Grafana, LibSSH, PackageKit, and more updates for SUSE

SUSE 5635 Published by

SUSE has released a comprehensive batch of security advisories targeting numerous open source packages across its Linux distributions. The updates address critical and important vulnerabilities in widely used tools like grafana, radare2, libssh, and libsodium, alongside several Python and Java libraries. Administrators will find fixes for dozens of common vulnerability identifiers, with some flaws carrying severity scores that reach the maximum level due to remote code execution or denial of service risks. System owners can apply these patches immediately using standard zypper commands or the YaST online update utility to keep their openSUSE Leap and Tumbleweed environments secure.

openSUSE-SU-2026:20654-1: critical: Security update for grafana
openSUSE-SU-2026:20651-1: important: Security update for ntfs-3g_ntfsprogs
openSUSE-SU-2026:20647-1: moderate: Security update for libssh
openSUSE-SU-2026:20653-1: critical: Security update for radare2
openSUSE-SU-2026:20642-1: moderate: Security update for libsodium
openSUSE-SU-2026:20646-1: important: Security update for PackageKit
openSUSE-SU-2026:20652-1: important: Security update for openexr
openSUSE-SU-2026:20645-1: important: Security update for python-Mako
openSUSE-SU-2026:20650-1: moderate: Security update for python-PyNaCl
openSUSE-SU-2026:20644-1: important: Security update for python-jwcrypto
SUSE-SU-2026:1662-1: important: Security update for glibc-livepatches
openSUSE-SU-2026:10648-1: moderate: python315-3.15.0~a8-3.1 on GA media
openSUSE-SU-2026:10639-1: moderate: java-25-openjdk-25.0.3.0-1.1 on GA media
openSUSE-SU-2026:10646-1: moderate: python311-pyOpenSSL-26.1.0-1.1 on GA media
openSUSE-SU-2026:10642-1: moderate: libmozjs-140-0-140.10.0-1.1 on GA media
openSUSE-SU-2026:10644-1: moderate: prometheus-postgres_exporter-0.10.1-6.1 on GA media
openSUSE-SU-2026:10640-1: moderate: libpng12-0-1.2.59-5.1 on GA media
openSUSE-SU-2026:10641-1: moderate: libixml11-1.18.5-1.1 on GA media




openSUSE-SU-2026:20654-1: critical: Security update for grafana


openSUSE security update: security update for grafana
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20654-1
Rating: critical
References:

* bsc#1231844
* bsc#1232975
* bsc#1233343
* bsc#1235206
* bsc#1235574
* bsc#1236510
* bsc#1236559
* bsc#1236734
* bsc#1237671
* bsc#1238703
* bsc#1241683
* bsc#1241687
* bsc#1241809
* bsc#1243672
* bsc#1243714
* bsc#1245302
* bsc#1246735
* bsc#1246736
* bsc#1250616
* bsc#1251454
* bsc#1251657
* bsc#1254113
* bsc#1255340
* bsc#1257337
* bsc#1257349
* bsc#1258136

Cross-References:

* CVE-2023-45288
* CVE-2024-11741
* CVE-2024-28180
* CVE-2024-45339
* CVE-2024-51744
* CVE-2024-9264
* CVE-2024-9476
* CVE-2025-11065
* CVE-2025-21613
* CVE-2025-22870
* CVE-2025-22872
* CVE-2025-2703
* CVE-2025-27144
* CVE-2025-29923
* CVE-2025-3415
* CVE-2025-3454
* CVE-2025-3580
* CVE-2025-4123
* CVE-2025-47911
* CVE-2025-58190
* CVE-2025-6023
* CVE-2025-6197
* CVE-2025-64751
* CVE-2025-68156
* CVE-2026-21720
* CVE-2026-21721
* CVE-2026-21722

CVSS scores:

* CVE-2023-45288 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-45288 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-11741 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-11741 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-28180 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-28180 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-45339 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-45339 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-51744 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2024-51744 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-9264 ( SUSE ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2024-9264 ( SUSE ): 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-9476 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-11065 ( SUSE ): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-11065 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-21613 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-22870 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
* CVE-2025-22870 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
* CVE-2025-22872 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
* CVE-2025-2703 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
* CVE-2025-27144 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-27144 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-29923 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-3415 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-3415 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-3454 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-3580 ( SUSE ): 5.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-3580 ( SUSE ): 7 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-4123 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
* CVE-2025-47911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-47911 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-58190 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-6023 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
* CVE-2025-6023 ( SUSE ): 7.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2025-6197 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2025-6197 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-64751 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
* CVE-2025-64751 ( SUSE ): 5.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
* CVE-2025-68156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68156 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-21720 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21721 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-21721 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-21722 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-21722 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 27 vulnerabilities and has 26 bug fixes can now be installed.

Description:

This update for grafana fixes the following issues:

Changes in grafana:

- Update to version 11.6.11:
Features and enhancements:
* Alerting: Add limits for the size of expanded notification
templates
* Correlations: Remove support for org_id=0
Security:
* CVE-2026-21722: Public dashboards annotations: use dashboard
timerange if time selection disabled (bsc#1258136)

- Update to version 11.6.10:
Features and enhancements:
* API: Add missing scope check on dashboards
* Avatar: Require sign-in, remove queue, respect timeout
Bug fixes:
* Alerting: Fix a race condition panic in ResetStateByRuleUID

- Update to version 11.6.9:
Features and enhancements:
* Plugins: Add PluginContext to plugins when scenes is disabled
Bug fixes:
* Alerting: Fix contacts point issues

- Update to version 11.6.8:
Bug fixes:
* Alerting: Fix unmarshalling of GettableStatus to include time
intervals

- Update to version 11.6.7:
Bug fixes:
* Auth: Fix render user OAuth passthrough
* LDAP Authentication: Fix URL to propagate username context as
parameter
* Plugins: Dependencies do not inherit parent URL for preinstall
* URLParams: Stringify true values as key=true always (fixes
issues with variables with true value)

- Update to version 11.6.6:
Bug fixes:
* Alerting: Fix copying of recording rule fields
* Fix redirection after login when Grafana is served from subpath

- Update to version 11.6.5:
Features and enhancements:
* Alerting: Bump alerting package to include change to
NewTLSClient

- Update to version 11.6.4:
Features and enhancements:
* StateTimeline: Add endTime to tooltip
* Unified storage: Respect GF_DATABASE_URL override
Bug fixes:
* Alerting: Fix group interval override when adding new rules
* Azure: Fix legend formatting
* Azure: Fix resource name determination in template variable
queries
* Graphite: Fix annotation queries
* Graphite: Fix date mutation
* Graphite: Fix nested variable interpolation for repeated rows

