150600.16.28.1
* postgresql15-server-devel-debuginfo-15.17-150600.16.28.1
* postgresql15-pltcl-15.17-150600.16.28.1
* postgresql15-15.17-150600.16.28.1
* postgresql15-devel-15.17-150600.16.28.1
* postgresql15-plperl-15.17-150600.16.28.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* postgresql15-docs-15.17-150600.16.28.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* postgresql15-contrib-15.17-150600.16.28.1
* postgresql15-plpython-debuginfo-15.17-150600.16.28.1
* postgresql15-contrib-debuginfo-15.17-150600.16.28.1
* postgresql15-debuginfo-15.17-150600.16.28.1
* postgresql15-debugsource-15.17-150600.16.28.1
* postgresql15-server-15.17-150600.16.28.1
* postgresql15-devel-debuginfo-15.17-150600.16.28.1
* postgresql15-pltcl-debuginfo-15.17-150600.16.28.1
* postgresql15-server-debuginfo-15.17-150600.16.28.1
* postgresql15-plpython-15.17-150600.16.28.1
* postgresql15-plperl-debuginfo-15.17-150600.16.28.1
* postgresql15-server-devel-15.17-150600.16.28.1
* postgresql15-server-devel-debuginfo-15.17-150600.16.28.1
* postgresql15-pltcl-15.17-150600.16.28.1
* postgresql15-15.17-150600.16.28.1
* postgresql15-devel-15.17-150600.16.28.1
* postgresql15-plperl-15.17-150600.16.28.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* postgresql15-docs-15.17-150600.16.28.1
## References:
* https://www.suse.com/security/cve/CVE-2026-2003.html
* https://www.suse.com/security/cve/CVE-2026-2004.html
* https://www.suse.com/security/cve/CVE-2026-2005.html
* https://www.suse.com/security/cve/CVE-2026-2006.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258008
* https://bugzilla.suse.com/show_bug.cgi?id=1258009
* https://bugzilla.suse.com/show_bug.cgi?id=1258010
* https://bugzilla.suse.com/show_bug.cgi?id=1258011
* https://bugzilla.suse.com/show_bug.cgi?id=1258754
SUSE-SU-2026:0774-1: low: Security update for python
# Security update for python
Announcement ID: SUSE-SU-2026:0774-1
Release Date: 2026-03-03T13:18:24Z
Rating: low
References:
* bsc#1229596
Cross-References:
* CVE-2024-7592
CVSS scores:
* CVE-2024-7592 ( SUSE ): 2.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
* CVE-2024-7592 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-7592 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for python fixes the following issue:
* CVE-2024-7592: uncontrolled CPU resource consumption when in http.cookies
module (bsc#1229596).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-774=1
* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-774=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* libpython2_7-1_0-debuginfo-2.7.18-150000.105.1
* python-demo-2.7.18-150000.105.1
* python-debuginfo-2.7.18-150000.105.1
* python-xml-debuginfo-2.7.18-150000.105.1
* python-tk-debuginfo-2.7.18-150000.105.1
* libpython2_7-1_0-2.7.18-150000.105.1
* python-idle-2.7.18-150000.105.1
* python-2.7.18-150000.105.1
* python-base-2.7.18-150000.105.1
* python-base-debuginfo-2.7.18-150000.105.1
* python-debugsource-2.7.18-150000.105.1
* python-tk-2.7.18-150000.105.1
* python-curses-debuginfo-2.7.18-150000.105.1
* python-gdbm-debuginfo-2.7.18-150000.105.1
* python-gdbm-2.7.18-150000.105.1
* python-xml-2.7.18-150000.105.1
* python-base-debugsource-2.7.18-150000.105.1
* python-curses-2.7.18-150000.105.1
* python-devel-2.7.18-150000.105.1
* openSUSE Leap 15.6 (x86_64)
* libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.105.1
* python-base-32bit-2.7.18-150000.105.1
* python-32bit-debuginfo-2.7.18-150000.105.1
* python-base-32bit-debuginfo-2.7.18-150000.105.1
* libpython2_7-1_0-32bit-2.7.18-150000.105.1
* python-32bit-2.7.18-150000.105.1
* openSUSE Leap 15.6 (noarch)
* python-doc-pdf-2.7.18-150000.105.1
* python-doc-2.7.18-150000.105.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* libpython2_7-1_0-debuginfo-2.7.18-150000.105.1
* python-xml-debuginfo-2.7.18-150000.105.1
* python-debuginfo-2.7.18-150000.105.1
* libpython2_7-1_0-2.7.18-150000.105.1
* python-2.7.18-150000.105.1
* python-base-2.7.18-150000.105.1
* python-base-debuginfo-2.7.18-150000.105.1
* python-debugsource-2.7.18-150000.105.1
* python-curses-debuginfo-2.7.18-150000.105.1
* python-gdbm-debuginfo-2.7.18-150000.105.1
* python-gdbm-2.7.18-150000.105.1
* python-xml-2.7.18-150000.105.1
* python-base-debugsource-2.7.18-150000.105.1
* python-curses-2.7.18-150000.105.1
## References:
* https://www.suse.com/security/cve/CVE-2024-7592.html
* https://bugzilla.suse.com/show_bug.cgi?id=1229596
SUSE-SU-2026:0775-1: moderate: Security update for evolution-data-server
# Security update for evolution-data-server
Announcement ID: SUSE-SU-2026:0775-1
Release Date: 2026-03-03T13:19:22Z
Rating: moderate
References:
* bsc#1258307
Cross-References:
* CVE-2026-2604
CVSS scores:
* CVE-2026-2604 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2026-2604 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Linux Enterprise Workstation Extension 15 SP7
* SUSE Package Hub 15 15-SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for evolution-data-server fixes the following issue:
* CVE-2026-2604: arbitrary file deletion via inconsistent URI handling
(bsc#1258307).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-775=1 SUSE-2026-775=1
* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-775=1
* SUSE Linux Enterprise Workstation Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-775=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* typelib-1_0-EBook-1_2-3.50.3-150600.3.9.1
* typelib-1_0-EDataServerUI4-1_0-3.50.3-150600.3.9.1
* libedataserverui4-1_0-0-3.50.3-150600.3.9.1
* libedataserverui-1_2-4-3.50.3-150600.3.9.1
* typelib-1_0-EDataBook-1_2-3.50.3-150600.3.9.1
* typelib-1_0-EDataServerUI-1_2-3.50.3-150600.3.9.1
* typelib-1_0-ECal-2_0-3.50.3-150600.3.9.1
* libebook-1_2-21-debuginfo-3.50.3-150600.3.9.1
* evolution-data-server-debuginfo-3.50.3-150600.3.9.1
* libedata-book-1_2-27-3.50.3-150600.3.9.1
* libcamel-1_2-64-3.50.3-150600.3.9.1
* libedata-cal-2_0-2-debuginfo-3.50.3-150600.3.9.1
* evolution-data-server-devel-3.50.3-150600.3.9.1
* libebook-contacts-1_2-4-3.50.3-150600.3.9.1
* typelib-1_0-Camel-1_2-3.50.3-150600.3.9.1
* libecal-2_0-2-debuginfo-3.50.3-150600.3.9.1
* libebook-contacts-1_2-4-debuginfo-3.50.3-150600.3.9.1
* libebackend-1_2-11-3.50.3-150600.3.9.1
* typelib-1_0-EDataServer-1_2-3.50.3-150600.3.9.1
* libebackend-1_2-11-debuginfo-3.50.3-150600.3.9.1
* libedataserverui-1_2-4-debuginfo-3.50.3-150600.3.9.1
* evolution-data-server-3.50.3-150600.3.9.1
* libedataserver-1_2-27-debuginfo-3.50.3-150600.3.9.1
* libedataserverui4-1_0-0-debuginfo-3.50.3-150600.3.9.1
