GraphicsMagick, Python, Mumble, Tempo, Composer updates for SUSE

SUSE 5595 Published by

Several security updates have been released for openSUSE Tumbleweed, Leap, and SUSE Linux Enterprise distributions to patch known vulnerabilities. GraphicsMagick receives an important update addressing buffer overflows while moderate fixes cover packages like Python libraries and the Mumble voice chat tool.

openSUSE-SU-2026:10393-1: moderate: python311-pyasn1-0.6.3-1.1 on GA media
openSUSE-SU-2026:10391-1: moderate: GraphicsMagick-1.3.46-3.1 on GA media
openSUSE-SU-2026:10388-1: moderate: mumble-1.5.857-2.1 on GA media
openSUSE-SU-2026:10390-1: moderate: tempo-cli-2.10.3-1.1 on GA media
SUSE-SU-2026:0935-1: low: Security update for php-composer2
SUSE-SU-2026:0938-1: important: Security update for GraphicsMagick




openSUSE-SU-2026:10393-1: moderate: python311-pyasn1-0.6.3-1.1 on GA media


# python311-pyasn1-0.6.3-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10393-1
Rating: moderate

Cross-References:

* CVE-2026-30922

CVSS scores:

* CVE-2026-30922 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-30922 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python311-pyasn1-0.6.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python311-pyasn1 0.6.3-1.1
* python313-pyasn1 0.6.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-30922.html



openSUSE-SU-2026:10391-1: moderate: GraphicsMagick-1.3.46-3.1 on GA media


# GraphicsMagick-1.3.46-3.1 on GA media

Announcement ID: openSUSE-SU-2026:10391-1
Rating: moderate

Cross-References:

* CVE-2026-30883

CVSS scores:

* CVE-2026-30883 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-30883 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the GraphicsMagick-1.3.46-3.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* GraphicsMagick 1.3.46-3.1
* GraphicsMagick-devel 1.3.46-3.1
* libGraphicsMagick++-Q16-12 1.3.46-3.1
* libGraphicsMagick++-devel 1.3.46-3.1
* libGraphicsMagick-Q16-3 1.3.46-3.1
* libGraphicsMagick3-config 1.3.46-3.1
* libGraphicsMagickWand-Q16-2 1.3.46-3.1
* perl-GraphicsMagick 1.3.46-3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-30883.html



openSUSE-SU-2026:10388-1: moderate: mumble-1.5.857-2.1 on GA media


# mumble-1.5.857-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10388-1
Rating: moderate

Cross-References:

* CVE-2025-71264

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the mumble-1.5.857-2.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* mumble 1.5.857-2.1
* mumble-server 1.5.857-2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-71264.html



openSUSE-SU-2026:10390-1: moderate: tempo-cli-2.10.3-1.1 on GA media


# tempo-cli-2.10.3-1.1 on GA media

Announcement ID: openSUSE-SU-2026:10390-1
Rating: moderate

Cross-References:

* CVE-2026-28377

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the tempo-cli-2.10.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* tempo-cli 2.10.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-28377.html



SUSE-SU-2026:0935-1: low: Security update for php-composer2


# Security update for php-composer2

Announcement ID: SUSE-SU-2026:0935-1
Release Date: 2026-03-20T07:46:36Z
Rating: low
References:

* bsc#1255768

Cross-References:

* CVE-2025-67746

CVSS scores:

* CVE-2025-67746 ( SUSE ): 2.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-67746 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2025-67746 ( NVD ): 1.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-67746 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.4

An update that solves one vulnerability can now be installed.

## Description:

This update for php-composer2 fixes the following issues:

CVE-2025-67746: Fixed ANSI control characters injection in the terminal output
of various Composer commands via attacker controlled remote sources.
(bsc#1255768)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-935=1

## Package List:

* openSUSE Leap 15.4 (noarch)
* php-composer2-2.2.3-150400.3.15.1

## References:

* https://www.suse.com/security/cve/CVE-2025-67746.html
* https://bugzilla.suse.com/show_bug.cgi?id=1255768



SUSE-SU-2026:0938-1: important: Security update for GraphicsMagick


# Security update for GraphicsMagick

Announcement ID: SUSE-SU-2026:0938-1
Release Date: 2026-03-20T13:41:16Z
Rating: important
References:

* bsc#1259455
* bsc#1259467

Cross-References:

* CVE-2026-28691
* CVE-2026-30883

CVSS scores:

* CVE-2026-28691 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-28691 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-28691 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-30883 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-30883 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-30883 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-30883 ( NVD ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves two vulnerabilities can now be installed.

## Description:

This update for GraphicsMagick fixes the following issues:

* CVE-2026-28691: missing check in the JBIG decoder can lead to an
uninitialized pointer dereference (bsc#1259455).
* CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a
heap buffer over-write (bsc#1259467).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-938=1 openSUSE-SLE-15.6-2026-938=1

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-938=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.15.1
* libGraphicsMagick-Q16-3-1.3.42-150600.3.15.1
* GraphicsMagick-1.3.42-150600.3.15.1
* GraphicsMagick-debugsource-1.3.42-150600.3.15.1
* GraphicsMagick-devel-1.3.42-150600.3.15.1
* perl-GraphicsMagick-debuginfo-1.3.42-150600.3.15.1
* libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.15.1
* libGraphicsMagickWand-Q16-2-1.3.42-150600.3.15.1
* perl-GraphicsMagick-1.3.42-150600.3.15.1
* libGraphicsMagick3-config-1.3.42-150600.3.15.1
* libGraphicsMagick++-Q16-12-1.3.42-150600.3.15.1
* GraphicsMagick-debuginfo-1.3.42-150600.3.15.1
* libGraphicsMagick++-devel-1.3.42-150600.3.15.1
* libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.15.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.15.1
* libGraphicsMagick-Q16-3-1.3.42-150600.3.15.1
* GraphicsMagick-1.3.42-150600.3.15.1
* GraphicsMagick-debugsource-1.3.42-150600.3.15.1
* GraphicsMagick-devel-1.3.42-150600.3.15.1
* perl-GraphicsMagick-debuginfo-1.3.42-150600.3.15.1
* libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.15.1
* libGraphicsMagickWand-Q16-2-1.3.42-150600.3.15.1
* perl-GraphicsMagick-1.3.42-150600.3.15.1
* libGraphicsMagick3-config-1.3.42-150600.3.15.1
* libGraphicsMagick++-Q16-12-1.3.42-150600.3.15.1
* GraphicsMagick-debuginfo-1.3.42-150600.3.15.1
* libGraphicsMagick++-devel-1.3.42-150600.3.15.1
* libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.15.1

## References:

* https://www.suse.com/security/cve/CVE-2026-28691.html
* https://www.suse.com/security/cve/CVE-2026-30883.html
* https://bugzilla.suse.com/show_bug.cgi?id=1259455
* https://bugzilla.suse.com/show_bug.cgi?id=1259467


OpenSSH, Uxplay, Wordpress, and more updates for Fedora

Linux Kernel updates for Ubuntu

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...