- Update to version 11.6.3:
Security:
* Fixes CVE-2025-3415

- Update to version 11.6.2:
Bug fixes:
* Dashboard: Fixes issue with row repeats and first row
* Graphite: Ensure template variables are interpolated correctly
* Graphite: Fix Graphite series interpolation
* Prometheus: Fix semver import path

- Update to version 11.6.1:
Features and enhancements:
* DashboardScenePage: Correct slug in self referencing data links
* GrafanaUI: Use safePolygon close handler for interactive
tooltips instead of a delay
* Prometheus: Add support for cloud partners Prometheus data
sources
Bug fixes:
* Alertmanager: Add Role-Based Access Control via reqAction Field
* GrafanaUI: Remove blurred background from overlay backdrops to
improve performance
* InfluxDB: Fix nested variable interpolation
* LDAP test: Fix page crash
* Org redirection: Fix linking between orgs

- Upgrade to version 11.6.0:
Features and enhancements:
* Visualisations: One click links and actions
* Annotations: Add cron syntax support
* WebGL-powered geomaps for better performance
* Alerting: Add alert rule version history
Security:
* API keys: Migrate API keys to service accounts at startup

- CVE-2026-21721: Fix access control by the dashboard permissions API (bsc#1257337)
- CVE-2026-21720: Fix unauthenticated DoS (bsc#1257349)
- CVE-2025-68156: Fix potential DoS via unbounded recursion in builtin functions (bsc#1255340)
- CVE-2025-64751: Drop experimental implementation of authorization Zanzana server/client (bsc#1254113)

- Use forked wire from Grafana repository instead of external
package (jsc#PED-14178).

- Update to version 11.5.10:
Security:
* CVE-2025-47911: Fix parsing HTML documents (bsc#1251454)
* CVE-2025-58190: Fix excessive memory consumption (bsc#1251657)
Features and enhancements:
* Update to Go 1.25
* Update to golang.org/x/net v0.45.0
Bug fixes:
* Auth: Fix render user OAuth passthrough.
* LDAP Authentication: Fix URL to propagate username context as
parameter.
* Plugins: Dependencies do not inherit parent URL for preinstall.

- Update to version 11.5.9:
* Security:
CVE-2025-11065: Fix sensitive information leak in logs
(bsc#1250616)
* Features and enhancements:
Auditing: Document new options for recording datasource query
request/response body.
* Bug fixes:
Login: Fix redirection after login when Grafana is served from
subpath.

- Update to version 11.5.8:
* No relevant changes

- Update to version 11.5.7:
* Security:
CVE-2025-6023: Fix cross-site-scripting via scripted dashboards (bsc#1246735)
CVE-2025-6197: Fix open redirect in organization switching (bsc#1246736)
* Bug fixes:
Azure: Fix legend formatting.
Azure: Fix resource name determination in template variable
queries.

- Update to version 11.5.6:
* Security:
CVE-2025-3415: Fix exposure of DingDing alerting integration
URL to Viewer level users (bsc#1245302)

- Update to version 11.5.5 (jsc#PED-12918):
* Security:
CVE-2025-4123: Fix cross-site scripting vulnerability (bsc#1243714).
CVE-2025-22872: Bump golang.org/x/net/html (bsc#1241809)
CVE-2025-3580: Prevent unauthorized server admin deletion (bsc#1243672).

- Update to version 11.5.4:
* Security:
CVE-2025-29923: Bump github.com/redis/go-redis/v9 to 9.6.3.
CVE-2025-3454: Sanitize paths before evaluating access to route (bsc#1241683).
CVE-2025-2703: Fix built-in XY Chart plugin (bsc#1241687).
* Features and enhancements:
Azure Monitor: Filter namespaces by resource group.
Azure: Add support for custom namespace and custom metrics
variable queries.
Azure: Resource picker improvements.
Azure: Support more complex variable interpolation.
Azure: Variable editor and resource picker improvements.
DashboardScenePage: Correct slug in self referencing data
links.
Prometheus: Add support for cloud partners Prometheus data
sources.
* Bug fixes:
InfluxDB: Fix nested variable interpolation.
LDAP test: Fix page crash.

- Update to version 11.5.3:
* Security:
CVE-2025-22870: Bump golang.org/x/net (bsc#1238703).
* Bug fixes:
Alerting: Fix token-based Slack image upload to work with
channel names.
Auth: Fix AzureAD config UI's ClientAuthentication dropdown.
Dashboard: Fix the unintentional time range and variables
updates on saving.
Dashboards: Fix missing v/e/i keybindings to return back to
dashboard.
InfluxDB: Improve handling of template variables contained in
regular expressions (InfluxQL).
Org redirection: Fix linking between orgs.

- Update to version 11.5.2:
* Bug fixes:
Alerting: Allow specifying uid for new rules added to groups.
Alerting: Call RLock() before reading sendAlertsTo map.
Auth: Fix redirect with JWT auth URL login.
AuthN: Refetch user on "ErrUserAlreadyExists".
Azure: Correctly set application insights resource values.
DashboardList: Throttle the re-renders.
Dashboards: Bring back scripted dashboards.
Plugin Metrics: Eliminate data race in plugin metrics
middleware.
RBAC: Don't check folder access if annotationPermissionUpdate
FT is enabled.

- Update to version 11.5.1:
* Bug fixes:
CodeEditor: Fix cursor alignment.
TransformationFilter: Include transformation outputs in
transformation filtering options.

- Upgrade to version 11.5.0:
* Breaking changes:
Loki: Default to /labels API with query param instead of
/series API.
* Features and enhancements:
Extended Cloud Migration Assistent support for plugins and
alerts.
Redesigned filters for dashboards.
New regular expression option for Extract fields
transformation.
Redesigned sharing experience in Dashboards.
Customizable shareable dashboard panel images.
RBAC for alerting notifications and notification policies.
Add support for Elasticsearch cross-cluster search.
Time series macro support in visual query builder for SQL data
sources.
OAuth and SAML session handling improvements.
Plugin Frontend Sandbox for additiona security.
Renamed Public dashboards to Shared dashboards.

- Update to version 11.4.1:
* Bug fixes:
Alerting: AlertingQueryRunner should skip descendant nodes of
invalid queries.
Alerting: Fix alert rules unpausing after moving rule to
different folder.
Alerting: Fix label escaping in rule export.
Alerting: Fix slack image uploading to use new api.
Azure/GCM: Improve error display.
Dashboards: Fix issue where filtered panels would not react to
variable changes.
Dashboards: Fixes issue with panel header showing even when
hide time override was enabled.
Dashboards: Fixes week relative time ranges when weekStart was
changed.
Dashboards: Panel react for timeFrom and timeShift changes
using variables.
DateTimePicker: Fixes issue with date picker showing invalid
date.
Fix: Add support for datasource variable queries.
InfluxDB: Adhoc filters can use template vars as values.
LibraryPanel: Fallback to panel title if library panel title is
not set.