* libcamel-1_2-64-debuginfo-3.50.3-150600.3.9.1
* libedata-cal-2_0-2-3.50.3-150600.3.9.1
* typelib-1_0-EBackend-1_2-3.50.3-150600.3.9.1
* libecal-2_0-2-3.50.3-150600.3.9.1
* libedata-book-1_2-27-debuginfo-3.50.3-150600.3.9.1
* evolution-data-server-debugsource-3.50.3-150600.3.9.1
* libedataserver-1_2-27-3.50.3-150600.3.9.1
* typelib-1_0-EBookContacts-1_2-3.50.3-150600.3.9.1
* typelib-1_0-EDataCal-2_0-3.50.3-150600.3.9.1
* libebook-1_2-21-3.50.3-150600.3.9.1
* openSUSE Leap 15.6 (noarch)
* evolution-data-server-lang-3.50.3-150600.3.9.1
* SUSE Package Hub 15 15-SP7 (aarch64 s390x)
* evolution-data-server-3.50.3-150600.3.9.1
* evolution-data-server-devel-3.50.3-150600.3.9.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x)
* typelib-1_0-EBook-1_2-3.50.3-150600.3.9.1
* libedataserverui-1_2-4-3.50.3-150600.3.9.1
* typelib-1_0-EDataBook-1_2-3.50.3-150600.3.9.1
* typelib-1_0-EDataServerUI-1_2-3.50.3-150600.3.9.1
* typelib-1_0-ECal-2_0-3.50.3-150600.3.9.1
* libebook-1_2-21-debuginfo-3.50.3-150600.3.9.1
* evolution-data-server-debuginfo-3.50.3-150600.3.9.1
* libedata-book-1_2-27-3.50.3-150600.3.9.1
* libcamel-1_2-64-3.50.3-150600.3.9.1
* libedata-cal-2_0-2-debuginfo-3.50.3-150600.3.9.1
* libebook-contacts-1_2-4-3.50.3-150600.3.9.1
* typelib-1_0-Camel-1_2-3.50.3-150600.3.9.1
* libecal-2_0-2-debuginfo-3.50.3-150600.3.9.1
* libebook-contacts-1_2-4-debuginfo-3.50.3-150600.3.9.1
* libebackend-1_2-11-3.50.3-150600.3.9.1
* typelib-1_0-EDataServer-1_2-3.50.3-150600.3.9.1
* libebackend-1_2-11-debuginfo-3.50.3-150600.3.9.1
* libedataserverui-1_2-4-debuginfo-3.50.3-150600.3.9.1
* libedataserver-1_2-27-debuginfo-3.50.3-150600.3.9.1
* libcamel-1_2-64-debuginfo-3.50.3-150600.3.9.1
* libedata-cal-2_0-2-3.50.3-150600.3.9.1
* typelib-1_0-EBackend-1_2-3.50.3-150600.3.9.1
* libecal-2_0-2-3.50.3-150600.3.9.1
* libedata-book-1_2-27-debuginfo-3.50.3-150600.3.9.1
* evolution-data-server-debugsource-3.50.3-150600.3.9.1
* libedataserver-1_2-27-3.50.3-150600.3.9.1
* typelib-1_0-EBookContacts-1_2-3.50.3-150600.3.9.1
* typelib-1_0-EDataCal-2_0-3.50.3-150600.3.9.1
* libebook-1_2-21-3.50.3-150600.3.9.1
* SUSE Package Hub 15 15-SP7 (noarch)
* evolution-data-server-lang-3.50.3-150600.3.9.1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64)
* typelib-1_0-EBook-1_2-3.50.3-150600.3.9.1
* typelib-1_0-EDataServerUI4-1_0-3.50.3-150600.3.9.1
* libedataserverui4-1_0-0-3.50.3-150600.3.9.1
* libedataserverui-1_2-4-3.50.3-150600.3.9.1
* typelib-1_0-EDataServerUI-1_2-3.50.3-150600.3.9.1
* typelib-1_0-ECal-2_0-3.50.3-150600.3.9.1
* libebook-1_2-21-debuginfo-3.50.3-150600.3.9.1
* evolution-data-server-debuginfo-3.50.3-150600.3.9.1
* libedata-book-1_2-27-3.50.3-150600.3.9.1
* libcamel-1_2-64-3.50.3-150600.3.9.1
* libedata-cal-2_0-2-debuginfo-3.50.3-150600.3.9.1
* evolution-data-server-devel-3.50.3-150600.3.9.1
* libebook-contacts-1_2-4-3.50.3-150600.3.9.1
* typelib-1_0-Camel-1_2-3.50.3-150600.3.9.1
* libecal-2_0-2-debuginfo-3.50.3-150600.3.9.1
* libebook-contacts-1_2-4-debuginfo-3.50.3-150600.3.9.1
* libebackend-1_2-11-3.50.3-150600.3.9.1
* typelib-1_0-EDataServer-1_2-3.50.3-150600.3.9.1
* libebackend-1_2-11-debuginfo-3.50.3-150600.3.9.1
* libedataserverui-1_2-4-debuginfo-3.50.3-150600.3.9.1
* evolution-data-server-3.50.3-150600.3.9.1
* libedataserver-1_2-27-debuginfo-3.50.3-150600.3.9.1
* libedataserverui4-1_0-0-debuginfo-3.50.3-150600.3.9.1
* libcamel-1_2-64-debuginfo-3.50.3-150600.3.9.1
* libedata-cal-2_0-2-3.50.3-150600.3.9.1
* libecal-2_0-2-3.50.3-150600.3.9.1
* libedata-book-1_2-27-debuginfo-3.50.3-150600.3.9.1
* evolution-data-server-debugsource-3.50.3-150600.3.9.1
* libedataserver-1_2-27-3.50.3-150600.3.9.1
* typelib-1_0-EBookContacts-1_2-3.50.3-150600.3.9.1
* libebook-1_2-21-3.50.3-150600.3.9.1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch)
* evolution-data-server-lang-3.50.3-150600.3.9.1
## References:
* https://www.suse.com/security/cve/CVE-2026-2604.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258307
SUSE-SU-2026:0777-1: moderate: Security update for cosign
# Security update for cosign
Announcement ID: SUSE-SU-2026:0777-1
Release Date: 2026-03-03T13:22:36Z
Rating: moderate
References:
* bsc#1250620
* bsc#1253913
* bsc#1256496
* bsc#1256562
* bsc#1257080
* bsc#1257085
* bsc#1257139
* bsc#1258542
* bsc#1258612
* jsc#SLE-23879
Cross-References:
* CVE-2025-11065
* CVE-2025-58181
* CVE-2026-22703
* CVE-2026-22772
* CVE-2026-23991
* CVE-2026-23992
* CVE-2026-24122
* CVE-2026-24137
* CVE-2026-26958
CVSS scores:
* CVE-2025-11065 ( SUSE ): 5.7
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-11065 ( SUSE ): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-11065 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-58181 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58181 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-22703 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-22703 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-22703 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-22772 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
* CVE-2026-22772 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
* CVE-2026-22772 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
* CVE-2026-23991 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23991 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-23991 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23991 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23992 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-23992 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2026-23992 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-23992 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-24122 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-24122 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-24122 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-24137 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-24137 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2026-24137 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
* CVE-2026-26958 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2026-26958 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
* CVE-2026-26958 ( NVD ): 1.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products:
* Basesystem Module 15-SP7
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves nine vulnerabilities and contains one feature can now be
installed.
## Description:
This update for cosign fixes the following issues:
Update to version 3.0.5 (jsc#SLE-23879).