- Upgrade to version 11.4.0:
* Features and enhancements:
Cloudwatch: OpenSearch PPL and SQL support in Logs Insights.

- Update to version 11.3.1:
* Features and enhancements:
Alerting: Make context deadline on AlertNG service startup
configurable.
MigrationAssistant: Restrict dashboards, folders and
datasources by the org id of the signed in
user.
User: Check SignedInUser OrgID in RevokeInvite.
* Bug fixes:
Alerting: Fix escaping of silence matchers in utf8 mode.
Alerting: Fix overflow for long receiver names.
Alerting: Fix saving advanced mode toggle state in the alert
rule editor.
Alerting: Fix setting datasource uid, when datasource is string
in old version.
Alerting: Force refetch prom rules when refreshing panel.
Anonymous User: Adds validator service for anonymous users.
Azure Monitor: Support metric namespaces fallback.
Azure: Fix duplicated traces in multi-resource trace query.
Azure: Handle namespace request rejection.
CloudWatch: Interpolate region in log context query.
Dashboard datasource: Return annotations as series when query
topic is "annotations".
Dashboard: Append orgId to URL.
Dashboards: Fixes performance issue expanding a row.
Flame Graph: Fix crash when it receives empty data.
Folders: Add admin permissions upon creation of a folder w. SA.
Folders: Don't show error pop-up if the user can't fetch the
root folder.
Migration: Remove table aliasing in delete statement to make it
work for mariadb.
ServerLock: Fix pg concurrency/locking issue.
Service Accounts: Run service account creation in transaction.
Table: Fix text wrapping applying to wrong field.
Unified Storage: Use ssl_mode instead of sslmode.

- Update to version 11.3.0+security-01:
* Security:
CVE-2024-9476: Fix Migration Assistant issue (bsc#1233343)

- Upgrade to version 11.3.0:
* Features and enhancements:
View mode and Edit mode are generally available.
Template variables and the time range picker remain visible
when scrolling.
Added timezone parameter in Grafana URL.
Kiosk mode displays dashboard controls.
Auto-formatted table cell values in Cell Inspect.
Allow adding actions to canvas elements.
Legend support in bar gauge visualizations.
Apply the same binary transformation to all the number fields
in a given table at once.
Add support for data links and actions in several
visualizations.
The Explore Logs plugin is installed by default.
Added correlations to external URLs in Explore.
Simplified query section for alert rule creation.
Introduced recording rules for Grafana-managed alerts.
GitHub App authentication for the GitHub data source.
Improved subfolder creation flow.
Redesigned plugin details page.
Added UI for LDAP configuration.
Added RBAC support in Plugins.

- Update to version 11.2.2+security-01:
* Bug fix:
SQL Expressions: Fixes CVE-2024-9264 (bsc#1231844)

- Update to version 11.2.2:
* Features and enhancements:
Data sources: Hide the datasource redirection banner for users
who can't interact with data sources.
* Bug fixes:
Alerting: Fix preview of silences when label name contains
spaces.
Alerting: Make query wrapper match up datasource UIDs if
necessary.
AzureMonitor: Improve resource picker efficiency.
AzureMonitor: Remove Basic Logs retention warning.
CloudWatch: Fix segfault when migrating legacy queries.
DashboardScene: Fix broken error handling and error rendering.
Plugins: Avoid returning 404 for AutoEnabled apps.

- Update to version 11.2.1:
* Features and enhancements:
Alerting: Support for optimistic concurrency in priovisioning
Tempate API.
Logs panel: Enable displayedFields in dashboards and apps.
State timeline: Add pagination support.
* Bug fixes:
Authn: No longer hash service account token twice during
authentication.
CloudMigrations: Fix snapshot creation on Windows systems.
DashGPT: Fixes issue with generation on Safari.
Dashboard: Fix Annotation runtime error when a data source does
not support annotations.
Grafana SQL: Fix broken import in NumberInput component.
Logs: Show older logs button when infinite scroll is enabled
and sort order is descending.
RBAC: Fix an issue with server admins not being able to manage
users in orgs that they don't belong to.
Templating: Fix searching non-latin template variables.

- Upgrade to version 11.2.0:
* Features and enhancements:
Grafana Cloud Migration Assistant is in public preview.
Added navigation bookmarks.
Added template variables support in some transformations.
Introduced Transpose transformation.
Group to nested tables is now generally available.
Format string transformation is now generally available.
New cumulative and window calculations available in Add field
from calculation.
Canvas: Standardized tooltips.
Canvas: Allow adding data links without using an override.
Canvas: Allow opening data links with a single click.
Canvas: Add the ability to control the order in which data
links are displayed.
Added pagination support for state timeline.
Centralized alert history page.
Grafana Explore now allows for logs filtering and pinning in
content outline.
Added forward direction search for Loki.
Added Cloudwatch Metric Insights cross account observability
support.
Added Yugabyte data source.
Map org-specific user roles from your OAuth provider.
Better SAML integration for Azure AD.
API support for LDAP configuration (experimental).
OpenID Connect Discovery URL for Generic OAuth.

- Update to version 11.1.5:
* Bug fixes:
Alerting: Fix permissions for prometheus rule endpoints.
Alerting: Fix persisting result fingerprint that is used by
recovery threshold.
RBAC: Fix an issue with server admins not being able to manage
users in orgs that they don't belong to.
Snapshots: Fix panic when snapshot_remove_expired is true.
VizTooltip: Fix positioning at bottom and right edges on
mobile.
Plugins: Fix QueryField typeahead missing background color.

- Update to version 11.1.3:
* Bug fix:
RBAC: Allow plugins to use scoped actions.

- Update to version 11.1.1:
* Bug fixes:
Alerting: Skip fetching alerts for unsaved dashboards.
Alerting: Support utf8_strict_mode: false in Mimir.
Scenes: Fixes issue with panel repeat height calculation.
Table Panel: Fix Image hover without datalinks.
Tempo: Fix grpc streaming support over pdc-agent.
RBAC: Allow plugins to use scoped actions.

- Upgrade to version 11.1.0:
* Security:
CVE-2023-45288: Bump golang.org/x/net (bsc#1236510)
* Features and improvements:
Allow table cell text wrapping.
Added stat visualization percent change color mode options.
XA chart is generally available.
Redesigned settings page for Alerting.
Added alerting template selector.
Added OAuth2 to HTTP settings for vanilla Alertmanager / Mimir.
Improved paused alert visibility.
Rule-specific silences with permissions.
Support for AWS SNS integration in Grafana-managed alerts.
Added GeoMap and panel shortcut keyboard support.
Accessability headings improvements.
Added reduced motion support.

- Update to version 11.0.1:
* Breaking changes:
If you had selected your language as "Portugu?s Brasileiro"
previously, this will be reset. You have to select it again in
your Preferences for the fix to be applied and the translations
will then be shown.
* Bug fixes:
Echo: Suppress errors from frontend-metrics API call failing.
Analytics: Fix ApplicationInsights integration.
DashboardScene: Fixes issue removing override rule.
BrowseDashboards: Prepend subpath to New Browse Dashboard
actions.
Alerting: Fix rule storage to filter by group names using
case-sensitive comparison.
RBAC: List only the folders that the user has access to.
DashboardScene: Fixes lack of re-render when updating field
override properties.
DashboardScene: Fixes inspect with transforms issue.
AzureMonitor: Fix bug detecting app insights queries.
Access Control: Clean up permissions for deprovisioned data
sources.
Loki: Fix editor history in wrong order.
SSE: Fix threshold unmarshal to avoid panic.
LibraryPanels/RBAC: Ignore old folder permission check when
deleting/patching lib panel.
Dashboards: Correctly display Admin access to dashboards in the
UI.
LogsTable: Fix default sort by time.
Alerting: Fix rules deleting when reordering whilst filtered.
Alerting: Fix typo in JSON response for rule export.
CloudMonitoring: Fix query type selection issue.
Alerting: Fix scheduler to sort rules before evaluation.
DashboardScene: Skip panel repeats when values are the same.
Alerting: Do not store series values from past evaluations in
state manager for no reason.
DashboardScene: Fixing major row repeat issues.
DashboardScene: Fixes checkbox orienation in save forms.

- Upgrade to version 11.0.0:
* Breaking changes:
AngularJS support is turned off by default.
Legacy alerting is entirely removed.
Subfolders cause very rare issues with folders which have
slashes in their names.
The input data source is removed.
Data sources: Responses which are associated with hidden
queries will be removed (filtered) by Grafana.
The URL which is generated when viewing an individual repeated
panel has changed.
React Router is deprecated.
The grafana/e2e testing tool is deprecated.
* Features and enhancements:
Introduced Explore Metrics (public preview) and Explore Logs
(experimental).
Introduced edit mode to provide an easier way to discover and
interact with the dashboard edit exprerience.
Fixed positioning of template variables and time picker.
Introduced dashboard subfolders.
Use AI to generate titles and descriptions for panels and
dashboards.
Canvas: Enhanced flowcharting functionality.
Canvas: Universal data link support.
Canvas: Added infinite panning editor option.
Added colored table rows with conditional formatting.
Set threshold colors in the Config from query transformation.
Substring matcher added to the Filter by value transformation.
Keep Last State for Grafana Managed Alerting.
Redesigned alert detail view.
The Alerting Provisioning HTTP API has been updated to enforce
RBAC.
Removed old Tempo Search and Loki Search.
MSSQL: Windows Active Directory (Kerberos) authentication.
New strong password policy.

- CVE-2025-27144: Fix Go JOSE's Parsing Vulnerability (bsc#1237671)
- CVE-2024-51744: Fix bad documentation of error handling in ParseWithClaims (bsc#1232975)
- CVE-2024-45339: Fix vulnerability when creating log files (bsc#1236559)

- Update to version 10.4.15:
* Bugfixes
CVE-2024-11741: Fix the Grafana Alerting VictorOps integration
(bsc#1236734)
Chore: Bump dependency golang.org/x/crypto to v0.31.0

- Update to version 10.4.14:
* Bugfixes
Alerting: Do not fetch Orgs if the user is authenticated by
apikey/sa or render key

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-225=1

Package List:

- openSUSE Leap 16.0:

grafana-11.6.11-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2023-45288.html
* https://www.suse.com/security/cve/CVE-2024-11741.html
* https://www.suse.com/security/cve/CVE-2024-28180.html
* https://www.suse.com/security/cve/CVE-2024-45339.html
* https://www.suse.com/security/cve/CVE-2024-51744.html
* https://www.suse.com/security/cve/CVE-2024-9264.html
* https://www.suse.com/security/cve/CVE-2024-9476.html
* https://www.suse.com/security/cve/CVE-2025-11065.html
* https://www.suse.com/security/cve/CVE-2025-21613.html
* https://www.suse.com/security/cve/CVE-2025-22870.html
* https://www.suse.com/security/cve/CVE-2025-22872.html
* https://www.suse.com/security/cve/CVE-2025-2703.html
* https://www.suse.com/security/cve/CVE-2025-27144.html
* https://www.suse.com/security/cve/CVE-2025-29923.html
* https://www.suse.com/security/cve/CVE-2025-3415.html
* https://www.suse.com/security/cve/CVE-2025-3454.html
* https://www.suse.com/security/cve/CVE-2025-3580.html
* https://www.suse.com/security/cve/CVE-2025-4123.html
* https://www.suse.com/security/cve/CVE-2025-47911.html
* https://www.suse.com/security/cve/CVE-2025-58190.html
* https://www.suse.com/security/cve/CVE-2025-6023.html
* https://www.suse.com/security/cve/CVE-2025-6197.html
* https://www.suse.com/security/cve/CVE-2025-64751.html
* https://www.suse.com/security/cve/CVE-2025-68156.html
* https://www.suse.com/security/cve/CVE-2026-21720.html
* https://www.suse.com/security/cve/CVE-2026-21721.html
* https://www.suse.com/security/cve/CVE-2026-21722.html



openSUSE-SU-2026:20651-1: important: Security update for ntfs-3g_ntfsprogs


openSUSE security update: security update for ntfs-3g_ntfsprogs
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20651-1
Rating: important
References:

* bsc#1262216

Cross-References:

* CVE-2026-40706

CVSS scores:

* CVE-2026-40706 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-40706 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for ntfs-3g_ntfsprogs fixes the following issue:

- CVE-2026-40706: heap buffer overflow in ntfs_build_permissions_posix() in acls.c (bsc#1262216).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-659=1

Package List:

- openSUSE Leap 16.0:

libntfs-3g-devel-2022.10.3-160000.3.1
libntfs-3g89-2022.10.3-160000.3.1
ntfs-3g-2022.10.3-160000.3.1
ntfsprogs-2022.10.3-160000.3.1
ntfsprogs-extra-2022.10.3-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-40706.html



openSUSE-SU-2026:20647-1: moderate: Security update for libssh


openSUSE security update: security update for libssh
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20647-1
Rating: moderate
References:

* bsc#1246974
* bsc#1249375
* bsc#1258045
* bsc#1258049
* bsc#1258054
* bsc#1258080
* bsc#1258081

Cross-References:

* CVE-2025-8114
* CVE-2025-8277
* CVE-2026-0964
* CVE-2026-0965
* CVE-2026-0966
* CVE-2026-0967
* CVE-2026-0968

CVSS scores:

* CVE-2025-8114 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-8114 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-8277 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-0964 ( SUSE ): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-0965 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-0966 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-0967 ( SUSE ): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-0967 ( SUSE ): 1 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-0968 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L
* CVE-2026-0968 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 7 vulnerabilities and has 7 bug fixes can now be installed.