Security issues fixed:
* CVE-2025-11065: github.com/go-viper/mapstructure/v2: sensitive Information
leak in logs (bsc#1250620).
* CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms
can cause unbounded memory consumption (bsc#1253913).
* CVE-2026-22703: Verification accepts any valid Rekor entry under certain
conditions (bsc#1256496).
* CVE-2026-22772: github.com/sigstore/fulcio: bypass MetaIssuer URL validation
bypass can trigger SSRF to arbitrary internal services (bsc#1256562).
* CVE-2026-23991: github.com/theupdateframework/go-tuf/v2: denial of service
due to invalid TUF metadata JSON returned by TUF repository (bsc#1257080).
* CVE-2026-23992: github.com/theupdateframework/go-tuf/v2: unauthorized
modification to TUF metadata files due to a compromised or misconfigured TUF
repository (bsc#1257085).
* CVE-2026-24122: improper validation of certificates that outlive expired CA
certificates (bsc#1258542).
* CVE-2026-24137: github.com/sigstore/sigstore/pkg/tuf: legacy TUF client
allows for arbitrary file writes with target cache path traversal
(bsc#1257139).
* CVE-2026-26958: filippo.io/edwards25519: failure to initialize receiver in
MultiScalarMult can produce invalid results and lead to undefined behavior
(bsc#1258612).
Other updates and bugfixes:
* chore(deps): bump google.golang.org/api from 0.260.0 to 0.264.0 (#4679)
* chore(deps): bump github.com/sigstore/rekor-tiles/v2 from 2.0.1 to 2.1.0
(#4670)
* chore(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 (#4712)
* chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4680)
* chore(deps): bump the gomod group across 1 directory with 4 updates (#4702)
* chore(deps): bump the actions group with 3 updates (#4703)
* update golang builder to use go1.25.7 (#4687)
* update golangci-lint to v2.8.x (#4688)
* Support DSSE signing conformance test (#4685)
* chore(deps): bump the actions group across 1 directory with 8 updates
(#4689)
* Deprecate rekor-entry-type flag (#4691)
* Deprecate cosign triangulate (#4676)
* Deprecate cosign copy (#4681)
* Enforce TSA requirement for Rekor v2, Fuclio signing (#4683)
* chore(deps): bump github.com/theupdateframework/go-tuf/v2 (#4668)
* chore(deps): bump golang from 1.25.5 to 1.25.6 in the all group (#4673)
* Automatically require signed timestamp with Rekor v2 entries (#4666)
* Fix syntax issue in conformance test, update nightly (#4664)
* Add mTLS support for TSA client connections when signing with a signing
config (#4620)
* fix: avoid panic on malformed tlog entry body (#4652)
* Verify validity of chain rather than just certificate (#4663)
* Allow --local-image with --new-bundle-format for v2 and v3 signatures
(#4626)
* chore(deps): bump the gomod group across 1 directory with 3 updates (#4662)
* Bump sigstore/sigstore to resolve GHSA (#4660)
* Gracefully fail if bundle payload body is not a string (#4648)
* fix: avoid panic on malformed replace payload (#4653)
* chore(deps): bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 (#4659)
* fix: avoid panic on malformed attestation payload (#4651)
* fix: avoid panic on malformed tlog entries (#4649)
* Update conformance to latest
* docs(cosign): clarify RFC3161 revocation semantics (#4642)
* Add empty predicate to cosign sign when payload type is application/vnd.in-
toto+json (#4635)
* chore(deps): bump github.com/sigstore/fulcio from 1.8.4 to 1.8.5 (#4637)
* Add origin key for ctfe trusted root
* Add changelog updates for v3.0.4 and v2.6.2 (#4625)
* Update to version 3.0.4:
* Fix bundle verify path for old bundle/trusted root (#4623)
* chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4616)
* chore(deps): bump cuelang.org/go in the gomod group (#4615)
* Optimize cosign tree performance by caching digest resolution (#4612)
* Don't require a trusted root to verify offline with a key (#4613)
* Support default services for trusted-root and signing-config creation
(#4592)
* chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4602)
* chore(deps): bump github.com/sigstore/sigstore-go (#4578)
* chore(deps): bump github.com/buildkite/agent/v3 from 3.114.1 to 3.115.2
(#4601)
* chore(deps): bump google.golang.org/api from 0.257.0 to 0.258.0 (#4611)
* chore(deps): bump k8s.io/client-go from 0.34.3 to 0.35.0 (#4604)
* chore(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 (#4588)
* chore(deps): bump golang.org/x/oauth2 from 0.33.0 to 0.34.0 (#4586)
* chore(deps): bump the gomod group with 5 updates (#4599)
* chore(deps): bump github.com/open-policy-agent/opa from 1.10.1 to 1.12.1
(#4600)
* chore(deps): bump golang.org/x/term from 0.37.0 to 0.38.0 (#4584)
* chore(deps): bump the actions group with 3 updates (#4587)
* chore(deps): bump actions/cache from 4.3.0 to 5.0.1 (#4589)
* chore(deps): bump the gomod group with 9 updates (#4577)
* Update to version 3.0.3:
* 4554: Closes 4554 - Add warning when --output* is used (#4556)
* chore(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.1.0 (#4545)
* chore(deps): bump github.com/buildkite/agent/v3 from 3.111.0 to 3.113.0
(#4542)
* chore(deps): bump github.com/awslabs/amazon-ecr-credential-helper/ecr-login
(#4543)
* chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#4546)
* chore(deps): bump the actions group with 4 updates (#4544)
* chore(deps): bump the gomod group across 1 directory with 5 updates (#4567)
* chore(deps): bump golang from 1.25.4 to 1.25.5 in the all group (#4568)
* update builder to use go1.25.5 (#4566)
* Protobuf bundle support for subcommand `clean` (#4539)
* Add staging flag to initialize with staging TUF metadata
* update slack invite link (#4560)
* Updating sign-blob to also support signing with a certificate (#4547)
* Bump sigstore library dependencies (#4532)
* Protobuf bundle support for subcommands `save` and `load` (#4538)
* Fix cert attachment for new bundle with signing config
* Fix OCI verification with local cert - old bundle
* chore(deps): bump github.com/sigstore/fulcio from 1.7.1 to 1.8.1 (#4519)
* chore(deps): bump golang.org/x/crypto in /test/fakeoidc (#4535)
* chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#4536)
* update go builder and cosign (#4529)
* chore(deps): bump the gomod group across 1 directory with 7 updates (#4528)
* chore(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#4478)
* chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4520)
* chore(deps): bump golang from 1.25.3 to 1.25.4 in the all group (#4515)
* chore(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.33.0 (#4518)
* chore(deps): bump cuelang.org/go from 0.14.2 to 0.15.0 (#4524)
* chore(deps): bump github.com/open-policy-agent/opa from 1.9.0 to 1.10.1
(#4521)
* chore(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#4502)
* chore(deps): bump the actions group across 1 directory with 2 updates
(#4516)
* chore(deps): bump github.com/buildkite/agent/v3 from 3.110.0 to 3.111.0
(#4523)
* chore(deps): bump github.com/theupdateframework/go-tuf/v2 (#4522)
* Deprecate tlog-upload flag (#4458)
* fix: Use signal context for `sign` cli package.