Description:

This update for libssh fixes the following issues:

- Update to version 0.11.4:
- CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() (bsc#1258049)
- CVE-2026-0965: Possible Denial of Service when parsing unexpected configuration files (bsc#1258045)
- CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054)
- CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081)
- CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080)
- CVE-2025-8114: Fix NULL pointer dereference after allocation failure (bsc#1246974)
- CVE-2025-8277: Fix memory leak of ephemeral key pair during repeated wrong KEX (bsc#1249375)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-655=1

Package List:

- openSUSE Leap 16.0:

libssh-config-0.11.4-160000.1.1
libssh-devel-0.11.4-160000.1.1
libssh4-0.11.4-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-8114.html
* https://www.suse.com/security/cve/CVE-2025-8277.html
* https://www.suse.com/security/cve/CVE-2026-0964.html
* https://www.suse.com/security/cve/CVE-2026-0965.html
* https://www.suse.com/security/cve/CVE-2026-0966.html
* https://www.suse.com/security/cve/CVE-2026-0967.html
* https://www.suse.com/security/cve/CVE-2026-0968.html



openSUSE-SU-2026:20653-1: critical: Security update for radare2


openSUSE security update: security update for radare2
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20653-1
Rating: critical
References:

* bsc#1234065
* bsc#1237250
* bsc#1238075
* bsc#1238451
* bsc#1244121
* bsc#1262142

Cross-References:

* CVE-2024-29645
* CVE-2025-1378
* CVE-2025-1744
* CVE-2025-1864
* CVE-2025-5641
* CVE-2026-40499

CVSS scores:

* CVE-2025-1378 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-1378 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-1744 ( SUSE ): 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-1744 ( SUSE ): 10 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-5641 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-5641 ( SUSE ): 2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 6 vulnerabilities and has 6 bug fixes can now be installed.

Description:

This update for radare2 fixes the following issues:

Changes in radare2:

- Update to version 6.1.4 (bsc#1262142, CVE-2026-40499):
* Analysis: improve autoname scoring, jmptbl detection, and performance
* Add callargs modifier, rnum expressions, and typed function context
* Refactor autoname into plugin; extend RAnalPlugin hooks
* Fix leaks, overflows, and command injection in analysis scripts
* Improve string detection, wide strings, and switch/case analysis
* Arch: fix v850/nds32 ESIL, optimize to O(1), improve pseudo support
* Cache capstone options and improve multi-arch disassembly
* ASM: add camel syntax support, unify via RArch API
* Bin: major parser fixes (ELF, Mach-O, PE, DEX, PDB, WAD, XCOFF)
* Fix leaks, OOB reads/writes, overflows, and improve bounds checks
* Improve Swift demangling, ARM hints, relocations, and imports
* Add nds32 reloc support and optimize kernelcache parsing
* Build: install to lib64, fix illumos and packaging issues
* CI: add GitHub Actions and FilC builds
* Console: fix multiple overflows, OOB issues, and improve performance
* Core: API renames, plugin load order, sandbox/config fixes
* Crash: extensive fixes (UAF, OOB, overflows, injections, fuzz bugs)
* Harden ELF, PDB, kernelcache, regex, disassemblers, and webserver
* Debug: improve ptrace, winkd support, breakpoints, checkpoints
* Disasm: cache flag lookups for performance
* FS/IO: fix leaks, bounds, sparse IO, and device handling
* HTTP/socket: webserver fixes and SSL fallback handling
* Print/projects: improve formatting, endian handling, project metadata
* Pseudo: add while/switch support and cleaner control flow
* Search/shell: improve commands, parsing, and usability
* Security: fix widespread command injection and sandbox escapes
* Tests/tools: improve r2r, CLI tools, fuzzing, and plugin support
* Types/util: parsing improvements, JSON/base64 updates, optimizations
* Visual: fix UAF/leaks, improve panels and UX
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.1.4

- Update to version 6.1.2:
* Analysis: preserve timeouts, improve bb/jmptbl validation and limits
* Optimize string detection and hot-path functions
* Add APIs for function signatures, vars limits, and instruction hints
* Fix overlapped functions, invalid code checks, and large bb handling
* API: remove deprecated librmagic/filetype APIs and name filter
* Arch: fix Thumb/endianness issues, add Python pseudo plugin
* ASM: unify settings via RArch, fix directives, add bf pseudo plugin
* Bin: improve ELF/Mach-O stripped detection and parsing safety
* Harden Mach-O bounds, optimize kernelcache and XNU parsing
* Fix many leaks (DEX, demangler, parsers) and infinite loops
* Improve DWARF handling and symbol/type extraction
* Build: improve meson, toolchains, and add ISO/docker support
* Console: preserve timeout, fix themes and UTF-8 handling
* Core: fix config bugs, improve startup and addressing support
* Crash: fix UAF, OOB, race conditions, regex bugs, and overflows
* Add safety checks across dotnet, Mach-O, DWARF, and webserver
* Debug/ESIL: safer execution and divide-by-zero handling
* FS/IO: fix HFS+, dyldcache speedups, safer zip handling
* Graph: add bb size limit option
* Print: merge commands, improve UTF-8 and formatting
* Projects/tools: new configs, plugin support, CLI improvements
* Search: faster analysis search and block buffering
* Shell: improve grep/macros and file operations
* Types: lazy-load, cache, and improve parsing (varargs, structs)
* Tests: expand fuzzing and test suites
* General cleanup, performance tuning, and safety improvements
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.1.4

- Update to version 6.1.0:
* Reimplement RBufRef using RRef; fix RLibDelHandler API
* Remove stale JAY code; improve analysis performance and CI speed
* Optimize type propagation, jump tables, and plugin integration
* Fix infinite loops, antidisasm tricks, and function autonaming
* Add new analysis options and trace import plugin (DRCOV)
* Improve RCore seek operations and naming APIs
* API: add RNum.getErr, enforce safe alloc macros, new helpers
* Arch: update ARC disasm, refactor sessions, remove unsafe string ops
* ASM: improve x86 validation, add CIL and ARC pseudo plugins
* Bin: major fixes for PE, ELF, Java, MDMP, LE, DEX; reduce memory use
* Add/import DWARF types, improve relocations and symbol handling
* Extensive memory leak fixes and parser hardening across formats
* Improve string handling, caching, and zero-copy optimizations
* Build: improve meson, remove zip deps, add 3rd-party plugin support
* Console: fix UTF-8 graphs and color propagation
* Core: improve plugin handling and background task stability
* Crash: fix multiple UAF, OOB, overflows, and injection issues
* Sanitize inputs (function names, demangler, callconv)
* Debug: add source breakpoints, ARM64/XNU support, FPU regs
* Disasm: improve string handling, comments, and color logic
* ESIL: extend x86 FPU emulation
* FS/IO: fixes and plugin reorganizations
* HTTP: fix sandbox webserver issues
* Hash/tools: minor fixes and output improvements
* General cleanup, safety checks, and performance optimizations
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.1.0

- Update to version 6.0.8:
* Migrate r_vector to RVec across core components
* Refactor and optimize type propagation (now plugin-based)
* Remove redundant anal.a2f and related duplication
* Improve caching, memoization, and performance in analysis
* Fix file corruption, null asserts, and command issues
* Enhance x86 (AT&T syntax, enter instruction) and z80 support
* Add initial .NET (CIL) disasm/asm support
* Improve Java, ELF, Mach-O, APK, and PDB handling
* Fix demangling, symbols, and relocation issues
* Resolve multiple memory leaks and parser bugs
* Fix UAF, OOB, overflows, and command injection vulnerabilities
* Improve GDB debugging and breakpoint handling
* Enhance disassembly visuals and color options
* Update ESIL operators and behavior
* Add support for APFS, GPT, BSD, APM partitions
* Improve IO handling and add new plugins
* Optimize performance (strbuf, memory usage)
* Improve console UI, themes, and terminal handling
* Refine SDK builds and CI pipelines
* Improve CLI tools (rabin2, rasm2, rafs2)
* Add JSON support and better help/version info
* Expand type parsing (typedef, enum, union)
* Improve socket/HTTP handling and downloads
* Add and refine tests and reporting
* General cleanup, safety checks, and code modernization
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.0.8

- Update to version 6.0.7:
* shell: Fix parsing r2 -H$(VARNAME) without a space

- Update to version 6.0.6:
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.0.6

- Update to version 6.0.4:
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.0.4

- Update to version 6.0.2:
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.0.2

- Update to version 6.0.0:
* ABI changes:
~ RCorePlugins now have a session
~ Finish the RKons refactoring, all r_cons calls take instance instead of global
~ Rename RCrypto to RMuta
~ Use RCons instance from RLine
~ Rename RIOPlugin.widget to RIOPlugin.data
~ Refactor the RRegAlias api
~ Camelcase all the RCoreBind methods
* Breaking API changes:
~ Boolify r_cons_rgb_parse
~ Add RLogLevel.fromString() and use it from -e log.level=?
~ Deprecate r_bin_addr2line
~ Rename RBinDbgItem into RBinAddrline
~ RNumCalc is now known as RNumMath
~ Move RFlagItem.alias into the Meta
~ Rename core->offset into core->addr (asm.offset and more!)
~ Rename RFlagItem.offset -> addr
* API changes:
~ Boolify r_cons_rgb_parse
~ Add RLogLevel.fromString() and use it from -e log.level=?
~ Deprecate r_bin_addr2line
~ Rename RBinDbgItem into RBinAddrline
~ RNumCalc is now known as RNumMath
~ Move RFlagItem.alias into the Meta
~ Rename core->offset into core->addr (asm.offset and more!)
~ Rename RFlagItem.offset -> addr
~ Deprecate RLang.list()
~ Unified function to jsonify the plugin meta + more fields
~ Redesign the REvent API
* Full changelog is available at:
https://github.com/radareorg/radare2/releases/tag/6.0.0

- CVE-2025-5641: Fix memory corruption by manipulation of the argument -T (bsc#1244121)
- CVE-2025-1864: Fix buffer overflow and potential code execution (bsc#bsc#1238451)
- CVE-2025-1744: Fix heap-based buffer over-read or buffer overflow (bsc#1238075)
- CVE-2025-1378: Fix memory corruption (bsc#1237250)

- Update to version 5.9.8:
* Resolved CVE:
- CVE-2024-29645: buffer overflow vulnerability allows an attacker to
execute arbitrary code via the parse_die function (boo#1234065).
For details, check full release notes:
https://github.com/radareorg/radare2/releases/tag/5.9.8
https://github.com/radareorg/radare2/releases/tag/5.9.6
https://github.com/radareorg/radare2/releases/tag/5.9.4
https://github.com/radareorg/radare2/releases/tag/5.9.2
https://github.com/radareorg/radare2/releases/tag/5.9.0

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-packagehub-224=1

Package List:

- openSUSE Leap 16.0:

libsdb2_4_2-6.1.4-bp160.1.1
radare2-6.1.4-bp160.1.1
radare2-devel-6.1.4-bp160.1.1
radare2-zsh-completion-6.1.4-bp160.1.1

References:

* https://www.suse.com/security/cve/CVE-2024-29645.html
* https://www.suse.com/security/cve/CVE-2025-1378.html
* https://www.suse.com/security/cve/CVE-2025-1744.html
* https://www.suse.com/security/cve/CVE-2025-1864.html
* https://www.suse.com/security/cve/CVE-2025-5641.html
* https://www.suse.com/security/cve/CVE-2026-40499.html



openSUSE-SU-2026:20642-1: moderate: Security update for libsodium


openSUSE security update: security update for libsodium
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20642-1
Rating: moderate
References:

* bsc#1255764
* bsc#1256070

Cross-References:

* CVE-2025-15444
* CVE-2025-69277

CVSS scores:

* CVE-2025-15444 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2025-69277 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-69277 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for libsodium fixes the following issues:

Security fixes:

- CVE-2025-15444: Cryptographic bypass via improper elliptic curve point validation (bsc#1256070).
- CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to
crypto_core_ed25519_is_valid_point function (bsc#1255764).

Other fixes:

- Update to 1.0.21
* The new crypto_ipcrypt_* functions implement mechanisms for securely
encrypting and anonymizing IP addresses.
* The sodium_bin2ip and sodium_ip2bin helper functions have been added to
complement the crypto_ipcrypt_* functions and easily convert addresses
between bytes and strings.
* XOF: the crypto_xof_shake* and crypto_xof_turboshake* functions are
* standard
extendable output functions. From input of any length, they can derive
output of any length with the same properties as hash functions. These
primitives are required by many post-quantum mechanisms, but can also be
used for a wide range of applications, including key derivation, session
encryption and more.
* Performance of AES256-GCM and AEGIS on ARM has been improved with some
compilers
* Security: optblockers have been introduced in critical code paths to prevent
compilers from introducing unwanted side channels via conditional jumps. This
was observed on RISC-V targets with specific compilers and options.
* Security: crypto_core_ed25519_is_valid_point() now properly rejects
small-order points that are not in the main subgroup
* ((nonnull)) attributes have been relaxed on some crypto_stream* functions to
allow NULL output buffers when the output length is zero
* A cross-compilation issue with old clang versions has been fixed
* crypto_aead_aes256gcm_is_available is exported to JavaScript
* Security: memory fences have been added after MAC verification in AEAD to
prevent speculative access to plaintext before authentication is complete
* Assembly files now include .gnu.property notes for proper IBT and Shadow
Stack support when building with CET instrumentation.