* update offline verification directions (#4526)
* Fix signing/verifying annotations for new bundle
* Add support to download and attach for protobuf bundles (#4477)
* Add --signing-algorithm flag (#3497)
* Refactor signcommon bundle helpers
* Add --bundle and fix --upload for new bundle
* Pass insecure registry flags through to referrers
* chore(deps): bump github.com/buildkite/agent/v3 from 3.108.0 to 3.109.1
(#4483)
* Add protobuf bundle support for tree subcommand (#4491)
* Remove stale embed import (#4492)
* Support multiple container identities
* chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4484)
* chore(deps): bump chainguard-dev/actions in the actions group (#4480)
* chore(deps): bump github.com/sigstore/rekor-tiles/v2 (#4485)
* chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.43.0 (#4486)
* chore(deps): bump cuelang.org/go in the gomod group (#4479)
* upgrade OSS-Fuzz build tooling (#4487)
* Fix segfault when no attestations are found (#4472)
* Use overridden repository for new bundle format (#4473)
* update go to 1.25.3 (#4471)
* Remove --out flag from `cosign initialize` (#4462)
* chore(deps): bump the actions group with 2 updates (#4460)
* Deprecate offline flag (#4457)
* Deduplicate code in sign/attest _and verify_ commands (#4449)
* Cache signing config when calling initialize (#4456)
* Update changelog for v3.0.2 (#4455)
* chore(deps): bump google.golang.org/api from 0.250.0 to 0.251.0
* chore(deps): bump gitlab.com/gitlab-org/api/client-go
* chore(deps): bump the actions group with 3 updates
* chore(deps): bump github.com/buildkite/agent/v3 from 3.107.2 to 3.108.0
* choose different signature filename for KMS-signed release signatures
(#4448)
* chore(deps): bump github.com/go-jose/go-jose/v4 (#4451)
* Update rekor-tiles version path
* update CL for v3.0.1 release (#4447)
* update goreleaser config for v3.0.0 release (#4446)
* Create changelog for v3.0.0 (#4440)
* Fetch service URLs from the TUF PGI signing config by default (#4428)
* Create changelog for v2.6.1 (#4439)
* chore(deps): bump google.golang.org/api from 0.249.0 to 0.250.0 (#4432)
* chore(deps): bump the gomod group with 2 updates (#4429)
* chore(deps): bump github.com/open-policy-agent/opa from 1.8.0 to 1.9.0
(#4433)
* chore(deps): bump the actions group with 3 updates (#4434)
* chore(deps): bump github.com/go-openapi/swag from 0.24.1 to 0.25.1 (#4435)
* chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4436)
* chore(deps): bump github.com/go-openapi/runtime from 0.28.0 to 0.29.0
(#4437)
* Bump module version to v3 for Cosign v3.0 (#4427)
* Move sigstore-conformance back to tagged release (#4425)
* Bump sigstore-go to v1.1.3 (#4423)
* Partially populate the output of cosign verify when working with new bundles
(#4416)
* chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4419)
* chore(deps): bump github.com/theupdateframework/go-tuf/v2 (#4418)
* chore(deps): bump github.com/buildkite/agent/v3 from 3.105.0 to 3.107.0
(#4420)
* chore(deps): bump chainguard-dev/actions in the actions group (#4421)
* bump go builder to use 1.25.1 and cosign (#4417)
* Bump sigstore-go for more precise user agents (#4413)
* chore(deps): bump github.com/spf13/viper from 1.20.1 to 1.21.0 (#4408)
* chore(deps): bump the actions group with 2 updates (#4407)
* chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4410)
* chore(deps): bump github.com/buildkite/agent/v3 from 3.104.0 to 3.105.0
(#4411)
* Default to using the new protobuf format (#4318)
* Update to version 2.6.0:
* Require exclusively a SigningConfig or service URLs when signing (#4403)
* Add a terminal spinner while signing with sigstore-go (#4402)
* Bump sigstore-go, support alternative hash algorithms with keys (#4386)
* Add support for SigningConfig in sign/attest (#4371)
* Support self-managed keys when signing with sigstore-go (#4368)
* Remove SHA256 assumption in sign-blob/verify-blob (#4050)
* introduce dockerfile to pin the go version to decouple go version from
go.mod (#4369)
* refactor: extract function to write referrer attestations (#4357)
* Break import cycle with e2e build tag (#4370)
* Update conformance test binary for signing config (#4367)
* update builder image to use go1.25 (#4366)
* Don't load content from TUF if trusted root path is specified (#4347)
* Don't require timestamps when verifying with a key (#4337)
* Fixes to cosign sign / verify for the new bundle format (#4346)
* update builder to use go1.24.6 (#4334)
* bump golangci-lint to v2.3.x (#4333)
* Have cosign sign support bundle format (#4316)
* Add support for SigningConfig for sign-blob/attest-blob, support Rekor v2
(#4319)
* Verify subject with bundle only when checking claims (#4320)
* Add to `attest-blob` the ability to supply a complete in-toto statement, and
add to `verify-blob-attestation` the ability to verify with just a digest
(#4306)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-777=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-777=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-777=1
## Package List:
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* cosign-3.0.5-150400.3.35.1
* cosign-debuginfo-3.0.5-150400.3.35.1
* Basesystem Module 15-SP7 (noarch)
* cosign-zsh-completion-3.0.5-150400.3.35.1
* cosign-bash-completion-3.0.5-150400.3.35.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* cosign-3.0.5-150400.3.35.1
* cosign-debuginfo-3.0.5-150400.3.35.1
* openSUSE Leap 15.4 (noarch)
* cosign-zsh-completion-3.0.5-150400.3.35.1
* cosign-bash-completion-3.0.5-150400.3.35.1
* cosign-fish-completion-3.0.5-150400.3.35.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* cosign-3.0.5-150400.3.35.1
* cosign-debuginfo-3.0.5-150400.3.35.1
## References:
* https://www.suse.com/security/cve/CVE-2025-11065.html
* https://www.suse.com/security/cve/CVE-2025-58181.html
* https://www.suse.com/security/cve/CVE-2026-22703.html
* https://www.suse.com/security/cve/CVE-2026-22772.html
* https://www.suse.com/security/cve/CVE-2026-23991.html
* https://www.suse.com/security/cve/CVE-2026-23992.html
* https://www.suse.com/security/cve/CVE-2026-24122.html
* https://www.suse.com/security/cve/CVE-2026-24137.html
* https://www.suse.com/security/cve/CVE-2026-26958.html
* https://bugzilla.suse.com/show_bug.cgi?id=1250620
* https://bugzilla.suse.com/show_bug.cgi?id=1253913
* https://bugzilla.suse.com/show_bug.cgi?id=1256496
* https://bugzilla.suse.com/show_bug.cgi?id=1256562
* https://bugzilla.suse.com/show_bug.cgi?id=1257080
* https://bugzilla.suse.com/show_bug.cgi?id=1257085
* https://bugzilla.suse.com/show_bug.cgi?id=1257139
* https://bugzilla.suse.com/show_bug.cgi?id=1258542
* https://bugzilla.suse.com/show_bug.cgi?id=1258612
* https://jira.suse.com/browse/SLE-23879
SUSE-SU-2026:0780-1: moderate: Security update for tracker-miners
# Security update for tracker-miners
Announcement ID: SUSE-SU-2026:0780-1
Release Date: 2026-03-03T13:26:03Z
Rating: moderate
References:
* bsc#1257606
* bsc#1257607
* bsc#1257608
* bsc#1257609
Cross-References:
* CVE-2026-1764
* CVE-2026-1765
* CVE-2026-1766
* CVE-2026-1767
CVSS scores:
* CVE-2026-1764 ( SUSE ): 5.2
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-1764 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1765 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1766 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-1767 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
Affected Products:
* Desktop Applications Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Linux Enterprise Workstation Extension 15 SP7
An update that solves four vulnerabilities can now be installed.
## Description:
This update for tracker-miners fixes the following issues:
* CVE-2026-1764: heap buffer overflow leads to denial of service or
information disclosure when parsing MP3 files (bsc#1257606).
* CVE-2026-1765: denial of Service and potential information disclosure via
crafted MP3 files (bsc#1257607).
* CVE-2026-1766: denial of Service and information disclosure via malformed
MP3 files (bsc#1257608).
* CVE-2026-1767: heap buffer overflow leading to denial of service or
information disclosure via malformed MP3 ID3 tags (bsc#1257609).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Workstation Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-780=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-780=1 openSUSE-SLE-15.6-2026-780=1
* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-780=1
## Package List:
* SUSE Linux Enterprise Workstation Extension 15 SP7 (noarch)
* tracker-miners-lang-3.6.2-150600.4.6.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* tracker-miner-files-debuginfo-3.6.2-150600.4.6.1
* tracker-miners-3.6.2-150600.4.6.1
* tracker-miner-files-3.6.2-150600.4.6.1
* tracker-miners-debugsource-3.6.2-150600.4.6.1
* tracker-miners-debuginfo-3.6.2-150600.4.6.1
* openSUSE Leap 15.6 (noarch)
* tracker-miners-lang-3.6.2-150600.4.6.1
* Desktop Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* tracker-miner-files-debuginfo-3.6.2-150600.4.6.1
* tracker-miners-3.6.2-150600.4.6.1
* tracker-miner-files-3.6.2-150600.4.6.1
* tracker-miners-debugsource-3.6.2-150600.4.6.1
* tracker-miners-debuginfo-3.6.2-150600.4.6.1
## References:
* https://www.suse.com/security/cve/CVE-2026-1764.html
* https://www.suse.com/security/cve/CVE-2026-1765.html
* https://www.suse.com/security/cve/CVE-2026-1766.html
* https://www.suse.com/security/cve/CVE-2026-1767.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257606
* https://bugzilla.suse.com/show_bug.cgi?id=1257607
* https://bugzilla.suse.com/show_bug.cgi?id=1257608
* https://bugzilla.suse.com/show_bug.cgi?id=1257609
SUSE-SU-2026:0776-1: moderate: Security update for evolution-data-server
# Security update for evolution-data-server
Announcement ID: SUSE-SU-2026:0776-1
Release Date: 2026-03-03T13:20:27Z
Rating: moderate
References:
* bsc#1258307
Cross-References:
* CVE-2026-2604
CVSS scores:
* CVE-2026-2604 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2026-2604 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Linux Enterprise Workstation Extension 15 SP7
* SUSE Package Hub 15 15-SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for evolution-data-server fixes the following issue:
* CVE-2026-2604: arbitrary file deletion via inconsistent URI handling
(bsc#1258307).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-776=1
* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-776=1
* SUSE Linux Enterprise Workstation Extension 15 SP7
zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-776=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libebackend-1_2-10-debuginfo-3.42.5-150400.3.10.1
* libecal-2_0-1-3.42.5-150400.3.10.1
* typelib-1_0-EBackend-1_2-3.42.5-150400.3.10.1
* libedataserverui-1_2-3-3.42.5-150400.3.10.1
* typelib-1_0-EBook-1_2-3.42.5-150400.3.10.1
* libebook-contacts-1_2-3-debuginfo-3.42.5-150400.3.10.1
* typelib-1_0-Camel-1_2-3.42.5-150400.3.10.1
* libedata-book-1_2-26-3.42.5-150400.3.10.1
* libebook-contacts-1_2-3-3.42.5-150400.3.10.1
* typelib-1_0-EBookContacts-1_2-3.42.5-150400.3.10.1
* libebackend-1_2-10-3.42.5-150400.3.10.1
* libebook-1_2-20-debuginfo-3.42.5-150400.3.10.1
* libebook-1_2-20-3.42.5-150400.3.10.1
* libedata-cal-2_0-1-3.42.5-150400.3.10.1
* libcamel-1_2-63-3.42.5-150400.3.10.1
* evolution-data-server-devel-3.42.5-150400.3.10.1
* libedataserver-1_2-26-debuginfo-3.42.5-150400.3.10.1
* typelib-1_0-EDataServerUI-1_2-3.42.5-150400.3.10.1
* typelib-1_0-EDataServer-1_2-3.42.5-150400.3.10.1
* typelib-1_0-ECal-2_0-3.42.5-150400.3.10.1
* libedata-cal-2_0-1-debuginfo-3.42.5-150400.3.10.1
* typelib-1_0-EDataCal-2_0-3.42.5-150400.3.10.1
* evolution-data-server-debuginfo-3.42.5-150400.3.10.1
* libedataserverui-1_2-3-debuginfo-3.42.5-150400.3.10.1
* libedata-book-1_2-26-debuginfo-3.42.5-150400.3.10.1
* libecal-2_0-1-debuginfo-3.42.5-150400.3.10.1
* libedataserver-1_2-26-3.42.5-150400.3.10.1
* evolution-data-server-3.42.5-150400.3.10.1
* typelib-1_0-EDataBook-1_2-3.42.5-150400.3.10.1
* evolution-data-server-debugsource-3.42.5-150400.3.10.1
* libcamel-1_2-63-debuginfo-3.42.5-150400.3.10.1
* openSUSE Leap 15.4 (noarch)
* evolution-data-server-lang-3.42.5-150400.3.10.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x)
* libecal-2_0-1-debuginfo-3.42.5-150400.3.10.1
* libebackend-1_2-10-debuginfo-3.42.5-150400.3.10.1
* libebackend-1_2-10-3.42.5-150400.3.10.1
* libecal-2_0-1-3.42.5-150400.3.10.1
* libebook-1_2-20-debuginfo-3.42.5-150400.3.10.1
* libebook-1_2-20-3.42.5-150400.3.10.1
* libedata-cal-2_0-1-3.42.5-150400.3.10.1
* libedata-cal-2_0-1-debuginfo-3.42.5-150400.3.10.1
* evolution-data-server-debugsource-3.42.5-150400.3.10.1
* evolution-data-server-debuginfo-3.42.5-150400.3.10.1
* libedata-book-1_2-26-debuginfo-3.42.5-150400.3.10.1
* libebook-contacts-1_2-3-debuginfo-3.42.5-150400.3.10.1
* libedata-book-1_2-26-3.42.5-150400.3.10.1
* libebook-contacts-1_2-3-3.42.5-150400.3.10.1
* SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64)
* libebackend-1_2-10-debuginfo-3.42.5-150400.3.10.1
* libebackend-1_2-10-3.42.5-150400.3.10.1
* libebook-1_2-20-debuginfo-3.42.5-150400.3.10.1
* libebook-1_2-20-3.42.5-150400.3.10.1
* libedataserver-1_2-26-3.42.5-150400.3.10.1
* libcamel-1_2-63-3.42.5-150400.3.10.1
* evolution-data-server-debugsource-3.42.5-150400.3.10.1
* evolution-data-server-debuginfo-3.42.5-150400.3.10.1
* libedata-book-1_2-26-debuginfo-3.42.5-150400.3.10.1
* libebook-contacts-1_2-3-debuginfo-3.42.5-150400.3.10.1
* libedataserver-1_2-26-debuginfo-3.42.5-150400.3.10.1
* libedata-book-1_2-26-3.42.5-150400.3.10.1
* libebook-contacts-1_2-3-3.42.5-150400.3.10.1
* libcamel-1_2-63-debuginfo-3.42.5-150400.3.10.1
## References:
* https://www.suse.com/security/cve/CVE-2026-2604.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258307
SUSE-SU-2026:0779-1: moderate: Security update for libssh
# Security update for libssh
Announcement ID: SUSE-SU-2026:0779-1
Release Date: 2026-03-03T13:25:13Z
Rating: moderate
References:
* bsc#1258045
* bsc#1258049
* bsc#1258054
* bsc#1258080
* bsc#1258081
Cross-References:
* CVE-2026-0964
* CVE-2026-0965
* CVE-2026-0966
* CVE-2026-0967
* CVE-2026-0968
CVSS scores:
* CVE-2026-0964 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-0965 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-0966 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-0967 ( SUSE ): 1.0
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-0967 ( SUSE ): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-0968 ( SUSE ): 2.1
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-0968 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L
Affected Products:
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves five vulnerabilities can now be installed.