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-649=1

Package List:

- openSUSE Leap 16.0:

libsodium-devel-1.0.21-160000.1.1
libsodium26-1.0.21-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-15444.html
* https://www.suse.com/security/cve/CVE-2025-69277.html



openSUSE-SU-2026:20646-1: important: Security update for PackageKit


openSUSE security update: security update for packagekit
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20646-1
Rating: important
References:

* bsc#1262220

Cross-References:

* CVE-2026-41651

CVSS scores:

* CVE-2026-41651 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-41651 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for PackageKit fixes the following issues:

- CVE-2026-41651: race condition allows for arbitrary RPM package installation as root and can lead to LPE
(bsc#1262220).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-654=1

Package List:

- openSUSE Leap 16.0:

PackageKit-1.2.8-160000.4.1
PackageKit-backend-dnf-1.2.8-160000.4.1
PackageKit-backend-zypp-1.2.8-160000.4.1
PackageKit-branding-upstream-1.2.8-160000.4.1
PackageKit-devel-1.2.8-160000.4.1
PackageKit-gstreamer-plugin-1.2.8-160000.4.1
PackageKit-gtk3-module-1.2.8-160000.4.1
PackageKit-lang-1.2.8-160000.4.1
libpackagekit-glib2-18-1.2.8-160000.4.1
libpackagekit-glib2-devel-1.2.8-160000.4.1
typelib-1_0-PackageKitGlib-1_0-1.2.8-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2026-41651.html



openSUSE-SU-2026:20652-1: important: Security update for openexr


openSUSE security update: security update for openexr
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20652-1
Rating: important
References:

* bsc#1262425
* bsc#1262426

Cross-References:

* CVE-2026-40244
* CVE-2026-40250

CVSS scores:

* CVE-2026-40244 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-40244 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-40250 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-40250 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for openexr fixes the following issues:

- CVE-2026-40244: integer overflow in DWA setupChannelData planarUncRle pointer arithmetic (bsc#1262426).
- CVE-2026-40250: integer overflow in DWA decoder outBufferEnd pointer arithmetic (bsc#1262425).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-660=1

Package List:

- openSUSE Leap 16.0:

libIex-3_2-31-3.2.2-160000.7.1
libIex-3_2-31-x86-64-v3-3.2.2-160000.7.1
libIlmThread-3_2-31-3.2.2-160000.7.1
libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.7.1
libOpenEXR-3_2-31-3.2.2-160000.7.1
libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.7.1
libOpenEXRCore-3_2-31-3.2.2-160000.7.1
libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.7.1
libOpenEXRUtil-3_2-31-3.2.2-160000.7.1
libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.7.1
openexr-3.2.2-160000.7.1
openexr-devel-3.2.2-160000.7.1
openexr-doc-3.2.2-160000.7.1

References:

* https://www.suse.com/security/cve/CVE-2026-40244.html
* https://www.suse.com/security/cve/CVE-2026-40250.html



openSUSE-SU-2026:20645-1: important: Security update for python-Mako


openSUSE security update: security update for python-mako
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20645-1
Rating: important
References:

* bsc#1262716

Cross-References:

* CVE-2026-41205

CVSS scores:

* CVE-2026-41205 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-41205 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for python-Mako fixes the following issue:

- CVE-2026-41205: Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal (bsc#1262716).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-653=1

Package List:

- openSUSE Leap 16.0:

python313-Mako-1.3.10-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-41205.html



openSUSE-SU-2026:20650-1: moderate: Security update for python-PyNaCl


openSUSE security update: security update for python-pynacl
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20650-1
Rating: moderate
References:

* bsc#1161557
* bsc#1199282
* bsc#1255764

Cross-References:

* CVE-2025-69277

CVSS scores:

* CVE-2025-69277 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-69277 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has 3 bug fixes can now be installed.

Description:

This update for python-PyNaCl fixes the following issues:

Security fixes:

- CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to
crypto_core_ed25519_is_valid_point function (bsc#1255764).

Other fixes:

- update to 1.6.2 (bsc#1255764, CVE-2025-69277):
* Updated libsodium to 1.0.20-stable (2025-12-31 build)
- Update to 1.6.1
* The ``MAKE`` environment variable can now be used to specify
the ``make`` binary that should be used in the build process.
- update to 1.6.0:
* BACKWARDS INCOMPATIBLE: Removed support for Python 3.6 and
3.7.
* Added support for the low level AEAD AES bindings.
* Added support for crypto_core_ed25519_from_uniform.
* Update libsodium to 1.0.20-stable (2025-08-27 build).
* Added support for free-threaded Python 3.14.
* Added support for Windows on ARM wheels.
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- python-PyNaCl requires python-cffi [bsc#1161557]

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-658=1

Package List:

- openSUSE Leap 16.0:

python313-PyNaCl-1.6.2-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2025-69277.html



openSUSE-SU-2026:20644-1: important: Security update for python-jwcrypto


openSUSE security update: security update for python-jwcrypto
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20644-1
Rating: important
References:

* bsc#1261802

Cross-References:

* CVE-2026-39373

CVSS scores:

* CVE-2026-39373 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-39373 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for python-jwcrypto fixes the following issues:

- CVE-2026-39373: weak mitigation for JWT bomb attack in the `deserialize` function can lead to memory exhaustion via
crafted compressed JWE tokens (bsc#1261802).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-652=1

Package List:

- openSUSE Leap 16.0:

python313-jwcrypto-1.5.6-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-39373.html



SUSE-SU-2026:1662-1: important: Security update for glibc-livepatches


# Security update for glibc-livepatches

Announcement ID: SUSE-SU-2026:1662-1
Release Date: 2026-04-30T13:16:21Z
Rating: important
References:

* bsc#1261209
* bsc#1263035

Cross-References:

* CVE-2026-4046

CVSS scores:

* CVE-2026-4046 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-4046 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-4046 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for glibc-livepatches fixes the following issue:

Security fixes:

* CVE-2026-4046: assertion failure when converting inputs may be used to
remotely crash an application (bsc#1261209).