## Description:
This update for libssh fixes the following issues:
* CVE-2026-0964: improper sanitation of paths received from SCP servers can
cause path traversal (bsc#1258049).
* CVE-2026-0965: possible denial of service when parsing unexpected
configuration files (bsc#1258045).
* CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input
(bsc#1258054).
* CVE-2026-0967: specially crafted patterns could cause denial of service
(bsc#1258081).
* CVE-2026-0968: malformed SFTP message can lead to out of bound read
(bsc#1258080).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-779=1 openSUSE-SLE-15.6-2026-779=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-779=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libssh4-debuginfo-0.9.8-150600.11.9.1
* libssh-debugsource-0.9.8-150600.11.9.1
* libssh-config-0.9.8-150600.11.9.1
* libssh4-0.9.8-150600.11.9.1
* libssh-devel-0.9.8-150600.11.9.1
* openSUSE Leap 15.6 (x86_64)
* libssh4-32bit-debuginfo-0.9.8-150600.11.9.1
* libssh4-32bit-0.9.8-150600.11.9.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libssh4-64bit-0.9.8-150600.11.9.1
* libssh4-64bit-debuginfo-0.9.8-150600.11.9.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libssh4-debuginfo-0.9.8-150600.11.9.1
* libssh-debugsource-0.9.8-150600.11.9.1
* libssh-config-0.9.8-150600.11.9.1
* libssh4-0.9.8-150600.11.9.1
* libssh-devel-0.9.8-150600.11.9.1
* Basesystem Module 15-SP7 (x86_64)
* libssh4-32bit-debuginfo-0.9.8-150600.11.9.1
* libssh4-32bit-0.9.8-150600.11.9.1
## References:
* https://www.suse.com/security/cve/CVE-2026-0964.html
* https://www.suse.com/security/cve/CVE-2026-0965.html
* https://www.suse.com/security/cve/CVE-2026-0966.html
* https://www.suse.com/security/cve/CVE-2026-0967.html
* https://www.suse.com/security/cve/CVE-2026-0968.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258045
* https://bugzilla.suse.com/show_bug.cgi?id=1258049
* https://bugzilla.suse.com/show_bug.cgi?id=1258054
* https://bugzilla.suse.com/show_bug.cgi?id=1258080
* https://bugzilla.suse.com/show_bug.cgi?id=1258081
SUSE-SU-2026:0781-1: low: Security update for patch
# Security update for patch
Announcement ID: SUSE-SU-2026:0781-1
Release Date: 2026-03-03T13:28:12Z
Rating: low
References:
* bsc#1194037
Cross-References:
* CVE-2021-45261
CVSS scores:
* CVE-2021-45261 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2021-45261 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for patch fixes the following issues:
* CVE-2021-45261: Clear range of pointers before they are used/freed
(bsc#1194037).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-781=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-781=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* patch-debugsource-2.7.6-150000.5.9.1
* patch-debuginfo-2.7.6-150000.5.9.1
* patch-2.7.6-150000.5.9.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* patch-debugsource-2.7.6-150000.5.9.1
* patch-debuginfo-2.7.6-150000.5.9.1
* patch-2.7.6-150000.5.9.1
## References:
* https://www.suse.com/security/cve/CVE-2021-45261.html
* https://bugzilla.suse.com/show_bug.cgi?id=1194037
SUSE-SU-2026:0786-1: important: Security update for postgresql14
# Security update for postgresql14
Announcement ID: SUSE-SU-2026:0786-1
Release Date: 2026-03-03T14:47:28Z
Rating: important
References:
* bsc#1258008
* bsc#1258009
* bsc#1258010
* bsc#1258011
* bsc#1258754
Cross-References:
* CVE-2026-2003
* CVE-2026-2004
* CVE-2026-2005
* CVE-2026-2006
CVSS scores:
* CVE-2026-2003 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-2003 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-2004 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-2004 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-2005 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-2005 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-2006 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-2006 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Legacy Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7
An update that solves four vulnerabilities and has one security fix can now be
installed.
## Description:
This update for postgresql14 fixes the following issues:
Update to version 14.22 (bsc#1258754).
Security issues fixed:
* CVE-2026-2003: improper validation of type "oidvector" may allow disclose a
few bytes of server memory (bsc#1258008).
* CVE-2026-2004: intarray missing validation of type of input to selectivity
estimator could lead to arbitrary code execution (bsc#1258009).
* CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions
could lead to arbitrary code execution (bsc#1258010).
* CVE-2026-2006: inadequate validation of multibyte character lengths could
lead to arbitrary code execution (bsc#1258011).
Regression fixes:
* the substring() function raises an error "invalid byte sequence for
encoding" on non-ASCII text values if the source of that value is a database
column (caused by CVE-2026-2006 fix).
* a standby may halt and return an error "could not access status of
transaction".
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-786=1 openSUSE-SLE-15.6-2026-786=1
* Legacy Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2026-786=1
* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-786=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-786=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-786=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* postgresql14-llvmjit-debuginfo-14.22-150600.16.28.1
* postgresql14-plpython-debuginfo-14.22-150600.16.28.1
* postgresql14-pltcl-14.22-150600.16.28.1
* postgresql14-test-14.22-150600.16.28.1
* postgresql14-14.22-150600.16.28.1
* postgresql14-contrib-debuginfo-14.22-150600.16.28.1
* postgresql14-plperl-debuginfo-14.22-150600.16.28.1
* postgresql14-pltcl-debuginfo-14.22-150600.16.28.1
* postgresql14-devel-debuginfo-14.22-150600.16.28.1
* postgresql14-devel-14.22-150600.16.28.1
* postgresql14-debugsource-14.22-150600.16.28.1
* postgresql14-debuginfo-14.22-150600.16.28.1
* postgresql14-server-14.22-150600.16.28.1
* postgresql14-server-devel-debuginfo-14.22-150600.16.28.1
* postgresql14-contrib-14.22-150600.16.28.1
* postgresql14-server-debuginfo-14.22-150600.16.28.1
* postgresql14-server-devel-14.22-150600.16.28.1
* postgresql14-llvmjit-14.22-150600.16.28.1
* postgresql14-plpython-14.22-150600.16.28.1
* postgresql14-plperl-14.22-150600.16.28.1
* postgresql14-llvmjit-devel-14.22-150600.16.28.1
* openSUSE Leap 15.6 (noarch)
* postgresql14-docs-14.22-150600.16.28.1
* Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* postgresql14-contrib-debuginfo-14.22-150600.16.28.1
* postgresql14-plperl-debuginfo-14.22-150600.16.28.1
* postgresql14-plpython-14.22-150600.16.28.1
* postgresql14-pltcl-debuginfo-14.22-150600.16.28.1
* postgresql14-debuginfo-14.22-150600.16.28.1
* postgresql14-server-14.22-150600.16.28.1
* postgresql14-server-devel-14.22-150600.16.28.1
* postgresql14-plperl-14.22-150600.16.28.1
* postgresql14-plpython-debuginfo-14.22-150600.16.28.1
* postgresql14-pltcl-14.22-150600.16.28.1
* postgresql14-server-devel-debuginfo-14.22-150600.16.28.1
* postgresql14-devel-debuginfo-14.22-150600.16.28.1
* postgresql14-devel-14.22-150600.16.28.1
* postgresql14-contrib-14.22-150600.16.28.1
* postgresql14-server-debuginfo-14.22-150600.16.28.1
* postgresql14-debugsource-14.22-150600.16.28.1
* postgresql14-14.22-150600.16.28.1
* Legacy Module 15-SP7 (noarch)
* postgresql14-docs-14.22-150600.16.28.1
* Legacy Module 15-SP7 (ppc64le s390x x86_64)
* postgresql14-test-14.22-150600.16.28.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* postgresql14-debuginfo-14.22-150600.16.28.1
* postgresql14-llvmjit-debuginfo-14.22-150600.16.28.1
* postgresql14-test-14.22-150600.16.28.1
* postgresql14-debugsource-14.22-150600.16.28.1
* postgresql14-llvmjit-14.22-150600.16.28.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* postgresql14-contrib-debuginfo-14.22-150600.16.28.1
* postgresql14-plperl-debuginfo-14.22-150600.16.28.1
* postgresql14-plpython-14.22-150600.16.28.1
* postgresql14-pltcl-debuginfo-14.22-150600.16.28.1
* postgresql14-debuginfo-14.22-150600.16.28.1
* postgresql14-server-14.22-150600.16.28.1
* postgresql14-server-devel-14.22-150600.16.28.1
* postgresql14-plperl-14.22-150600.16.28.1
* postgresql14-plpython-debuginfo-14.22-150600.16.28.1
* postgresql14-pltcl-14.22-150600.16.28.1
* postgresql14-server-devel-debuginfo-14.22-150600.16.28.1
* postgresql14-devel-debuginfo-14.22-150600.16.28.1
* postgresql14-devel-14.22-150600.16.28.1
* postgresql14-contrib-14.22-150600.16.28.1
* postgresql14-server-debuginfo-14.22-150600.16.28.1
* postgresql14-debugsource-14.22-150600.16.28.1
* postgresql14-14.22-150600.16.28.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* postgresql14-docs-14.22-150600.16.28.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* postgresql14-contrib-debuginfo-14.22-150600.16.28.1
* postgresql14-plperl-debuginfo-14.22-150600.16.28.1
* postgresql14-plpython-14.22-150600.16.28.1
* postgresql14-pltcl-debuginfo-14.22-150600.16.28.1
* postgresql14-debuginfo-14.22-150600.16.28.1
* postgresql14-server-14.22-150600.16.28.1
* postgresql14-server-devel-14.22-150600.16.28.1
* postgresql14-plperl-14.22-150600.16.28.1
* postgresql14-plpython-debuginfo-14.22-150600.16.28.1
* postgresql14-pltcl-14.22-150600.16.28.1
* postgresql14-server-devel-debuginfo-14.22-150600.16.28.1
* postgresql14-devel-debuginfo-14.22-150600.16.28.1
* postgresql14-devel-14.22-150600.16.28.1
* postgresql14-contrib-14.22-150600.16.28.1
* postgresql14-server-debuginfo-14.22-150600.16.28.1
* postgresql14-debugsource-14.22-150600.16.28.1
* postgresql14-14.22-150600.16.28.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* postgresql14-docs-14.22-150600.16.28.1
## References:
* https://www.suse.com/security/cve/CVE-2026-2003.html
* https://www.suse.com/security/cve/CVE-2026-2004.html
* https://www.suse.com/security/cve/CVE-2026-2005.html
* https://www.suse.com/security/cve/CVE-2026-2006.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258008
* https://bugzilla.suse.com/show_bug.cgi?id=1258009
* https://bugzilla.suse.com/show_bug.cgi?id=1258010
* https://bugzilla.suse.com/show_bug.cgi?id=1258011
* https://bugzilla.suse.com/show_bug.cgi?id=1258754
SUSE-SU-2026:0788-1: important: Security update for libsoup
# Security update for libsoup
Announcement ID: SUSE-SU-2026:0788-1
Release Date: 2026-03-03T15:15:28Z
Rating: important
References:
* bsc#1257398
* bsc#1257441
* bsc#1257597
Cross-References:
* CVE-2026-1467
* CVE-2026-1539
* CVE-2026-1760
CVSS scores:
* CVE-2026-1467 ( SUSE ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
* CVE-2026-1467 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2026-1467 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
* CVE-2026-1539 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
* CVE-2026-1539 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
* CVE-2026-1539 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
* CVE-2026-1760 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
* CVE-2026-1760 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
* CVE-2026-1760 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves three vulnerabilities can now be installed.
## Description:
This update for libsoup fixes the following issues:
* CVE-2026-1467: lack of input sanitization can lead to unintended or
unauthorized HTTP requests (bsc#1257398).
* CVE-2026-1539: proxy authentication credentials leaked via the Proxy-
Authorization header when handling HTTP redirects (bsc#1257441).
* CVE-2026-1760: improper handling of HTTP requests combining certain headers
by SoupServer can lead to HTTP request smuggling and potential DoS
(bsc#1257597).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-788=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-788=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-788=1 openSUSE-SLE-15.6-2026-788=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-788=1
## Package List:
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libsoup-debugsource-3.4.4-150600.3.37.1
* libsoup-devel-3.4.4-150600.3.37.1
* typelib-1_0-Soup-3_0-3.4.4-150600.3.37.1
* libsoup-3_0-0-3.4.4-150600.3.37.1
* libsoup-3_0-0-debuginfo-3.4.4-150600.3.37.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
* libsoup-lang-3.4.4-150600.3.37.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libsoup-debugsource-3.4.4-150600.3.37.1
* libsoup-devel-3.4.4-150600.3.37.1
* typelib-1_0-Soup-3_0-3.4.4-150600.3.37.1
* libsoup-3_0-0-3.4.4-150600.3.37.1
* libsoup-3_0-0-debuginfo-3.4.4-150600.3.37.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
* libsoup-lang-3.4.4-150600.3.37.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libsoup-debugsource-3.4.4-150600.3.37.1
* libsoup-devel-3.4.4-150600.3.37.1
* typelib-1_0-Soup-3_0-3.4.4-150600.3.37.1
* libsoup-3_0-0-3.4.4-150600.3.37.1
* libsoup-3_0-0-debuginfo-3.4.4-150600.3.37.1
* openSUSE Leap 15.6 (x86_64)
* libsoup-3_0-0-32bit-debuginfo-3.4.4-150600.3.37.1
* libsoup-devel-32bit-3.4.4-150600.3.37.1
* libsoup-3_0-0-32bit-3.4.4-150600.3.37.1
* openSUSE Leap 15.6 (noarch)
* libsoup-lang-3.4.4-150600.3.37.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libsoup-devel-64bit-3.4.4-150600.3.37.1
* libsoup-3_0-0-64bit-3.4.4-150600.3.37.1
* libsoup-3_0-0-64bit-debuginfo-3.4.4-150600.3.37.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libsoup-debugsource-3.4.4-150600.3.37.1
* libsoup-devel-3.4.4-150600.3.37.1
* typelib-1_0-Soup-3_0-3.4.4-150600.3.37.1
* libsoup-3_0-0-3.4.4-150600.3.37.1
* libsoup-3_0-0-debuginfo-3.4.4-150600.3.37.1
* Basesystem Module 15-SP7 (noarch)
* libsoup-lang-3.4.4-150600.3.37.1
## References:
* https://www.suse.com/security/cve/CVE-2026-1467.html
* https://www.suse.com/security/cve/CVE-2026-1539.html
* https://www.suse.com/security/cve/CVE-2026-1760.html
* https://bugzilla.suse.com/show_bug.cgi?id=1257398
* https://bugzilla.suse.com/show_bug.cgi?id=1257441
* https://bugzilla.suse.com/show_bug.cgi?id=1257597
SUSE-SU-2026:0783-1: moderate: Security update for zlib
# Security update for zlib
Announcement ID: SUSE-SU-2026:0783-1
Release Date: 2026-03-03T13:36:31Z
Rating: moderate
References:
* bsc#1258392
Cross-References:
* CVE-2026-27171
CVSS scores:
* CVE-2026-27171 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-27171 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-27171 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-27171 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP7
* Development Tools Module 15-SP7
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves one vulnerability can now be installed.