Other fixes:

* Fix problems with livepatches targeting libc-2.31.so instead of libc.so.6 in
15.4 (bsc#1263035).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-1662=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-1662=1

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-1662=1

* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-1662=1

## Package List:

* openSUSE Leap 15.4 (x86_64)
* glibc-livepatches-debugsource-0.4-150400.3.16.1
* glibc-livepatches-0.4-150400.3.16.1
* glibc-livepatches-debuginfo-0.4-150400.3.16.1
* SUSE Linux Enterprise Live Patching 15-SP4 (x86_64)
* glibc-livepatches-0.4-150400.3.16.1
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* glibc-livepatches-0.4-150400.3.16.1
* SUSE Linux Enterprise Live Patching 15-SP7 (x86_64)
* glibc-livepatches-debugsource-0.4-150400.3.16.1
* glibc-livepatches-0.4-150400.3.16.1
* glibc-livepatches-debuginfo-0.4-150400.3.16.1

## References:

* https://www.suse.com/security/cve/CVE-2026-4046.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261209
* https://bugzilla.suse.com/show_bug.cgi?id=1263035



openSUSE-SU-2026:10648-1: moderate: python315-3.15.0~a8-3.1 on GA media


# python315-3.15.0~a8-3.1 on GA media

Announcement ID: openSUSE-SU-2026:10648-1
Rating: moderate

Cross-References:

* CVE-2026-1502
* CVE-2026-4786
* CVE-2026-5713
* CVE-2026-6019
* CVE-2026-6100

CVSS scores:

* CVE-2026-1502 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-1502 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-4786 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
* CVE-2026-4786 ( SUSE ): 7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-5713 ( SUSE ): 6 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
* CVE-2026-5713 ( SUSE ): 5.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-6019 ( SUSE ): 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-6019 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-6100 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-6100 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 5 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the python315-3.15.0~a8-3.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python315 3.15.0~a8-3.1
* python315-curses 3.15.0~a8-3.1
* python315-dbm 3.15.0~a8-3.1
* python315-idle 3.15.0~a8-3.1
* python315-profiling 3.15.0~a8-3.1
* python315-tk 3.15.0~a8-3.1
* python315-x86-64-v3 3.15.0~a8-3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-1502.html
* https://www.suse.com/security/cve/CVE-2026-4786.html
* https://www.suse.com/security/cve/CVE-2026-5713.html
* https://www.suse.com/security/cve/CVE-2026-6019.html
* https://www.suse.com/security/cve/CVE-2026-6100.html



openSUSE-SU-2026:10639-1: moderate: java-25-openjdk-25.0.3.0-1.1 on GA media


# java-25-openjdk-25.0.3.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10639-1
Rating: moderate

Cross-References:

* CVE-2026-22007
* CVE-2026-22008
* CVE-2026-22013
* CVE-2026-22016
* CVE-2026-22018
* CVE-2026-22021
* CVE-2026-23865
* CVE-2026-34268
* CVE-2026-34282

CVSS scores:

* CVE-2026-22007 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-22007 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-22008 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-22008 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2026-22013 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-22013 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-22016 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-22016 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-22018 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-22018 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-22021 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-22021 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-23865 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2026-23865 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-34268 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-34268 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-34282 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-34282 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 9 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the java-25-openjdk-25.0.3.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* java-25-openjdk 25.0.3.0-1.1
* java-25-openjdk-demo 25.0.3.0-1.1
* java-25-openjdk-devel 25.0.3.0-1.1
* java-25-openjdk-headless 25.0.3.0-1.1
* java-25-openjdk-javadoc 25.0.3.0-1.1
* java-25-openjdk-jmods 25.0.3.0-1.1
* java-25-openjdk-src 25.0.3.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-22007.html
* https://www.suse.com/security/cve/CVE-2026-22008.html
* https://www.suse.com/security/cve/CVE-2026-22013.html
* https://www.suse.com/security/cve/CVE-2026-22016.html
* https://www.suse.com/security/cve/CVE-2026-22018.html
* https://www.suse.com/security/cve/CVE-2026-22021.html
* https://www.suse.com/security/cve/CVE-2026-23865.html
* https://www.suse.com/security/cve/CVE-2026-34268.html
* https://www.suse.com/security/cve/CVE-2026-34282.html



openSUSE-SU-2026:10646-1: moderate: python311-pyOpenSSL-26.1.0-1.1 on GA media


# python311-pyOpenSSL-26.1.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10646-1
Rating: moderate

Cross-References:

* CVE-2026-40475

CVSS scores:

* CVE-2026-40475 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-40475 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-pyOpenSSL-26.1.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-pyOpenSSL 26.1.0-1.1
* python313-pyOpenSSL 26.1.0-1.1
* python314-pyOpenSSL 26.1.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-40475.html



openSUSE-SU-2026:10642-1: moderate: libmozjs-140-0-140.10.0-1.1 on GA media


# libmozjs-140-0-140.10.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10642-1
Rating: moderate

Cross-References:

* CVE-2026-32776
* CVE-2026-32777
* CVE-2026-32778

CVSS scores:

* CVE-2026-32776 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-32776 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-32777 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-32777 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-32778 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-32778 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the libmozjs-140-0-140.10.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libmozjs-140-0 140.10.0-1.1
* mozjs140 140.10.0-1.1
* mozjs140-devel 140.10.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-32776.html
* https://www.suse.com/security/cve/CVE-2026-32777.html
* https://www.suse.com/security/cve/CVE-2026-32778.html



openSUSE-SU-2026:10644-1: moderate: prometheus-postgres_exporter-0.10.1-6.1 on GA media


# prometheus-postgres_exporter-0.10.1-6.1 on GA media

Announcement ID: openSUSE-SU-2026:10644-1
Rating: moderate

Cross-References:

* CVE-2022-21698

CVSS scores:

* CVE-2022-21698 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the prometheus-postgres_exporter-0.10.1-6.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* prometheus-postgres_exporter 0.10.1-6.1

## References:

* https://www.suse.com/security/cve/CVE-2022-21698.html



openSUSE-SU-2026:10640-1: moderate: libpng12-0-1.2.59-5.1 on GA media


# libpng12-0-1.2.59-5.1 on GA media

Announcement ID: openSUSE-SU-2026:10640-1
Rating: moderate

Cross-References:

* CVE-2026-33416
* CVE-2026-34757

CVSS scores:

* CVE-2026-33416 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-33416 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-34757 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2026-34757 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the libpng12-0-1.2.59-5.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libpng12-0 1.2.59-5.1
* libpng12-0-32bit 1.2.59-5.1
* libpng12-compat-devel 1.2.59-5.1
* libpng12-compat-devel-32bit 1.2.59-5.1
* libpng12-devel 1.2.59-5.1
* libpng12-devel-32bit 1.2.59-5.1

## References:

* https://www.suse.com/security/cve/CVE-2026-33416.html
* https://www.suse.com/security/cve/CVE-2026-34757.html



openSUSE-SU-2026:10641-1: moderate: libixml11-1.18.5-1.1 on GA media


# libixml11-1.18.5-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10641-1
Rating: moderate

Cross-References:

* CVE-2026-41682

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libixml11-1.18.5-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libixml11 1.18.5-1.1
* libupnp-devel 1.18.5-1.1
* libupnp20 1.18.5-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-41682.html


VIM, PackageKit, Xorg-X11-Server, and more updates for Rocky Linux

Python Marshmallow, Kmod, zuluCrypt updates for Ubuntu

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...