## Description:
This update for zlib fixes the following issue:
* CVE-2026-27171: Fixed infinite loop via the `crc32_combine64` and
`crc32_combine_gen64` functions due to missing checks for negative lengths
(bsc#1258392).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-783=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-783=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2026-783=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-783=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-783=1
## Package List:
* Development Tools Module 15-SP7 (x86_64)
* zlib-devel-32bit-1.2.13-150500.4.6.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* zlib-devel-static-1.2.13-150500.4.6.1
* zlib-testsuite-debuginfo-1.2.13-150500.4.6.1
* libminizip1-debuginfo-1.2.13-150500.4.6.1
* libminizip1-1.2.13-150500.4.6.1
* zlib-devel-1.2.13-150500.4.6.1
* zlib-testsuite-1.2.13-150500.4.6.1
* libz1-1.2.13-150500.4.6.1
* zlib-debugsource-1.2.13-150500.4.6.1
* libz1-debuginfo-1.2.13-150500.4.6.1
* minizip-devel-1.2.13-150500.4.6.1
* openSUSE Leap 15.5 (x86_64)
* libz1-32bit-debuginfo-1.2.13-150500.4.6.1
* libz1-32bit-1.2.13-150500.4.6.1
* zlib-devel-static-32bit-1.2.13-150500.4.6.1
* libminizip1-32bit-debuginfo-1.2.13-150500.4.6.1
* zlib-devel-32bit-1.2.13-150500.4.6.1
* libminizip1-32bit-1.2.13-150500.4.6.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libminizip1-64bit-debuginfo-1.2.13-150500.4.6.1
* libz1-64bit-1.2.13-150500.4.6.1
* libz1-64bit-debuginfo-1.2.13-150500.4.6.1
* zlib-devel-64bit-1.2.13-150500.4.6.1
* zlib-devel-static-64bit-1.2.13-150500.4.6.1
* libminizip1-64bit-1.2.13-150500.4.6.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* zlib-devel-static-1.2.13-150500.4.6.1
* zlib-testsuite-debuginfo-1.2.13-150500.4.6.1
* libminizip1-debuginfo-1.2.13-150500.4.6.1
* libminizip1-1.2.13-150500.4.6.1
* zlib-devel-1.2.13-150500.4.6.1
* zlib-testsuite-1.2.13-150500.4.6.1
* libz1-1.2.13-150500.4.6.1
* zlib-debugsource-1.2.13-150500.4.6.1
* libz1-debuginfo-1.2.13-150500.4.6.1
* minizip-devel-1.2.13-150500.4.6.1
* openSUSE Leap 15.6 (x86_64)
* libz1-32bit-debuginfo-1.2.13-150500.4.6.1
* libz1-32bit-1.2.13-150500.4.6.1
* zlib-devel-static-32bit-1.2.13-150500.4.6.1
* libminizip1-32bit-debuginfo-1.2.13-150500.4.6.1
* zlib-devel-32bit-1.2.13-150500.4.6.1
* libminizip1-32bit-1.2.13-150500.4.6.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libz1-debuginfo-1.2.13-150500.4.6.1
* zlib-devel-1.2.13-150500.4.6.1
* zlib-debugsource-1.2.13-150500.4.6.1
* libz1-1.2.13-150500.4.6.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* zlib-devel-static-1.2.13-150500.4.6.1
* libminizip1-debuginfo-1.2.13-150500.4.6.1
* libminizip1-1.2.13-150500.4.6.1
* zlib-devel-1.2.13-150500.4.6.1
* libz1-1.2.13-150500.4.6.1
* zlib-debugsource-1.2.13-150500.4.6.1
* libz1-debuginfo-1.2.13-150500.4.6.1
* minizip-devel-1.2.13-150500.4.6.1
* Basesystem Module 15-SP7 (x86_64)
* libz1-32bit-debuginfo-1.2.13-150500.4.6.1
* libz1-32bit-1.2.13-150500.4.6.1
## References:
* https://www.suse.com/security/cve/CVE-2026-27171.html
* https://bugzilla.suse.com/show_bug.cgi?id=1258392
SUSE-SU-2026:0789-1: critical: Security update for go1.24-openssl
# Security update for go1.24-openssl
Announcement ID: SUSE-SU-2026:0789-1
Release Date: 2026-03-03T15:51:44Z
Rating: critical
References:
* bsc#1236217
* bsc#1256818
* bsc#1256820
* bsc#1257692
* jsc#SLE-18320
Cross-References:
* CVE-2025-61732
* CVE-2025-68119
* CVE-2025-68121
CVSS scores:
* CVE-2025-61732 ( SUSE ): 9.4
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2025-61732 ( SUSE ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-61732 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
* CVE-2025-68119 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68119 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-68119 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-68121 ( SUSE ): 7.6
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-68121 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-68121 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-68121 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
* Development Tools Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves three vulnerabilities, contains one feature and has one
security fix can now be installed.
## Description:
This update for go1.24-openssl fixes the following issues:
Update to version 1.24.13 (jsc#SLE-18320, bsc#1236217).
Security issues fixed:
* CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing
allows for C code smuggling (bsc#1257692).
* CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain
(bsc#1256820).
* CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated
session ticket keys, session resumption does not account for the expiration
of full certificate chain (bsc#1256818).
Other updates and bugfixes:
* go#77322 crypto/x509: single-label excluded DNS name constraints incorrectly
match all wildcard SANs
* go#77424 crypto/tls: CL 737700 broke session resumption on macOS
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-789=1 openSUSE-SLE-15.6-2026-789=1
* Development Tools Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-789=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-789=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-789=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* go1.24-openssl-doc-1.24.13-150600.13.18.1
* go1.24-openssl-1.24.13-150600.13.18.1
* go1.24-openssl-debuginfo-1.24.13-150600.13.18.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* go1.24-openssl-race-1.24.13-150600.13.18.1
* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* go1.24-openssl-race-1.24.13-150600.13.18.1
* go1.24-openssl-doc-1.24.13-150600.13.18.1
* go1.24-openssl-1.24.13-150600.13.18.1
* go1.24-openssl-debuginfo-1.24.13-150600.13.18.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* go1.24-openssl-race-1.24.13-150600.13.18.1
* go1.24-openssl-doc-1.24.13-150600.13.18.1
* go1.24-openssl-1.24.13-150600.13.18.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* go1.24-openssl-race-1.24.13-150600.13.18.1
* go1.24-openssl-doc-1.24.13-150600.13.18.1
* go1.24-openssl-1.24.13-150600.13.18.1
## References:
* https://www.suse.com/security/cve/CVE-2025-61732.html
* https://www.suse.com/security/cve/CVE-2025-68119.html
* https://www.suse.com/security/cve/CVE-2025-68121.html
* https://bugzilla.suse.com/show_bug.cgi?id=1236217
* https://bugzilla.suse.com/show_bug.cgi?id=1256818
* https://bugzilla.suse.com/show_bug.cgi?id=1256820
* https://bugzilla.suse.com/show_bug.cgi?id=1257692
* https://jira.suse.com/browse/SLE-18320
